Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]


Plagegeister aller Art und deren Bekämpfung: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.04.2013, 16:44   #1
Ocrim001
 
W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Standard

W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]


Hallo liebes Trojaner-Board Team,
ich habe ein Problem. Vor ca 2 Stunden hat sich eine exe Namens "File Name.exe" gestartet und hat versucht Datein im System32 Ordner zubringen. Spybot hat zum glück reagiert und hat versucht dies zu blocken. Dort stand immer das sich die Datei "server.exe" versucht im Sytem32 Ordner zu verstecken. Dann auf einmal hat sich Spybot, wieso auch immer, beendet. Danach habe ich es schnell gestartet und ein Check gemacht und siehe da, er findet eine bedrohung im System32 Ordner Namens "server.exe" (ist auch im Autostart, argh!), ich habe versucht sie zu löschen aber SpyBot sagt mir immer das ich keine Adminrechte habe um die Datei zulöschen (obwohl ich es als Admin ausführe). Danach habe ich mit Avast Antiviren ein Scan gemacht, nach den Vollständigen Scan hat Avast folgendes gefunden:


Hier noch mal ein Screenshot von Spybot:


Nach einen Neustart sehe ich auch immer kurz diese "Server.exe", die Exe macht was aber nur ganz kurz (Sehe ganz kurz die CMD BOX, was da drinn steht kann ich nicht sagen).Ich kann leider nicht sagen wie es dazu gekommen ist, denn ich lasse ab und zu mein kleinen Bruder am Pc. Was er in der Zeit macht weiß ich nicht, aber er meinte er hätte nichts herruntergeladen... Ich hoffe ihr könnt mir helfen.
Vielen Dank!

OTL & defogger Log folgen in den nächsten Minuten! (Hab jetzt gerade neben bei die Tipps gelesen um einen Beitrag zuerstellen. Da bei den Scanns alle Programme geschlossen sein müssen, wollte ich noch eben den Text hier ab senden um ihn nicht neu zu schreiben.

MfG Mirco

Edit: Spybot konnte die Probleme nach den neuen Scan löschen, die Scans von OTL & Defogger schreibe ich gleich rein.

Defogger:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:48 on 05/04/2013 (Mirco)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
Code:
ATTFilter
defogger_enable by jpshortstuff (23.02.10.1)
Log created at 17:48 on 05/04/2013 (Mirco)

Parsing file...


-=E.O.F=-
Hier der OTL Scan:
Code:
ATTFilter
OTL logfile created on: 05.04.2013 17:50:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Mirco\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,98 Gb Total Physical Memory | 5,83 Gb Available Physical Memory | 73,09% Memory free
15,96 Gb Paging File | 13,55 Gb Available in Paging File | 84,86% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 697,57 Gb Free Space | 74,89% Space Free | Partition Type: NTFS
 
Computer Name: MIRCO-PC | User Name: Mirco | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.05 16:46:57 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Mirco\Downloads\OTL.exe
PRC - [2013.01.26 12:13:32 | 000,462,848 | ---- | M] () -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe
PRC - [2013.01.26 08:08:50 | 004,480,768 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Mirco\AppData\Local\Akamai\netsession_win.exe
PRC - [2013.01.23 02:43:48 | 000,534,824 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.01.22 22:37:26 | 000,389,928 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.01.22 22:32:22 | 000,444,712 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.24 19:17:10 | 001,199,576 | ---- | M] (Spotify Ltd) -- C:\Users\Mirco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe
PRC - [2012.10.31 00:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.10.31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.09.29 18:55:38 | 000,696,320 | ---- | M] (sDesign) -- C:\Users\Mirco\Desktop\Downloads\MySig.exe
PRC - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2010.11.20 14:17:55 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
PRC - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2010.03.05 10:15:04 | 000,411,864 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2010.02.03 16:17:18 | 005,756,544 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\EPU-4 Engine\FourEngine.exe
PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2007.07.06 08:14:02 | 005,730,304 | ---- | M] () -- C:\AppServ\MySQL\bin\mysqld-nt.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2009.09.30 05:33:08 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
MOD - [2009.07.31 21:39:08 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2009.03.19 22:35:52 | 000,208,896 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\AiNap.dll
MOD - [2009.03.19 22:35:50 | 000,008,704 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\vvc.dll
MOD - [2009.01.15 14:55:10 | 000,565,248 | ---- | M] () -- C:\Program Files (x86)\ASUS\EPU-4 Engine\pngio.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - File not found [Disabled | Unknown] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall)
SRV:64bit: - [2012.12.19 21:56:00 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.19 16:32:12 | 000,361,984 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Running] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV - [2013.03.26 07:54:28 | 000,543,656 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2013.03.13 15:32:11 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.03.08 17:10:38 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.01.26 12:13:32 | 000,462,848 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService)
SRV - [2013.01.23 02:43:48 | 000,534,824 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.01.22 22:37:26 | 000,389,928 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.01.22 22:32:22 | 000,444,712 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.01.20 08:18:38 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.01.08 13:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.14 14:42:34 | 005,663,232 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService)
SRV - [2012.10.31 00:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.09.28 10:25:54 | 000,625,304 | ---- | M] (Pandora.TV) [Disabled | Stopped] -- C:\Program Files (x86)\PANDORA.TV\PanService\PandoraService.exe -- (PanService)
SRV - [2012.09.26 17:59:56 | 005,686,272 | ---- | M] () [Disabled | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\Freemium.SelfUpdate.exe -- (FreemiumSelfUpdateService)
SRV - [2012.08.31 16:02:03 | 002,754,984 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2012.04.26 12:14:06 | 002,438,696 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2010.11.20 14:21:36 | 000,351,232 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- winhttp.dll -- (WinHttpAutoProxySvc)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.05 10:15:12 | 000,235,752 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.07.06 08:14:02 | 005,730,304 | ---- | M] () [Auto | Running] -- C:\AppServ\MySQL\bin\mysqld-nt.exe -- (mysql)
SRV - [2007.01.09 18:17:24 | 000,020,539 | ---- | M] (Apache Software Foundation) [Auto | Stopped] -- C:\AppServ\Apache2.2\bin\httpd.exe -- (Apache2.2)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 08:07:06 | 000,042,696 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.01.10 21:44:02 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2012.12.19 22:48:48 | 011,278,336 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.12.19 21:32:54 | 000,552,960 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.11.12 01:40:38 | 000,131,072 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SteelBus64.sys -- (busenum)
DRV:64bit: - [2012.11.06 13:11:52 | 000,096,256 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.10.31 00:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.10.31 00:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.10.31 00:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.10.31 00:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.10.31 00:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd)
DRV:64bit: - [2012.10.31 00:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.10.15 22:00:50 | 000,038,016 | ---- | M] (SteelSeries Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SAlpham64.sys -- (SAlphamHid)
DRV:64bit: - [2012.10.15 18:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.09.28 11:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.15 21:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.06.10 07:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.04.11 21:01:00 | 000,341,832 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSRamd64.sys -- (LADF_RenderOnly)
DRV:64bit: - [2011.04.11 21:00:18 | 000,410,184 | ---- | M] (Logitech) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ladfGSCamd64.sys -- (LADF_CaptureOnly)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.24 10:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011.02.24 10:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone)
DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.10.01 21:41:00 | 001,349,232 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2010.05.20 09:30:58 | 000,016,440 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\AtiPcie.sys -- (AtiPcie)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.11.24 02:38:00 | 000,016,008 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGVirHid.sys -- (LGVirHid)
DRV:64bit: - [2009.11.24 02:37:50 | 000,022,408 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LGBusEnum.sys -- (LGBusEnum)
DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21)
DRV:64bit: - [2009.07.17 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | ---- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2013.03.28 12:24:30 | 000,081,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\AeriaGames\ScarletBlade\avital\scarlb64.sys -- (slb)
DRV - [2012.04.09 10:13:58 | 000,057,472 | ---- | M] (Advanced Micro Devices) [Kernel | Auto | Running] -- C:\Programme\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys -- (AODDriver4.2)
DRV - [2010.02.04 11:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&q={searchTerms}&s_it=winamp-ie&s_qt=sb&tb_uuid=20120929172650354&tb_oid=29-09-2012&tb_mrud=27-11-2012

 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\..\URLSearchHook: {57BCA5FA-5DBB-45a2-B558-1755C3F6253B} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=161b819f000000000000c860005642db
IE - HKCU\..\SearchScopes\{6BA7EB7B-56ED-4a81-829E-3F099623F842}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=5369970905&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{EEE7E0A3-AE64-4dc8-84D1-F5D7BAF2DB0C}: "URL" = hxxp://slirsredirect.search.aol.com/redirector/sredir?sredir=2685&q={searchTerms}&s_it=winamp-ie&s_qt=sb&tb_uuid=20120929172650354&tb_oid=29-09-2012&tb_mrud=27-11-2012

IE - HKCU\..\SearchScopes\{F23C6694-51AB-4458-BF86-7B9F6D16B8BB}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=EGMB
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Claro Search"
FF - prefs.js..browser.search.useDBForOrder: "false"
FF - prefs.js..browser.startup.homepage: "hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=161b819f000000000000c860005642db"
FF - prefs.js..extensions.enabledAddons: wrc%40avast.com:7.0.1474
FF - prefs.js..extensions.enabledAddons: youtubeunblocker%40unblocker.yt:0.3.2
FF - prefs.js..extensions.enabledAddons: exif_viewer%40mozilla.doslash.org:2.00
FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.8
FF - prefs.js..extensions.enabledAddons: afurladvisor%40anchorfree.com:1.0
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9
FF - prefs.js..extensions.enabledAddons: %7B0b38152b-1b20-484d-a11f-5e04a9b0661f%7D:5.6.20.9397
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2852: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1662: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.46: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.17 18:08:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:10:38 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:10:36 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 17:10:38 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.08 17:10:36 | 000,000,000 | ---D | M]
 
[2013.02.04 19:22:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Extensions
[2013.04.02 19:59:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\owhfudzd.default\extensions
[2013.04.02 19:59:57 | 000,000,000 | ---D | M] ("Winamp Toolbar") -- C:\Users\Mirco\AppData\Roaming\mozilla\Firefox\Profiles\owhfudzd.default\extensions\{0b38152b-1b20-484d-a11f-5e04a9b0661f}
[2013.02.18 18:47:51 | 000,230,013 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\exif_viewer@mozilla.doslash.org.xpi
[2013.01.26 13:06:07 | 000,010,611 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\youtubeunblocker@unblocker.yt.xpi
[2013.03.29 20:57:56 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 20:00:01 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2013.02.14 19:42:35 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.02.28 18:56:39 | 000,269,007 | ---- | M] () (No name found) -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi
[2013.04.02 20:00:02 | 000,002,533 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\searchplugins\aol-search.xml
[2012.11.22 18:40:34 | 000,002,536 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\mozilla\firefox\profiles\owhfudzd.default\searchplugins\mngr.xml
[2013.03.08 17:10:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.08 17:10:36 | 000,000,000 | ---D | M] (Hotspot Shield Helper (Please allow this installation)) -- C:\Program Files (x86)\mozilla firefox\extensions\afurladvisor@anchorfree.com
[2012.11.17 18:08:16 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2013.03.08 17:10:38 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.22 18:51:47 | 000,006,520 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Claro Search (Enabled)
CHR - default_search_provider: search_url = hxxp://www.claro-search.com/?q={searchTerms}&affID=117423&tt=4712_2&babsrc=SP_ss&mntrId=161b819f000000000000c860005642db
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}
CHR - homepage: hxxp://www.claro-search.com/?affID=117423&tt=4712_2&babsrc=HP_ss&mntrId=161b819f000000000000c860005642db
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.97\pdf.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll
CHR - Extension: General Downloader plugin = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcbebbklfkjeocpmoamnopdllfekind\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: General Crawler = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcidejejpblipcjpnkfkddlkmgndblch\2.5_0\
CHR - Extension: General Downloader plugin = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkcbebbklfkjeocpmoamnopdllfekind\1.0.1_0\
CHR - Extension: avast! WebRep = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: SweetIM for Facebook = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.2.0.0_0\
CHR - Extension: DVDVideoSoft Browser Extension = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.0_0\
CHR - Extension: General Crawler = C:\Users\Mirco\AppData\Local\Google\Chrome\User Data\Default\Extensions\pcidejejpblipcjpnkfkddlkmgndblch\2.5_0\
 
O1 HOSTS File: ([2013.04.05 16:53:25 | 000,444,833 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15276 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Programme\AMD\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (SteadyVideoBHO Class) - {6C680BAE-655C-4E3D-8FC4-E6A520C3D928} - C:\Program Files (x86)\amd\SteadyVideo\SteadyVideo.dll (Advanced Micro Devices)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Help the General-Search Project) - {CA4520F3-AE13-4FB1-A513-58E23991C86D} - C:\Users\Mirco\AppData\Roaming\GENERA~1\EXTENS~1\GenCrawl.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Hotspot Shield Class) - {F9E4A054-E9B1-4BC3-83A3-76A1AE736170} - C:\Program Files (x86)\Hotspot Shield\HssIE\HssIE.dll (AnchorFree Inc.)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Winamp Toolbar) - {EBF2BA02-9094-4C5A-858B-BB198F3D8DE2} - C:\Program Files (x86)\Winamp Toolbar\winamptb.dll (AOL Inc.)
O4:64bit: - HKLM..\Run: [Launch LCore] C:\Program Files\Logitech Gaming Software\LCore.exe (Logitech Inc.)
O4:64bit: - HKLM..\Run: [XboxStat] C:\Program Files\Microsoft Xbox 360 Accessories\XboxStat.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Aeria Ignite] C:\Program Files (x86)\Aeria Games\Ignite\aeriaignite.exe (Aeria Games & Entertainment)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Mirco\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.)
O4 - HKCU..\Run: [F.lux] C:\Users\Mirco\Local Settings\Apps\F.lux\flux.exe ()
O4 - HKCU..\Run: [LSI] C:\Riot Games\League of Legends\LSI v1.14.exe ()
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Mirco\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe (Spotify Ltd)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKCU..\Run: [SteelSeries Engine] C:\Programme\SteelSeries\SteelSeries Engine\SteelSeriesEngine.exe (SteelSeries ApS)
O4 - Startup: C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk = C:\Users\Mirco\Desktop\Downloads\MySig.exe (sDesign)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Mirco\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: aeriagames.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aeriagames.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: clonewarsadventures.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: freerealms.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: soe.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sony.com ([]* in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7D02531C-471C-440C-817F-AADEA18FAEE9}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ADB08519-6BF6-4B98-B84A-9E82CECFAD2E}: DhcpNameServer = 8.8.8.8
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18:64bit: - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Programme\AMD\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\video/mp4 {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O18 - Protocol\Filter\video/x-flv {20C75730-7C25-476B-95DC-C65810F9E489} - C:\Program Files (x86)\amd\SteadyVideo\VideoMIMEFilter.dll (Advanced Micro Devices)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\25911~1.18\{c16c1~1\mngr.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O27:64bit: - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysNative\cmd.exe (Microsoft Corporation)
O27 - HKLM IFEO\utilman.exe: Debugger - C:\Windows\SysWOW64\cmd.exe (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{4b342dfa-80db-11e2-a0d8-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{4b342dfa-80db-11e2-a0d8-c860005642db}\Shell\AutoRun\command - "" = E:\autorun.exe
O33 - MountPoints2\{a75abb17-72aa-11e2-af46-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{a75abb17-72aa-11e2-af46-c860005642db}\Shell\AutoRun\command - "" = E:\Installer.exe
O33 - MountPoints2\{ccc9ccd5-8322-11e2-b1c5-c860005642db}\Shell - "" = AutoRun
O33 - MountPoints2\{ccc9ccd5-8322-11e2-b1c5-c860005642db}\Shell\AutoRun\command - "" = E:\autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.05 17:10:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.05 15:12:18 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Aspire_Softs
[2013.03.28 12:39:29 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Scarlet Blade
[2013.03.28 12:18:45 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Aeria Games
[2013.03.28 12:18:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Aeria Games
[2013.03.28 12:17:55 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.28 12:13:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AeriaGames
[2013.03.28 12:13:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Aeria Games
[2013.03.28 12:13:32 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Aeria Games & Entertainment
[2013.03.28 12:01:04 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Local\Akamai
[2013.03.28 12:01:02 | 000,000,000 | ---D | C] -- C:\AeriaGames
[2013.03.15 23:41:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
[2013.03.15 23:40:12 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2013.03.15 23:40:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight
[2013.03.13 18:05:48 | 000,000,000 | ---D | C] -- C:\Users\Mirco\AppData\Roaming\Gyazo
[2013.03.13 18:05:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gyazo
[2013.03.13 18:05:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Gyazo
[2013.03.08 17:10:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 21:26:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.05 17:41:35 | 000,206,937 | ---- | M] () -- C:\Users\Mirco\Desktop\3.jpg
[2013.04.05 17:40:47 | 000,050,477 | ---- | M] () -- C:\Users\Mirco\Desktop\Defogger.exe
[2013.04.05 17:32:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.05 17:31:40 | 000,544,533 | ---- | M] () -- C:\Users\Mirco\Desktop\Trojaner Board.jpg
[2013.04.05 17:23:39 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:23:39 | 000,014,608 | ---- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.05 17:22:23 | 001,525,878 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.05 17:22:23 | 000,668,302 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.05 17:22:23 | 000,619,894 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.05 17:22:23 | 000,134,150 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.05 17:22:23 | 000,110,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.05 17:17:04 | 000,000,770 | ---- | M] () -- C:\Users\Mirco\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\MySig.lnk
[2013.04.05 17:16:12 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.05 17:16:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.05 17:15:59 | 2133,417,983 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.05 16:53:25 | 000,444,833 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.05 16:53:04 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.05 15:31:16 | 000,003,082 | -H-- | M] () -- C:\Users\Mirco\AppData\Roaming\Mircolog.dat
[2013.03.31 15:50:04 | 000,359,208 | ---- | M] () -- C:\Users\Mirco\Desktop\taric op^^.jpg
[2013.03.28 12:17:56 | 000,001,707 | ---- | M] () -- C:\Users\Mirco\Desktop\Scarlet Blade.lnk
[2013.03.28 12:13:35 | 000,002,028 | ---- | M] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
 
========== Files Created - No Company Name ==========
 
[2013.04.05 17:41:35 | 000,206,937 | ---- | C] () -- C:\Users\Mirco\Desktop\3.jpg
[2013.04.05 17:40:42 | 000,050,477 | ---- | C] () -- C:\Users\Mirco\Desktop\Defogger.exe
[2013.04.05 17:31:39 | 000,544,533 | ---- | C] () -- C:\Users\Mirco\Desktop\Trojaner Board.jpg
[2013.03.31 15:50:04 | 000,359,208 | ---- | C] () -- C:\Users\Mirco\Desktop\taric op^^.jpg
[2013.03.28 12:17:56 | 000,001,707 | ---- | C] () -- C:\Users\Mirco\Desktop\Scarlet Blade.lnk
[2013.03.28 12:13:35 | 000,002,028 | ---- | C] () -- C:\Users\Public\Desktop\Aeria Ignite.lnk
[2013.02.27 20:46:47 | 000,021,840 | ---- | C] () -- C:\Windows\SysWow64\SIntfNT.dll
[2013.02.27 20:46:47 | 000,017,212 | ---- | C] () -- C:\Windows\SysWow64\SIntf32.dll
[2013.02.27 20:46:47 | 000,012,067 | ---- | C] () -- C:\Windows\SysWow64\SIntf16.dll
[2013.02.27 20:39:48 | 000,000,224 | ---- | C] () -- C:\Windows\SIERRA.INI
[2013.01.17 17:31:43 | 000,000,600 | ---- | C] () -- C:\Users\Mirco\AppData\Roaming\winscp.rnd
[2013.01.04 15:37:11 | 000,004,506 | ---- | C] () -- C:\Users\Mirco\AppData\Local\recently-used.xbel
[2012.11.22 19:53:36 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll
[2012.11.22 19:43:34 | 000,164,352 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2012.11.22 19:43:32 | 003,596,288 | ---- | C] () -- C:\Windows\SysWow64\qt-dx331.dll
[2012.11.22 19:43:31 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.11.22 19:17:42 | 000,758,018 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2012.11.22 19:17:42 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2012.11.22 18:53:53 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll
[2012.10.21 11:07:20 | 000,007,606 | ---- | C] () -- C:\Users\Mirco\AppData\Local\resmon.resmoncfg
[2012.09.28 20:29:48 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.09.28 20:09:52 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2012.09.28 20:09:52 | 000,013,440 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2012.09.28 20:09:47 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2012.09.28 20:09:47 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2012.09.28 20:06:11 | 000,042,380 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2012.09.28 20:05:30 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2012.09.28 20:05:24 | 000,033,165 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2012.07.28 03:39:50 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.07.28 03:39:50 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2006.03.26 07:20:33 | 000,003,082 | -H-- | C] () -- C:\Users\Mirco\AppData\Roaming\Mircolog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 127 bytes -> C:\ProgramData\TEMP:60466E88

< End of report >
Geändert von Ocrim001 (05.04.2013 um 16:57 Uhr)

 

Themen zu W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]
autostart, avast, bruder, check, cmd, cyberghost, datei, exe, file, folge, hotspot, launch, league of legends, log, löschen, neustart, ordner, plug-in, programme, safer networking, scan, screenshot, senden, server.exe, spotify web helper, spybot, system, system32, tipps, trojaner-board, virus, virus?, windows


« TR/Agent.464.4 auf meinem Rechner, inzwischen in Quarantäne | Ihre IP-Adresse *** wurde gesperrt, da sie auf der schwarzen Liste steht. Details finden Sie unter http://search.atlbl.com/ »


Ähnliche Themen: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]


  1. Kasperski meldet c:\windows\system32\fsvk.exe.exe, Wartungscenter Befall Win32/Small.CA Virus
    Log-Analyse und Auswertung - 04.11.2013 (7)
  2. C:\Windows\System32\lsass.exe (file missing)
    Log-Analyse und Auswertung - 29.10.2012 (3)
  3. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  4. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  5. failed to safe all the components for the file \\system32\985479 (rootkit virus)
    Plagegeister aller Art und deren Bekämpfung - 12.03.2012 (11)
  6. Windows 7 Failed to save all the components for the file \\System32\\
    Plagegeister aller Art und deren Bekämpfung - 10.03.2012 (5)
  7. Failed to save all the compenents for the file system32-Virus hat mich erwischt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2012 (12)
  8. C:\dir\install\install\Windows Update.exe
    Log-Analyse und Auswertung - 23.11.2011 (36)
  9. Windows xp freeze direkt nach install von anti virus
    Alles rund um Windows - 08.09.2011 (4)
  10. Trojaner C:\windows\system32\install\server.exe
    Plagegeister aller Art und deren Bekämpfung - 28.05.2011 (1)
  11. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Plagegeister aller Art und deren Bekämpfung - 05.04.2011 (7)
  12. Virus WIN32.Rbot.fm + Trojaner in C:Windows/System32.....dll
    Mülltonne - 04.04.2011 (1)
  13. virus? C:\WINXP\system32\install\drive.exe
    Log-Analyse und Auswertung - 21.02.2011 (32)
  14. O10 - Unknown file in Winsock LSP: c:\windows\system32\xdogcat.dll VIRUS?
    Log-Analyse und Auswertung - 25.07.2010 (1)
  15. O10 - Unknown file in Winsock LSP: c:\windows\system32\policylsp.dll
    Log-Analyse und Auswertung - 24.11.2009 (4)
  16. ist es möglich über ein 2.install.windows die daten der 1. windows install.zu retten?
    Alles rund um Windows - 11.11.2007 (5)
  17. Hilfe c:\windows\system32\directx.exe (file missing)
    Plagegeister aller Art und deren Bekämpfung - 26.04.2007 (13)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] - Hallo liebes Trojaner-Board Team, ich habe ein Problem. Vor ca 2 Stunden hat sich eine exe Namens "File Name.exe" gestartet und hat versucht Datein im System32 Ordner zubringen. Spybot hat - W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?]...
Archiv
Du betrachtest: W3i.IQ5.fraud + Win32.Spynet.a in c:\windows\system32\install\sever.exe [Sever.exe + File Name.exe - Virus?] auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131