Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe

W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe


Log-Analyse und Auswertung: W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 16.05.2013, 23:15   #1
Miyuline
 
W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe - Standard

W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe


Hallo,
avira zeigt mir dauernd die Meldung über einen Virus im oben angegebenen Link. Ich hab leider absolut keine Ahnung von sowas...
Allerdings hab ich hier im Forum einen Thread zum selben Problem gefunden, nur konnte ich dort nichts schreiben sondern sollte einen neuen Thread eröffnen.

Ich hab bereits die ersten Schritte durchgeführt:

Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: hxxp://hijackthis.nl/smeenk/

Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
Kopiere untenstehende Code in das Textfeld:

Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
Poste mir das Log File zoek-results.log

Code:
ATTFilter
 Zoek.exe Version 4.0.0.2 Updated 15-May-2013
Tool run by Miyu on 16.05.2013 at 23:43:25,59.
Microsoft Windows 7 Professional  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Possible Rootkit Infection ======================

C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\00000004.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000004.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000008.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\000000cb.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000000.@
C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000064.@
C:\Windows\assembly\GAC_32\Desktop.ini
C:\Windows\assembly\GAC_64\Desktop.ini

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Internet Explorer\SearchScopes\{F06E3DE7-1455-4FB0-BBC3-CC20D5BC4F2E} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{326E768D-4182-46FD-9C16-1449A49795F4} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully

==== FireFox Fix ======================

ProfilePath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default

---- Lines e58eiiaak@mfvpopmjpwu.edu removed from prefs.js ----

user_pref("extensions.bootstrappedAddons", "{\"e58eiiaak@mfvpopmjpwu.edu\":{\"version\":\"1.5\",\"type\":\"extension\",\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\e58eiiaak@mfvpopmjpwu.edu\"}}");

---- Lines e58eiiaak@mfvpopmjpwu.edu modified from prefs.js ----

user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Swiss Academic Software\\\\Citavi Picker\\\\Firefox\",\"mtime\":1357745866117}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365773224882},\"{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\",\"mtime\":1365773221579}}},{\"name\":\"app-profile\",\"addons\":{\"e58eiiaak@mfvpopmjpwu.edu\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\e58eiiaak@mfvpopmjpwu.edu\",\"mtime\":1368694760550},\"ffxtlbr@Facemoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@Facemoods.com\",\"mtime\":1356616061046},\"ffxtlbr@privitize.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@privitize.com\",\"mtime\":1367182205103},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1361624807781}}}]");

---- Lines e58eiiaak@mfvpopmjpwu.edu removed from user.js ----


---- Lines delta removed from prefs.js ----

user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.id", "7c8d394800000000000050465d578377");
user_pref("extensions.delta.instlDay", "15841");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.newTab", false);
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1612:28:36");

---- Lines delta modified from prefs.js ----


---- Lines delta removed from user.js ----

user_pref("extensions.delta.tlbrSrchUrl", "");
user_pref("extensions.delta.id", "7c8d394800000000000050465d578377");
user_pref("extensions.delta.appId", "{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}");
user_pref("extensions.delta.instlDay", "15841");
user_pref("extensions.delta.vrsn", "1.8.16.16");
user_pref("extensions.delta.vrsni", "1.8.16.16");
user_pref("extensions.delta.vrsnTs", "1.8.16.1612:28:36");
user_pref("extensions.delta.prtnrId", "delta");
user_pref("extensions.delta.prdct", "delta");
user_pref("extensions.delta.aflt", "babsst");
user_pref("extensions.delta.smplGrp", "none");
user_pref("extensions.delta.tlbrId", "base");
user_pref("extensions.delta.instlRef", "sst");
user_pref("extensions.delta.dfltLng", "en");
user_pref("extensions.delta.excTlbr", false);
user_pref("extensions.delta.ffxUnstlRst", true);
user_pref("extensions.delta.admin", false);
user_pref("extensions.delta.autoRvrt", "false");
user_pref("extensions.delta.rvrt", "false");
user_pref("extensions.delta.newTab", false);

---- Lines privitize removed from prefs.js ----

user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.hpOld0", "hxxp://google.de/");
user_pref("extensions.privitize.id", "7c8d394800000000000050465d578377");
user_pref("extensions.privitize.instlDay", "15823");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.lastB", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.lastVrsnTs", "1.8.16.2222:49:29");
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377&q=");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2222:49:29");

---- Lines privitize modified from prefs.js ----

user_pref("extensions.enabledAddons", "%7B8AA36F4F-6DC7-4c06-77AF-5035170634FE%7D:2012.09.13,%7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14,ffxtlbr%40privitize.com:1.6.0,%7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1");
user_pref("extensions.installCache", "[{\"name\":\"winreg-app-global\",\"addons\":{\"{8AA36F4F-6DC7-4c06-77AF-5035170634FE}\":{\"descriptor\":\"C:\\\\ProgramData\\\\Swiss Academic Software\\\\Citavi Picker\\\\Firefox\",\"mtime\":1357745866117}}},{\"name\":\"app-global\",\"addons\":{\"{972ce4c6-7e08-4474-a285-3208198ce6fd}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{972ce4c6-7e08-4474-a285-3208198ce6fd}\",\"mtime\":1365773224882},\"{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\":{\"descriptor\":\"C:\\\\Program Files (x86)\\\\Mozilla Firefox\\\\extensions\\\\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}\",\"mtime\":1365773221579}}},{\"name\":\"app-profile\",\"addons\":{\"disabled\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\disabled\",\"mtime\":1368694760550},\"ffxtlbr@Facemoods.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@Facemoods.com\",\"mtime\":1356616061046},\"ffxtlbr@privitize.com\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\ffxtlbr@privitize.com\",\"mtime\":1367182205103},\"{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\":{\"descriptor\":\"C:\\\\Users\\\\Miyu\\\\AppData\\\\Roaming\\\\Mozilla\\\\Firefox\\\\Profiles\\\\bqji94cx.default\\\\extensions\\\\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\",\"mtime\":1361624807781}}}]");

---- Lines privitize removed from user.js ----

user_pref("extensions.privitize.hpOld0", "hxxp://google.de/");
user_pref("extensions.privitize.tlbrSrchUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377&q=");
user_pref("extensions.privitize.id", "7c8d394800000000000050465d578377");
user_pref("extensions.privitize.appId", "{301966DF-A84B-4255-AAB9-574B5CE237E4}");
user_pref("extensions.privitize.instlDay", "15823");
user_pref("extensions.privitize.vrsn", "1.8.16.22");
user_pref("extensions.privitize.vrsni", "1.8.16.22");
user_pref("extensions.privitize.vrsnTs", "1.8.16.2222:49:29");
user_pref("extensions.privitize.prtnrId", "privitize");
user_pref("extensions.privitize.prdct", "privitize");
user_pref("extensions.privitize.aflt", "orgnl");
user_pref("extensions.privitize.smplGrp", "none");
user_pref("extensions.privitize.tlbrId", "base");
user_pref("extensions.privitize.instlRef", "");
user_pref("extensions.privitize.dfltLng", "");
user_pref("extensions.privitize.excTlbr", true);
user_pref("extensions.privitize.ffxUnstlRst", false);
user_pref("extensions.privitize.admin", false);
user_pref("extensions.privitize.autoRvrt", "false");
user_pref("extensions.privitize.rvrt", "false");
user_pref("extensions.privitize.hmpg", true);
user_pref("extensions.privitize.hmpgUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.dfltSrch", true);
user_pref("extensions.privitize.srchPrvdr", "Search The Web (privitize)");
user_pref("extensions.privitize.kw_url", "hxxp://searchou.com/?q={searchTerms}&id=7c8d394800000000000050465d578377");
user_pref("extensions.privitize.dnsErr", true);
user_pref("extensions.privitize.newTab", true);
user_pref("extensions.privitize.newTabUrl", "hxxp://searchou.com/?id=7c8d394800000000000050465d578377");

---- Lines WebSearch removed from prefs.js ----

user_pref("browser.search.defaulturl", "hxxp://websearch.searchmainia.info/?unqvl=15&l=1&q=");
user_pref("sweetim.toolbar.previous.browser.startup.homepage", "hxxp://websearch.searchmainia.info/?unqvl=15");

---- Lines WebSearch modified from prefs.js ----


---- Lines searchou removed from prefs.js ----


---- Lines searchou modified from prefs.js ----


---- Lines babylon removed from prefs.js ----

user_pref("extensions.BabylonToolbar.prtkDS", 0);
user_pref("extensions.BabylonToolbar.prtkHmpg", 0);

---- Lines babylon modified from prefs.js ----


---- Lines helperbar removed from prefs.js ----

user_pref("extensions.helperbar.DockingPositionDown", false);
user_pref("extensions.helperbar.SmartbarDisabled", false);
user_pref("extensions.helperbar.SmartbarStateMinimaized", false);

---- Lines helperbar modified from prefs.js ----


---- Lines SweetIM removed from prefs.js ----

user_pref("sweetim.toolbar.previous.browser.search.defaultenginename", "");
user_pref("sweetim.toolbar.previous.browser.search.selectedEngine", "");
user_pref("sweetim.toolbar.previous.keyword.URL", "");
user_pref("sweetim.toolbar.scripts.1.domain-blacklist", ".*");
user_pref("sweetim.toolbar.searchguard.enable", "false");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_DS", "1");
user_pref("sweetim.toolbar.searchguard.UserRejectedGuard_HP", "1");

---- Lines SweetIM modified from prefs.js ----


---- Lines smartbar removed from prefs.js ----


---- Lines smartbar modified from prefs.js ----


---- FireFox user.js and prefs.js backups ---- 

user__2345_.backup
prefs__2345_.backup

==== Deleting Files \ Folders ======================

"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\delta.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\privitize.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\WebSearch.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\babylon.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\babylon.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\Web Search.xml" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\searchplugins\WebSearch.xml" deleted
"C:\Program Files (x86)\Mozilla Firefox\searchplugins\fcmdSrchddr.xml" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\00000004.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\201d3dde" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L\76603ac3" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000004.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\00000008.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\000000cb.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000000.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000032.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U\80000064.@" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}" not deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\L" deleted
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}\U" not deleted
"C:\Windows\syswow64\appdata" deleted
"C:\Program Files (x86)\TornTV.com" deleted
"C:\ProgramData\MagniPicc" deleted
"C:\Program Files (x86)\SimpleSpeedy" deleted
"C:\Program Files (x86)\JDownloader" deleted
"C:\Program Files (x86)\facemoods.com" deleted
"C:\Users\Miyu\AppData\Roaming\Babylon" deleted
"C:\ProgramData\StarApp" deleted
"C:\ProgramData\CLSoft LTD" deleted
"C:\ProgramData\InstallMate" deleted
"C:\ProgramData\Tarma Installer" deleted
"C:\ProgramData\Babylon" deleted
"C:\Users\Miyu\AppData\LocalLow\facemoods.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\e58eiiaak@mfvpopmjpwu.edu" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@privitize.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@babylon.com" deleted
"C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\ffxtlbr@privitize.com" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Miyu\AppData\Local\Temp ====
2013-05-16 10:32:25	C44D9888D0FF4F39AF4584EC3778AA58	395248	----a-w-	C:\Users\Miyu\AppData\Local\Temp\uninst1.exe
2013-05-16 09:02:51	5AF326123070F03D451A07E478875449	14495928	----a-w-	C:\Users\Miyu\AppData\Local\Temp\stpass_trial_609446.exe
====== C:\Windows\SysWOW64 =====
2013-05-05 01:42:08	8255AD29A44B2E14B2DD99319F92A0AB	95648	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
====== C:\Windows\Sysnative\drivers =====
2013-05-16 20:55:23	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Windows\Sysnative\drivers\avnetflt.sys
====== C:\Windows\Tasks ======
====== C:\Windows\Temp ======
======= C:\Program Files =====
======= C:\Program Files (x86) =====
2013-05-16 10:21:03	--------	d-----w-	C:\Program Files (x86)\x264 Video Codec
2013-05-03 18:45:21	--------	d-----w-	C:\Program Files (x86)\RaidCall
======= C: =====
====== C:\Users\Miyu\AppData\Roaming ======
2013-05-16 11:09:13	--------	d-----w-	C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Torch
2013-05-16 11:08:36	--------	d-----w-	C:\users\Miyu\AppData\Local\Torch
2013-05-16 10:59:06	--------	d-----w-	C:\users\Miyu\AppData\Roaming\Media Player Classic
2013-05-16 10:21:05	--------	d-----w-	C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\x264 Video Codec
2013-05-16 09:01:41	--------	d-----w-	C:\users\Miyu\AppData\Roaming\uTorrent
2013-05-03 18:45:26	--------	d-----w-	C:\users\Miyu\AppData\Roaming\raidcall
2013-05-03 18:45:26	--------	d-----w-	C:\users\Miyu\AppData\Locallow\RCTW
2013-05-03 18:45:25	--------	d-----w-	C:\users\Miyu\AppData\Locallow\raidcall
2013-05-03 18:45:24	--------	d-----w-	C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RaidCall
2013-04-28 20:50:00	--------	d-----w-	C:\users\Miyu\AppData\Local\Programs
2013-04-28 20:49:49	--------	d-----w-	C:\users\Miyu\AppData\Local\Google
2013-04-28 13:25:24	--------	d-----w-	C:\users\Miyu\AppData\Roaming\TERA
====== C:\Users\Miyu ======
2013-05-03 18:45:24	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RaidCall

====== C: exe-files ==
2013-05-16 20:55:23	ADA0D1407E2C328FB95686E9D5AB88B5	111328	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\ccuac.exe
2013-05-16 20:55:23	5FF8FFD589DA25F43C4FE944A4B2AE0A	775224	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\avwebg7.exe
2013-05-16 11:09:14	7E44B9C73BF54E49D37CC504F12C2C1C	1123168	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Update\25.0.0.3256\TorchUpdate.exe
2013-05-16 11:09:14	0F6F7695E99202E2DE79762F69AA228F	2352480	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Plugins\Torrent\TorchTorrent.exe
2013-05-16 11:09:13	0F6F7695E99202E2DE79762F69AA228F	2352480	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Plugins\Torrent\25.0.0.3256\TorchTorrent.exe
2013-05-16 11:09:12	C051562BC50CC43659B59F7F5616476F	80224	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\chrome_frame_helper.exe
2013-05-16 11:09:12	8DDE82A7537336054F38FC391B5B569A	1749856	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Installer\setup.exe
2013-05-16 11:09:12	75705E313BF9F2D4F9CD6CF320658234	1241440	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\nacl64.exe
2013-05-16 11:09:12	682AF7BFACD447F5C332D83E7AD23A05	84320	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\chrome_launcher.exe
2013-05-16 11:09:12	19D9E23D439ACF44CE406BCF627E9F6D	1377120	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\torch.exe
2013-05-16 11:09:12	0DBAD93F16EA4048B8A39993CE0263F4	902496	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\delegate_execute.exe
2013-05-16 11:08:24	3040AD70B1689A4646B28099DDA47ADA	1158848	----a-w-	C:\Users\Miyu\Desktop\TorchSetup.exe
2013-05-16 10:58:56	30FADBA93E9430A63F19DA9935DE4369	4411392	----a-w-	C:\Users\Miyu\Desktop\mplayerc.exe
2013-05-16 10:32:25	C44D9888D0FF4F39AF4584EC3778AA58	395248	----a-w-	C:\Users\Miyu\AppData\Local\Temp\uninst1.exe
2013-05-16 10:31:32	A14F3786E4CDD0BBCF9E7C752949DB70	828976	----a-w-	C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BKTKHPT\TornTVApp[1].exe
2013-05-16 10:28:15	280E9D0D3311CC57C7D3DD7F5E437CFC	1102024	----a-w-	C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6GS19JJ8\yontoosetup[1].exe
2013-05-16 10:21:12	98C41AB0F6C05B0DEC773EC74526EACC	371561	----a-w-	C:\Program Files (x86)\x264 Video Codec\Uninstall.exe
2013-05-16 09:02:51	AD039BD721859550F23064D42E7DDA44	1045072	----a-w-	C:\Users\Miyu\AppData\Roaming\uTorrent\uTorrent.exe
2013-05-16 09:02:51	5AF326123070F03D451A07E478875449	14495928	----a-w-	C:\Users\Miyu\AppData\Local\Temp\stpass_trial_609446.exe
2013-05-16 08:57:48	0E73D05D7066C2D12202595AB23D1C6F	1677543	----a-w-	C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\6BKTKHPT\search_d_soft_quick[1].exe
2013-05-13 07:38:47	C44D9888D0FF4F39AF4584EC3778AA58	395248	----a-w-	C:\Users\Miyu\AppData\Local\Temp\906C1CFE-BAB0-7891-B065-48F1E22A2FA5\Latest\GUninstaller.exe
2013-05-12 13:55:56	0E53466F4CB535CB79786A42F49E9D6A	162376	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Uninstall.exe
2013-05-11 10:37:30	DC5ECEA062C0633346B6D199FA2B578D	1402440	----a-w-	C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroRd32.exe
2013-05-11 10:37:30	ADC4503F6AA64E12569C6AF8A78DFEE3	694352	----a-w-	C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AdobeCollabSync.exe
2013-05-11 10:37:28	32D24478E61AAFD13FCD49DCF2181A26	131664	----a-w-	C:\Program Files (x86)\Adobe\Reader 11.0\Reader\plug_ins\pi_brokers\64BitMAPIBroker.exe
2013-05-11 10:37:28	0917EC61C939310D08C71E606B2A0642	264776	----a-w-	C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroBroker.exe
2013-05-11 10:37:28	05D1768506AAFE8F818817BFD906BF66	36952	----a-w-	C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AcroTextExtractor.exe
2013-05-11 10:37:26	ADDA5E1951B90D3D23C56D3CF0622ADC	65640	----a-w-	C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
=== C: other files ==
2013-05-16 20:55:23	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Windows\System32\drivers\avnetflt.sys
2013-05-16 20:55:23	4BDDB42CB6BF46452FA7155EA5381576	83160	----a-w-	C:\Program Files (x86)\Avira\AntiVir Desktop\avnetflt.sys
2013-05-16 11:09:14	F24CBEA84AD3E58E7953337AB3B41D36	761288	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Plugins\TorchPlugin.crx
2013-05-16 11:09:11	D2F6A1B11344D9AC7BCFB75900D4ADE1	23668	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\youtube.crx
2013-05-16 11:09:11	B49400C68BA70FE79986D2B0170CFA0F	141635	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\torchhelper.crx
2013-05-16 11:09:11	94B4D0D4EFD42E014052CDBE98830BAC	43780	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\torch_music_ext.crx
2013-05-16 11:09:11	92E2DA26DFC0396BEC293729D6A0FAAD	43164	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\torch_music_app.crx
2013-05-16 11:09:11	91EEDBAA29227F82631CB15BEB7CC8DE	400406	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\ask_toolbar_6_0_0.crx
2013-05-16 11:09:11	71E1283B8440F6264CEC99DF9AD81F5B	25561	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\drive.crx
2013-05-16 11:09:11	4F0780FF343D3DC7C8B249EEE8EDC1A4	1140283	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\Extensions\drop_to_s.crx
2013-05-16 11:09:11	2E2E328E5BF6BE61203164B3E9EA8094	24040	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\gmail.crx
2013-05-16 11:09:11	2C71C49F991095A1848624907BACBB08	4578	----a-w-	C:\Users\Miyu\AppData\Local\Torch\Application\25.0.0.3256\default_apps\docs.crx
2013-05-16 10:28:02	E1BCBA938C81A2ABA1E35F80F80776B0	213470	----a-w-	C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default\extensions\torntv2@torntv.com.xpi
2013-05-12 10:17:00	591A05C4D202D8EB94FD5B60F8E0D34B	390077	----a-w-	C:\Users\Miyu\AppData\Local\Temp\906C1CFE-BAB0-7891-B065-48F1E22A2FA5\Latest\delta1.crx

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"facemoods"="C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoodssrv.exe /md I"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"iTunesHelper"="D:\Programme\iTunesHelper.exe"
"EEventManager"="C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"DivXMediaServer"="C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe"
"DivXUpdate"="C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe /CHECKNOW"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
"FUFAXRCV"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe""
"FUFAXSTM"=""C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe""

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"Pando Media Booster"="C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe"
"EPLTarget\P0000000000000000"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000000 /M WF-2510 Series"
"EPLTarget\P0000000000000001"="C:\Windows\system32\spool\DRIVERS\x64\3\E_YATIIXE.EXE /EPT EPLTarget\P0000000000000001 /M WF-2510 Series"
"Steam"="C:\Program Files (x86)\Steam\Steam.exe -silent"
"Facebook Update"="C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe /c /nocrashserver"
"StickyPassword"="C:\Program Files (x86)\Sticky Password\stpass.exe /autorunned"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDVCPL"="C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe -s"

==== Startup Folders ======================

2013-01-09 15:28:05	769	----a-w-	C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk
2013-01-10 14:44:23	1235	----a-w-	C:\users\Miyu\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [15.05.2013 20:00]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000Core.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]
C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1589193222-955252371-806738954-1000UA.job --a------ C:\Users\Miyu\AppData\Local\Facebook\Update\FacebookUpdate.exe [09.03.2013 18:30]

==== Firefox Extensions ======================

ProfilePath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
- Citavi Picker - C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox
- Facemoods - %ProfilePath%\extensions\ffxtlbr@Facemoods.com
- DownloadHelper - %ProfilePath%\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
- uTorrentBar_DE - %ProfilePath%\extensions\{c840e246-6b95-475e-9bd7-caa1c7eca9f2}
- Torntv 2 - %ProfilePath%\extensions\torntv2@torntv.com.xpi

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}

==== Firefox Plugins ======================

Profilepath: C:\Users\Miyu\AppData\Roaming\Mozilla\Firefox\Profiles\bqji94cx.default
7ABE33792F2787D599B6963E71B9E8CD	- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll -	Shockwave Flash
ADC539F67D3198679F480974EE203678	- C:\Windows\SysWOW64\npdeployJava1.dll -	Java Deployment Toolkit 7.0.210.11
C899B98999270821EDFFA56044DE2377	- C:\Users\Miyu\AppData\Roaming\raidcall\plugins\nprcplugin.dll -	Raidcall plugin
3FCF47BD73094FA62D81373515F46110	- D:\Programme\Mozilla Plugins\npitunes.dll -	iTunes Application Detector
0B31B0F8FA99CFD009C8FBEA9E20C9DE	- C:\Users\Miyu\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll -	Facebook Video Calling Plugin
15E298B5EC5B89C5994A59863969D9FF	- C:\Windows\SysWOW64\npmproxy.dll -	Microsoft® Windows® Operating System


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
ihflimipbcaljfnojhhknppphnnciiif - C:\Program Files (x86)\facemoods.com\facemoods\1.4.17.5\facemoods.crx[]
kiplfnciaokpcennlkldkdaeaaomamof - C:\Users\Miyu\AppData\Local\Torch\Plugins\TorchPlugin.crx[12.05.2013 15:54]
nbmafkdmkkckhggblphicnnhlgljnoje - C:\Program Files (x86)\TornTV.com\torn2_10.crx[]
nneajnkjbffgblleaoojgaacokifdkhm - C:\Program Files (x86)\DivX\DivX Plus Web Player\chrome\DivXHTML5\DivXHTML5.crx[]

MagniPicc - Miyu - Default\Extensions\nfalanmklbefgpmgnjbdkhlonkjglldb

==== Chrome Fix ======================

C:\Users\Miyu\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfalanmklbefgpmgnjbdkhlonkjglldb deleted successfully

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www1.delta-search.com/?affID=119776&tt=gc_&babsrc=HP_ss&mntrId=7C8D50465D578377"
"Search Page"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"Search Bar"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"Use Search Asst"="yes"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://websearch.searchmainia.info/?unqvl=15"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://websearch.searchmainia.info/?unqvl=15"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"Default"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
"SearchAssistant"="hxxp://feed.snap.do/?publisher=SnapdoW3i&dpid=SnapdoW3i&co=DE&userid=72ab34ea-5c4d-4d8f-9338-a4e730824340&searchtype=ds&q={searchTerms}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{BB74DE59-BC4C-4172-9AC4-73315F71CFFE}] not found

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Search Page"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Search Bar"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"Start Page"="hxxp://www.google.com"
"Use Search Asst"="no"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchUrl]
"(Default)"="hxxp://search.msn.com/results.asp?q=%s"
[HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Internet Explorer\Search]
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search]
"Default_Search_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=54896"
"SearchAssistant"="hxxp://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchasst.htm"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{6A1806CD-94D4-4689-BA73-E35EA1EA9990}"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_USERS\S-1-5-21-1589193222-955252371-806738954-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{64182481-4F71-486B-A045-B233BD0DA8FC} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{929801A8-4AEF-4D12-BE31-D85BF666452B} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} deleted successfully

==== Deleting Registry Keys ======================

HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\ihflimipbcaljfnojhhknppphnnciiif deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nbmafkdmkkckhggblphicnnhlgljnoje deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\nneajnkjbffgblleaoojgaacokifdkhm deleted successfully

==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Temp\acrord32_sbx\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Miyu\AppData\Local\Temp\acro_rd_dir\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5 will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5 will be deleted at reboot
C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat will be deleted at reboot

==== Empty FireFox Cache ======================

C:\users\Miyu\AppData\Local\Mozilla\Firefox\Profiles\bqji94cx.default\Cache emptied successfully

==== Empty Chrome Cache ======================

No Chrome Cache found

==== Empty All Flash Cache ======================

Flash Cache Emptied Successfully

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Miyu\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Users\Miyu\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat" not found
"C:\Windows\installer\{a86a2c63-81be-c21e-ccb2-6ca1c3edb56c}"  not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\0PS72R2M" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\62AXOPQ5" not found
"C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\FZG8CKJ5" not found

==== EOF on 16.05.2013 at 23:50:47,01 ======================

 

Themen zu W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe
adobe, browser, c:\windows\system32\services.exe, explorer, firefox, flash player, helper, internet, internet explorer, log file, mozilla, pando media booster, problem, recycle.bin, registry, rootkit, search the web, services.exe, software, starten, system, tarma, temp, torntv.com, virus.win64.zaccess.a, w32/patched.uc, w32/patched.uc' [virus] in 'c:\windows\system32\services.exe, windows


« Leerlaufprozess konstant über 80% | System Care Antivirus Befall auf Windows XP »


Ähnliche Themen: W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe


  1. Virus: Win64/Patched.A in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 23.07.2014 (19)
  2. Virus in 'C:\Windows\System32\services.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.06.2013 (5)
  3. Virus Win64/Patched.A in c:\Windows\System32\services.exe
    Log-Analyse und Auswertung - 29.05.2013 (11)
  4. C:\Windows\System32\services.exe Infiziert!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2013 (58)
  5. 'W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe'
    Log-Analyse und Auswertung - 15.05.2013 (24)
  6. W32/Patched.UC in C:\windows\system32\services.exe gefunden! (Avira)
    Plagegeister aller Art und deren Bekämpfung - 13.02.2013 (23)
  7. Avira findet W32/Patched.UC in C:\windows\system32\services.exe
    Log-Analyse und Auswertung - 08.01.2013 (19)
  8. w32/patched.ub in c:\windows\system32\service.exe und BDS/ZAccess.V in c:\windows\installer.....
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (4)
  9. TR/ATRAPS.Gen2, TR/Sirefef.16896 (in C:\Windows\Installer\...) und W32/Patched.UA (C:\Windows\System32\services.exe)
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (5)
  10. W32/Patched.UA in "C:\Windows\System32\services.exe" + TR/Small.FI, TR/ATRAPS.Gen und TR/ATRAPS.GEN2
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (2)
  11. Trojan.Patched.Sirefef.B in C:\Windows\System32\services.exe
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (3)
  12. W32/Patched.UB in c:\windows\system32\services.exe
    Log-Analyse und Auswertung - 02.08.2012 (7)
  13. Datei C:\Windows\System32\services.exe infiziert: W32/Patched.UB, Patched.UA, Patched.ZA
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  14. Virusfund WR32/Patched.UA in "C:\Windows\System32\Services.exe"
    Log-Analyse und Auswertung - 11.07.2012 (4)
  15. avira antivirus premium meldet in c:\windows\system32\services.exe Virus w32/patched.ub
    Plagegeister aller Art und deren Bekämpfung - 05.07.2012 (22)
  16. TR/Small.FI, TR/ATRAPS.Gen, TR/ATRAPS.GEN2 und W32/Patched.UA in "C:\Windows\System32\services.exe"
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (15)
  17. C:\\windows\system32\services.exe Problem
    Log-Analyse und Auswertung - 28.06.2007 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe - Hallo, avira zeigt mir dauernd die Meldung über einen Virus im oben angegebenen Link. Ich hab leider absolut keine Ahnung von sowas... Allerdings hab ich hier im Forum einen Thread - W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe...
Archiv
Du betrachtest: W32/Patched.UC' [virus] in 'C:\Windows\System32\services.exe auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131