![]() |
|
Plagegeister aller Art und deren Bekämpfung: Virus nach Facebook-"Video"?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
![]() | #1 |
![]() ![]() | ![]() Virus nach Facebook-"Video"? Hallo, ich habe vor einigen Tagen dummerweise auf ein vermeintliches Video bei Facebook geklickt, woraufhin sich ein neuer Tab öffnete wo ich eine Datei hätte herunterladen sollen um das Video zu sehen. Ich habe den Tab dann direkt geschlossen und das Thema erstmal abgehakt. einige Tage später bekam ich eine Nachricht, dass ich 2 Pornovideos "geliked" hätte, was ich definitiv nicht getan habe. Ich konnte aber weder bei mir noch bei der Person die mir das mitgeteilt hat nochmal etwas dazu finden... Auf der Suche nach Hinweisen zu dem Thema habe ich eine Seite gefunden auf der steht, dass es sich um einen "Selbst-replizierenden Wurm" handelt. Da ich selber nicht allzuviel Ahnung von dem Thema habe, bin ich mir unsicher ob mein PC nun mit irgendetwas infiziert ist oder nicht. Ich hoffe hier kann mir jemand helfen. Avira Antivir findet nichts, Malewarebytes Anti-Maleware hat auch nichts beim kompletten Scan gefunden. Ad-Aware (habe ich nur für einen weiteren Scan installiert und außer bei dem Scan immer deaktiviert) hat bei einem Quick-Scan eine Sache gefunden, die ich dummerweise schon gelöscht habe und ich weiß nicht ob bzw. wo ich die log-files finden kann. Spybot hat jede Menge Funde gehabt, alle zwischen Klasse 1 und 5... Bei dem Scan mit GMER kamen folgende Fehlermeldungen: 1. C:\Windows\system32\config\system: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird 2. C:\Users\***\ntuser.dat: Der Prozess kann nicht auf die Datei zugreifen, da sie von einem anderen Prozess verwendet wird Hier die log-files von OTL, Extras, gmer und Spybot: Extras: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 23.04.2013 13:58:48 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,90 Gb Available Physical Memory | 74,03% Memory free 15,92 Gb Paging File | 13,63 Gb Available in Paging File | 85,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 39,87 Gb Free Space | 49,86% Space Free | Partition Type: NTFS Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation) InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files (x86)\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files (x86)\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files (x86)\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data] "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "EnableFirewall" = 1 "DisableNotifications" = 0 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe:*:Enabled:Spybot-S&D 2 Tray Icon -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe:*:Enabled:Spybot-S&D 2 Scanner Service -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe:*:Enabled:Spybot-S&D 2 Updater -- (Safer-Networking Ltd.) "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe" = C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe:*:Enabled:Spybot-S&D 2 Background update service -- (Safer-Networking Ltd.) ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{053D1ECA-16C4-4D85-9702-7E4C2E6AC167}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{1B2A680B-C5EC-43CC-85DC-6FF23595E105}" = lport=445 | protocol=6 | dir=in | app=system | "{1D7AAE3B-3298-49BF-8092-175010B8203F}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{25F6075E-6CF0-4348-9FFF-9E79FB183FB5}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{331E3BAB-03F7-4AB6-8979-A2EC5B4B70F8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{34E85162-7E62-4291-B6FA-90B40120E1F6}" = rport=139 | protocol=6 | dir=out | app=system | "{4A724997-D429-4FF2-8150-D1AA2E6C7967}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{5174C8AB-CCFC-45F6-8F0C-E2DDE2EE7562}" = lport=137 | protocol=17 | dir=in | app=system | "{606BA6DA-71B4-49F6-837E-B060D92D4218}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{60D7EF28-E601-415D-A340-F710C71D8A2B}" = rport=445 | protocol=6 | dir=out | app=system | "{73CC2E96-B689-4BDC-A352-341AA2B4417C}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{790F1CD0-46A2-439E-87BD-D249A60C3F5B}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{79F8A380-5C69-49A5-A512-7D127FEE5093}" = rport=10243 | protocol=6 | dir=out | app=system | "{7C2BA455-F8D0-42B1-859B-530AEECA65AD}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{99137CD1-AAF8-403F-A9F5-21DE2B1EB3F3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{A526CDA5-9975-4F2A-8141-E36A101C8369}" = lport=2869 | protocol=6 | dir=in | app=system | "{A881DEC4-BF96-4AB5-ADCB-1C557FEEF0B7}" = lport=138 | protocol=17 | dir=in | app=system | "{A8E8E366-058C-42F3-8664-561201440831}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{AFDB7142-FE27-4E3D-A6DE-EA3B9857F616}" = rport=138 | protocol=17 | dir=out | app=system | "{B10DC8E5-1E19-4AA9-95FB-F6DC31BC0063}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{CC8B3877-DE17-4030-B75E-4D4F7BA27DBD}" = lport=10243 | protocol=6 | dir=in | app=system | "{CD270723-4037-44D0-BCD6-9E13635DFD95}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe | "{F254A677-B6C4-493D-BE02-76ECC55791C8}" = rport=137 | protocol=17 | dir=out | app=system | "{F98495EA-978B-414C-8F39-B39D6AEB1E07}" = lport=139 | protocol=6 | dir=in | app=system | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{03543A78-1844-4DB2-884E-E61B63628747}" = protocol=6 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | "{042ED58F-8A80-4EFA-897A-765EF33B192A}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{05AED89E-ED3B-473A-83C4-2211FBA44AEB}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{0AA1CA60-9CC2-41E7-8015-3B429133BDE5}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | "{111CE07C-7E3B-43AC-9229-68B478A481E6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{13763ACD-07AB-47DB-AF24-79D7BF32280A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{14450B91-2C51-406C-8141-E1C210DE7554}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{1E3F1706-6F9F-4731-8A84-0D7BEF0333B3}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | "{2672A338-5ACF-4DC7-B46C-270CE3AB8193}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{2905AFAA-A4C6-4F91-A5AC-55841AE293AE}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstrb.exe | "{4007DF4D-F0FE-4952-BE38-34D3C8477368}" = protocol=6 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | "{468D3BB1-EDE5-4E86-A934-2A617EA82D80}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{4F87F356-EC0B-433A-884C-6D8AF3A33A6F}" = protocol=17 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{58B56E31-97A9-47E1-B592-37C8FC732AF2}" = protocol=17 | dir=in | app=d:\steam\steam.exe | "{61DA499B-918F-4AF7-B4AE-B9DE32904BB4}" = protocol=17 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | "{6A187ED3-A888-439B-B44A-9E4E76A1AF30}" = protocol=17 | dir=in | app=d:\games\alpha protocol\binaries\apgame.exe | "{6E0A4E84-59EC-40E4-92F7-E493795BFF6D}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe | "{6E122F83-70B3-4223-949C-0D69B6775166}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{720569FF-D6F1-48FD-9F7F-D3B3B3A6E829}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_launcher.exe | "{72F56326-E1FE-4A1A-9F22-B9BAD18DF314}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{7FC0FDCC-3540-4F3B-A328-6E19E40E775F}" = protocol=6 | dir=in | app=c:\windows\syswow64\pnkbstra.exe | "{88567FB6-CDCA-4D8E-B86A-D5B304552723}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6sp.exe | "{8A04F809-2DE6-4AF7-B578-E5D55C5AC2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{996491A3-ABD4-4708-A5B5-394113955E2A}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | "{A27A58D8-CEAE-4DC4-BB2D-E8293559D25E}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{A4699B08-3471-45A7-88BC-590D6DD82F60}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{A57D9C23-0DA1-48FA-90A8-19864BAC64C7}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{ADA65890-5F0E-4042-BFFE-5F9B1A6A8878}" = protocol=6 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{AE7F76DA-369E-4769-851D-EC65DCEFE41D}" = protocol=6 | dir=in | app=d:\steam\steam.exe | "{AF2D453E-4190-4940-BB76-60013BF52C01}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe | "{B5051A1B-C957-4856-A820-CB1D110EDCF3}" = protocol=6 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx9.exe | "{B67D4C3B-F8E4-4B17-94F7-B1BC5637E8E3}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{B67FFFE8-EA25-413A-BE2D-F31B7DA9760A}" = protocol=6 | dir=in | app=d:\games\street fighter iv\ssfiv.exe | "{BB8ADD7A-1DEE-49B7-899B-F255E921561C}" = protocol=17 | dir=in | app=d:\games\assassin's creed\assassinscreed_dx10.exe | "{BBAC2AFB-70A1-4E5F-9717-A5D015D31535}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{C1D7B709-7660-48AE-8319-38889D9FB003}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | "{C6096757-F656-4E16-A079-7D34A1F6074E}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{D04F6D4A-B679-4F86-9CAA-FC57B2574E12}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{D7C3465F-A32D-4729-8ED4-ABA7BD3F5507}" = protocol=17 | dir=in | app=c:\program files (x86)\adawaretb\dtuser.exe | "{DA2594F0-B444-4749-B476-175EB4BD38D2}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{DC4E6DA9-BCA4-4060-AF42-8AE3A00BA27F}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\icqm\icq.exe | "{DC686CAE-FE56-44C5-8262-36F60E761493}" = protocol=6 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6zm.exe | "{E59AA3BF-5656-4905-9224-35C975175372}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | "{E78923F0-03F5-49B7-A92E-FA4A02798388}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{EFD2E393-8ADC-4C1C-945A-36DFF02079A3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{F49E385A-195F-4ABC-90FB-6394EAAAE309}" = protocol=17 | dir=in | app=d:\games\cod4 mw\iw3mp.exe | "{F70042D6-99C3-49CD-80CE-0C12531B100C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{FB547F36-260D-4F78-8C65-E56257CB545F}" = protocol=6 | dir=out | app=system | "{FE40AFE4-BEAD-4E73-BADB-7B64A44AE3E8}" = protocol=17 | dir=in | app=d:\steam\steamapps\common\call of duty black ops ii\t6mp.exe | "{FF333F3C-BEC7-4B50-A613-FA0A44CCA871}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "TCP Query User{6AE52F37-B7A9-494A-BA51-EF413B05870C}C:\program files (x86)\winamp\winamp.exe" = protocol=6 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | "UDP Query User{7A8A84B8-B9A8-4727-AC4A-939DE9AE84B7}C:\program files (x86)\winamp\winamp.exe" = protocol=17 | dir=in | app=c:\program files (x86)\winamp\winamp.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== 64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64) "{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2414" = CanoScan LiDE 110 Scanner Driver "{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition) "{4975DE61-6BF6-B9BC-1FDE-C04C5EC78E4C}" = AMD Media Foundation Decoders "{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime "{529125EF-E3AC-4B74-97E6-F688A7C0F1C0}" = Paint.NET v3.5.10 "{5E03A267-415E-5383-FA8F-3CE4145663B9}" = AMD Catalyst Install Manager "{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 "{6199B534-A1B6-46ED-873B-97B0ECF8F81E}" = Intel® Trusted Connect Service Client "{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2 "{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 "{89EE4A30-080F-2C95-6F78-C98D18FBD74D}" = AMD Accelerated Video Transcoding "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010 "{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010 "{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting "{9B48B0AC-C813-4174-9042-476A887592C7}" = Windows Live ID Sign-in Assistant "{9CF11D16-ECEB-90A5-A028-CA9E068D848B}" = ccc-utility64 "{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64) "{BB8B580B-8119-0235-C923-5F1EECE66561}" = AMD Drag and Drop Transcoding "{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 "{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2 "Redirection Port Monitor" = RedMon - Redirection Port Monitor "TeamSpeak 3 Client" = TeamSpeak 3 Client "Unlocker" = Unlocker 1.9.1-x64 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{017F8447-2A1D-0DDB-B5D7-CA2BFACE2886}" = CCC Help French "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{054E9A1C-3EA2-C657-E787-FD8DCF5C3D3B}" = CCC Help Czech "{1DE2BD51-0300-772D-5E18-F337D95D5687}" = CCC Help German "{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform "{224E8FEB-5C1F-077F-6FC5-602AC1AE644D}" = CCC Help Danish "{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 21 "{275E9C49-C72F-D754-DEB7-77F10A9C00D8}" = CCC Help Japanese "{30049739-BE95-6591-B504-E6D7057D49CC}" = CCC Help Spanish "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{31671B31-682F-499E-00B9-7AD7D33C9E4F}" = Need For Speed Hot Pursuit 2 "{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.1102.1 "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3F1EB155-F96E-EB7B-2EF2-7375490E0FA9}" = CCC Help English "{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "{43430FA0-4A2E-404A-B715-951000048101}" = SUPER STREET FIGHTER IV: ARCADE EDITION "{43430FA0-4A2E-404A-B715-951000058101}" = SUPER STREET FIGHTER IV: ARCADE EDITION "{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1 "{4999B2F1-3E74-409A-B8B5-E94448AA9EA6}" = SPEEDLINK Strike 2 Gamepad "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{4B023D7B-9E67-795D-FB31-B5E1F6DCA451}" = CCC Help Italian "{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.3 "{55F6C486-8C75-2A72-DAFE-CE78A624C9F7}" = CCC Help Russian "{5AF23993-7152-1620-E43F-1B4542FB4F84}" = CCC Help Thai "{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM "{63326924-3CAF-C858-3A8F-8598C87019D7}" = Catalyst Control Center "{63822E89-11AA-F8EC-D433-F72A85799EC0}" = CCC Help Greek "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{66361420-4905-AEB8-17AE-172FDD164A7E}" = CCC Help Polish "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable "{769F2A4B-84A3-9486-ADD2-9E5AB4B4E1E3}" = Catalyst Control Center InstallProxy "{832D9DE0-8AFC-4689-9819-4DBBDEBD3E4F}" = Microsoft Games for Windows - LIVE Redistributable "{8773DD1C-5FB2-95B5-5A93-0EFEAC900A4D}" = CCC Help Norwegian "{8CCBB0BF-9CC1-1A65-BB93-56012A460EE6}" = CCC Help Portuguese "{8CFA9151-6404-409A-AF22-4632D04582FD}" = Assassin's Creed "{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010 "{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010 "{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010 "{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010 "{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010 "{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010 "{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010 "{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195 "{A0A3CE05-96CB-52E9-434E-074F3BB7807E}" = CCC Help Turkish "{A9C64319-932F-D02B-B14C-FFFC3EC49E77}" = CCC Help Chinese Standard "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch "{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS "{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1" = Spybot - Search & Destroy "{C09DB932-7619-7B56-30E3-C0454811D6D7}" = CCC Help Korean "{C22A4697-BD77-ACB1-744F-1FD0A0BFF798}" = CCC Help Swedish "{C5C1C0F0-D62F-4DBF-81D4-D7EF397C228B}" = NVIDIA PhysX "{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1 "{CA00F224-335F-6A70-DC7A-45D26F61C443}" = HydraVision "{D37FE0E3-B1A9-4E41-AB5D-DA62E04D2C42}" = Alpha Protocol "{D4B457B2-260F-C561-CA87-703BD3B724CA}" = Catalyst Control Center Graphics Previews Common "{D6CDB506-297D-AE70-0EF6-DE5185F961BE}" = CCC Help Chinese Traditional "{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}" = Etron USB3.0 Host Controller "{E2B086BD-75A9-45D1-A675-151624B259A1}" = Splashtop Connect for IE "{E2F0AF23-FE2F-4222-9A43-55E63CC41EF1}" = Catalyst Control Center - Branding "{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "{ECFD508E-68A2-91B2-46DD-1D03D783D94B}" = Catalyst Control Center Localization All "{EDE361D5-35A5-DA7D-3462-C3DABD24029B}" = CCC Help Hungarian "{EF25F71D-F3E8-42A3-8B5A-DBF83C4B942F}" = Splashtop Connect for Firefox "{F075020E-43B2-4F2C-9723-C81CE162E7B6}" = Ad-Aware Antivirus "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F1E7DD6A-AE2D-D706-BEB3-937F76CA6AE9}" = CCC Help Finnish "{F56F54DD-BCB2-1221-2CB7-E983A5CF9D15}" = CCC Help Dutch "{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center "{F97E3841-CA9D-4964-9D64-26066241D26F}" = Microsoft Games for Windows - LIVE "ACDLabs in C__ACDFREE12_" = ACD/Labs Software in C:\ACDFREE12\ "adawaretb" = Ad-Aware Security Add-on "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.6 "Avira AntiVir Desktop" = Avira Free Antivirus "CanonSolutionMenuEX" = Canon Solution Menu EX "DivX Setup" = DivX-Setup "Free Video Converter_is1" = Free Video Converter V 3.1 "FreePDF_XP" = FreePDF (Remove only) "GFWL_{43430FA0-49F0-4B13-B4C5-611000008100}" = Super Street Fighter IV: Arcade Edition "GPL Ghostscript 9.04" = GPL Ghostscript "InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager "InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0309.1 "InstallShield_{C75FAD21-EC08-42F3-92D6-C9C0AB355345}" = AutoGreen B12.0206.1 "InstallShield_{E48469CC-635E-4FD5-A122-1497C286D217}" = Call of Duty(R) 4 - Modern Warfare(TM) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300 "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "MP Navigator EX 4.0" = Canon MP Navigator EX 4.0 "Notepad++" = Notepad++ "Office14.SingleImage" = Microsoft Office Professional 2010 "PunkBusterSvc" = PunkBuster Services "Samsung CLP-620 Series" = Wartung Samsung CLP-620 Series "Steam App 202970" = Call of Duty: Black Ops II "Steam App 202990" = Call of Duty: Black Ops II - Multiplayer "Steam App 212910" = Call of Duty: Black Ops II - Zombies "VLC media player" = VLC media player 2.0.3 "Winamp" = Winamp "XnView_is1" = XnView 1.99 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 09.03.2013 05:52:42 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12310 Description = Error - 09.03.2013 06:17:11 | Computer Name = ***-PC | Source = VSS | ID = 12298 Description = Error - 09.03.2013 10:44:59 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2013 07:39:16 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 10.03.2013 16:24:23 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2013 09:14:29 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 11.03.2013 13:04:40 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 12.03.2013 11:07:31 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 12.03.2013 13:11:41 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.03.2013 08:45:57 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = Error - 13.03.2013 17:15:02 | Computer Name = ***-PC | Source = WinMgmt | ID = 10 Description = [ Spybot - Search and Destroy Events ] Error - 22.04.2013 12:36:10 | Computer Name = ***-PC | Source = SDCleaner | ID = 100 Description = LoadCleaningInstructions [ System Events ] Error - 08.01.2013 05:36:03 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 06:56:45 | Computer Name = ***-PC | Source = Ntfs | ID = 262199 Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar. Führen Sie auf dem Volume "\Device\HarddiskVolumeShadowCopy9" den Befehl "chkdsk" aus. Error - 08.01.2013 07:34:08 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 07:34:09 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 11:30:41 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 11:30:42 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 18:31:26 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 08.01.2013 18:31:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.01.2013 13:54:55 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "DgiVecp" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 Error - 09.01.2013 13:54:56 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7000 Description = Der Dienst "SSPORT" wurde aufgrund folgenden Fehlers nicht gestartet: %%2 < End of report > [/CODE] OTL: OTL Logfile: Code:
ATTFilter OTL logfile created on: 23.04.2013 14:17:05 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop\Trojaner-Board\OTL 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,96 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,99% Memory free 15,92 Gb Paging File | 13,61 Gb Available in Paging File | 85,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 79,98 Gb Total Space | 39,66 Gb Free Space | 49,59% Space Free | Partition Type: NTFS Drive D: | 851,31 Gb Total Space | 609,59 Gb Free Space | 71,61% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\Trojaner-Board\OTL\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_7_700_169.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) PRC - C:\PROGRA~2\AD-AWA~1\AdAware.exe (Lavasoft Limited) PRC - C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) PRC - C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) PRC - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () PRC - C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\cb562e2e4f74ae607f1186f6ec50cec7\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\7ffdaee3a54ffd1a5e3b008a5bde5ecf\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\389a1832a3da11e1b409cd6ae60cb9fa\IAStorCommon.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\571b85634abf2fba6bab80c21a347081\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll () MOD - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MOD - C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\Windows\Samsung\PanelMgr\SSMMgr.exe () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (Ad-Aware Service) -- C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareService.exe (Lavasoft Limited) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (SBAMSvc) -- C:\Program Files (x86)\Ad-Aware Antivirus\SBAMSvc.exe (GFI Software) SRV - (SSUService) -- C:\Program Files (x86)\Splashtop\Splashtop Software Updater\SSUService.exe (Splashtop Inc.) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe (Intel Corporation) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (ICCS) -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe (Intel Corporation) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (gfibto) -- C:\Windows\SysNative\drivers\gfibto.sys (GFI Software) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHDAudioService) -- C:\Windows\SysNative\drivers\AtihdW76.sys (Advanced Micro Devices) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (iusb3xhc) -- C:\Windows\SysNative\drivers\iusb3xhc.sys (Intel Corporation) DRV:64bit: - (iusb3hub) -- C:\Windows\SysNative\drivers\iusb3hub.sys (Intel Corporation) DRV:64bit: - (iusb3hcs) -- C:\Windows\SysNative\drivers\iusb3hcs.sys (Intel Corporation) DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (EtronXHCI) -- C:\Windows\SysNative\drivers\EtronXHCI.sys (Etron Technology Inc) DRV:64bit: - (EtronHub3) -- C:\Windows\SysNative\drivers\EtronHub3.sys (Etron Technology Inc) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys () DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (SSPORT) -- C:\Windows\SysWOW64\drivers\SSPORT.SYS (Samsung Electronics) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.startzentrale.de IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {66FF9F69-3418-44a7-AF2A-8B83B3D8EA29} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{66FF9F69-3418-44a7-AF2A-8B83B3D8EA29}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKCU\..\SearchScopes\{70FEE180-EBE5-4fa3-B9FB-49E3D343B7FF}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKCU\..\SearchScopes\{7EE9917A-A530-4c18-B879-D95660327BEC}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC7}: "URL" = hxxp://go.mail.ru/search?q={searchTerms}&utf8in=1&fr=ietb IE - HKCU\..\SearchScopes\{FFEBBF0A-C22C-4172-89FF-45215A135AC8}: "URL" = hxxp://search.icq.com/search/results.php?q=%s&ch_id=hm&search_mode=web IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.startzentrale.de" FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: thumbnailZoom%40dadler.github.com:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.0.52: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.07.28 22:56:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.07.28 22:56:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.10 20:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.21 21:06:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.04.12 16:59:13 | 000,000,000 | ---D | M] [2012.07.28 23:15:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.21 21:05:53 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions [2013.04.21 21:05:52 | 000,000,000 | ---D | M] (Ad-Aware Security Add-on) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\{87934c42-161d-45bc-8cef-ef18abe2a30c} [2013.04.21 21:05:55 | 000,000,000 | ---D | M] (Lavasoft Search Plugin) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\30wdt0hg.default\extensions\jid1-yZwVFzbsyfMrqQ@jetpack [2013.03.22 18:44:48 | 000,161,094 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\30wdt0hg.default\extensions\thumbnailZoom@dadler.github.com.xpi [2013.04.14 23:08:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.12 16:59:12 | 000,000,000 | ---D | M] (QuickStores-Toolbar) -- C:\Program Files (x86)\mozilla firefox\extensions\quickstores@quickstores.de [2012.08.10 20:09:04 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2013.04.10 08:57:39 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.20 18:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2013.04.10 10:18:46 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.04.10 10:18:46 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.04.10 10:18:46 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.04.10 10:18:46 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.04.10 10:18:46 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.04.10 10:18:46 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found. O3 - HKLM\..\Toolbar: (Ad-Aware Security Add-on) - {6c97a91e-4524-4019-86af-2aa2d567bf5c} - C:\Program Files (x86)\adawaretb\adawareDx.dll () O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4 - HKLM..\Run: [Ad-Aware Antivirus] C:\Program Files (x86)\Ad-Aware Antivirus\AdAwareLauncher.exe (Lavasoft Limited) O4 - HKLM..\Run: [Ad-Aware Browsing Protection] C:\ProgramData\Ad-Aware Browsing Protection\adawarebp.exe (Lavasoft) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Samsung PanelMgr] C:\Windows\Samsung\PanelMgr\ssmmgr.exe () O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [USB3MON] C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Intel Corporation) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD) O4 - HKCU..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A24FCBEE-B986-47D8-8AD0-EBDD2C422BF8}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{f4a7f270-d89a-11e1-85c6-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Run.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.23 13:57:35 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Trojaner-Board [2013.04.21 21:25:13 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\LavasoftStatistics [2013.04.21 21:25:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Antivirus [2013.04.21 21:06:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ad-Aware Antivirus [2013.04.21 21:06:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Lavasoft [2013.04.21 21:06:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ad-Aware Antivirus [2013.04.21 21:06:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Downloaded Installations [2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\ProgramData\blekko toolbars [2013.04.21 21:06:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\adawarebp [2013.04.21 21:05:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Ad-Aware Browsing Protection [2013.04.21 21:05:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Toolbar Cleaner [2013.04.21 21:05:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\adawaretb [2013.04.21 21:04:07 | 000,047,496 | ---- | C] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | C] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 21:04:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2013.04.21 20:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.21 20:54:44 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.21 20:54:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.19 21:13:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.04.12 16:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.07 17:22:41 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\ICQ [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.04.05 13:39:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.04.01 22:31:20 | 000,130,016 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:20 | 000,100,712 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:20 | 000,028,600 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files - Modified Within 30 Days ========== [2013.04.23 13:57:02 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.23 13:54:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 13:52:11 | 000,021,808 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.23 13:49:35 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.23 13:49:35 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.23 13:49:35 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.23 13:49:35 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.23 13:49:35 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.23 13:45:07 | 000,001,868 | ---- | M] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.23 13:44:38 | 2117,570,559 | -HS- | M] () -- C:\hiberfil.sys [2013.04.23 13:44:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.21 21:04:07 | 000,047,496 | ---- | M] (GFI Software) -- C:\Windows\SysNative\sbbd.exe [2013.04.21 21:04:07 | 000,014,456 | ---- | M] (GFI Software) -- C:\Windows\SysNative\drivers\gfibto.sys [2013.04.21 20:54:50 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 15:51:40 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 14:36:53 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.07 18:39:09 | 000,014,565 | ---- | M] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 22:31:15 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.04.01 22:31:15 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.04.01 22:31:15 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys ========== Files Created - No Company Name ========== [2013.04.23 13:57:02 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.21 21:06:22 | 000,001,868 | ---- | C] () -- C:\Users\Public\Desktop\Ad-Aware Antivirus.lnk [2013.04.21 20:54:50 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.21 20:54:50 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.07 18:39:09 | 000,014,565 | ---- | C] () -- C:\Users\***\Desktop\stplbsc-ss_2013-4_fs.pdf [2013.04.02 13:51:33 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.04 18:17:57 | 000,393,256 | ---- | C] () -- C:\Windows\SysWow64\CNQ2414N.DAT [2012.10.05 12:22:56 | 000,000,282 | ---- | C] () -- C:\Windows\game.ini [2012.09.28 19:17:46 | 000,103,736 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.09.28 19:17:45 | 000,669,184 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2012.09.28 19:17:45 | 000,066,872 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.08.25 17:28:43 | 000,819,200 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2012.08.25 17:28:43 | 000,180,224 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2012.08.12 19:43:53 | 000,000,615 | ---- | C] () -- C:\Windows\eReg.dat [2012.08.07 15:34:52 | 000,482,408 | ---- | C] () -- C:\Windows\ssndii.exe [2012.07.28 23:04:22 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.07.28 22:55:45 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.07.28 17:53:00 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.28 17:50:32 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat [2012.07.28 17:50:32 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat [2012.07.28 17:50:32 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.05.02 14:58:10 | 000,029,184 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll [2011.12.08 16:14:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.04.21 21:30:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ad-Aware Antivirus [2012.09.08 11:34:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Advanced Chemistry Development [2013.01.04 18:46:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon [2012.08.02 19:56:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF [2012.12.13 16:55:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeVideoConverter [2012.07.29 18:43:58 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Notepad++ [2012.08.01 14:29:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SEGA Corporation [2012.07.28 22:56:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Splashtop [2013.04.13 15:55:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TS3Client [2012.10.31 11:37:10 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ubisoft ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 85 bytes -> C:\ProgramData:$SS_DESCRIPTOR_LVVWVBGV0VFBTLX4D06YH7LVUTPXGJMBKE1R0WT1VH7E24F7PHCTVF4VMVFVVX4VM < End of report > [/CODE] gmer: Code:
ATTFilter GMER Logfile: Code:
ATTFilter [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Processing: 130422-181356.xml [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Microsoft.Windows.Security.InternetExplorer [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\Main\FeatureControl\FEATURE_LOCALMACHINE_LOCKDOWN\ iexplore.exe [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Macromedia.FlashPlayer.Cookies [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\cdn.flashtalking.com\ ftLocalComms.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\core.mochibot.com\ com.mochibot.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\doug1izaerwt3.cloudfront.net\ fa3e9c783cb6bec308806b37b0c2d78f26f4de4d.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\ia.media-imdb.com\ IMDBTEST.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\images-na.ssl-images-amazon.com\ mercury.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\imagesrv.adition.com\ movad.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\members.bet365.com\ FCE.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ com.mochiads.lock.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ com.mochiads.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ mochiLCStatus.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ services.mochiads.com.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __coinsEventLC__.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __ms_1353002146639_77109.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochiads.com\ __ms_1353002146639_77109_fromgame.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\mochibot.com\ com.mochibot.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\ analytics.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\ soundData.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\s.ytimg.com\ videostats.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server11.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server22.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server25.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server29.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server44.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\server6.stream2k.com\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.afcdn.com\ analytics.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\streamcloud.eu\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ analytics.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ pa411.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ SpilGames_hot_pursuit_city_UserData.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Campaign.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Defence.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.freeworldgroup.com\ WAG_DogfightAces_Main.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www.naiadexports.com\ naiad.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\www8.agame.com\ com.spilgames.settings.1.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\yesload.net\ com.jeroenwijering.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\js.adscale.de\adscale-playlist.swf\ ADSCALE_VOLUME.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##12B5C53856D2479D\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##1BB569B201A2417E\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4109631858BF8467\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##4BADABEB8E8C69D1\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##5AB2FEA9FC7F8419\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##8ABE9FD535F69C17\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##D8042BAA605AE25F\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\oddcast.com\##F3593E2E0230D607\ 00000001.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\skype.com\#ui\ preferences.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.putlocker.com\video_player.swf\ org.flowplayer.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\static.sockshare.com\video_player.swf\ org.flowplayer.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\a.affil.io\s\af.swf\ afstorage.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\back7.keycaptcha.com\js\keycaptcha-logo\ kcv_uid.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\dex.ct-ads.com\cdn\storage.swf\ cta.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\heias.com\x\heias_sc.swf\ heias.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\icq.com\IrCQNet\chat2009.swf\ chat_pref.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\olympia.ard.de\flash\OSMFPlayer.swf\ HDCore.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\play.flashx.tv\player\flowplayer.commercial-3.2.7.swf\ org.flowplayer.sol [i] 2013-04-22 18:36:09 Already cleaned: C:\Users\***\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7BMH8AXG\stat.ed.cupidplc.com\images\ed2.swf\ srfp_28.sol [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MediaPlex [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@mediaplex.com/ () [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@apmebf.com/ () [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (S) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (svid) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (TT) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (S) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .apmebf.com/ (LCLK) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (LCLK) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (TT) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .emjcd.com/ (PBLP) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (mojo1) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .mediaplex.com/ (mojo3) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: FastClick [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Internet Explorer (Benutzer): ***) Cookie:***@fastclick.net/ () [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .fastclick.net/ (pluto) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: DoubleClick [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .doubleclick.net/ (id) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .googleads.g.doubleclick.net/ (ebNewBandWidth_.googleads.g.doubleclick.net) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .doubleclick.net/ (_drt_) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Zedo [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (ZEDOIDA) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (PCA1395102) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (PI) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFMCap) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFgeo) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (ZEDOIDX) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFcat) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .zedo.com/ (FFad) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Tradedoubler [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TradeDoublerGUID) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_EH_0) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_POOL) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_UNIQUE_IMP) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (TD_PIC) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .tradedoubler.com/ (BT) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Statcounter [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .statcounter.com/ (is_unique) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: BurstMedia [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .burstnet.com/ (BI75128) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .www.burstnet.com/ (56Q8) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Adviva [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .adviva.net/ (ug) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: CasaleMedia [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMD2) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (C7M5) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMID) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMPS) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMPP) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMRUM2) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMST) [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) .casalemedia.com/ (CMDD) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: WebTrends live [i] 2013-04-22 18:36:09 Already cleaned: Cookie (Firefox: *** (default)) statse.webtrendslive.com/ (ACOOKIE) [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Log [+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ ntbtlog.txt [+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ Directx.log [+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ setupact.log [+] 2013-04-22 18:36:09 Moving into quarantine: C:\Windows\ DtcInstall.log [+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ ntbtlog.txt [+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ Directx.log [+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ setupact.log [+] 2013-04-22 18:36:09 Successfully cleaned: C:\Windows\ DtcInstall.log [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: 7-Zip [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\ FolderHistory [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\7-ZIP\FM\ PanelPath0 [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Internet Explorer [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Internet Explorer\TypedURLs [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS Management Console [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Microsoft Management Console\Recent File List [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS Media Player [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\MediaPlayer\Player\Settings\ Client ID [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS Direct3D [i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Direct3D\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS DirectDraw [i] 2013-04-22 18:36:09 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS DirectInput [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Name [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\DirectInput\MostRecentApplication\ Id [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: MS Paint [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Windows.OpenWith [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CDA\OpenWithList [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Windows Explorer [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Wallpaper\MRU [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Windows Media SDK [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ ComputerName [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ UniqueID [i] 2013-04-22 18:36:09 Already cleaned: HKEY_USERS\S-1-5-21-2013973767-2700943792-3981858110-1000\Software\Microsoft\Windows Media\WMSDK\General\ VolumeSerialNumber [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Cookie [i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) Cookies [i] 2013-04-22 18:36:09 Already cleaned: Firefox (*** (default)) Cookies [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Cache [i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) Cache [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Product: Verlauf [i] 2013-04-22 18:36:09 Already cleaned: Internet Explorer (Benutzer) (***) History [i] 2013-04-22 18:36:09 : [i] 2013-04-22 18:36:09 Summary: [i] 2013-04-22 18:36:09 Errors while cleaning: 0 [i] 2013-04-22 18:36:09 Files moved into quarantine: 4 [i] 2013-04-22 18:36:09 Files successfully cleaned: 133 [+] 2013-04-22 18:36:10 : Gratulation, alles (aus Datei 130422-181356.xml) wurde gelöscht. Geändert von zwn (23.04.2013 um 14:32 Uhr) |
Themen zu Virus nach Facebook-"Video"? |
7-zip, ad-aware, antivir, autorun, bho, black, converter, error, excel, flash player, helper, install.exe, logfile, mozilla, ntdll.dll, prozess, registry, rundll, safer networking, scan, security, senden, software, super, svchost.exe, system, teamspeak, trojaner-board, usb, virus, windows, wurm |