| |
| |||||||
Log-Analyse und Auswertung: GVÜ- Trojaner Windows 7 32 bitWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.08.2013, 10:07
| #16 |
| /// Malwareteam   |  GVÜ- Trojaner Windows 7 32 bit Hi, das Ding ist hartnäckiger als seine Artgenossen... Bitte erstelle ein neues FRST Logfile in der Recovery Console. Wenn ich da nichts neues sehe gehen wir in die Registry... |
|
21.08.2013, 10:24
| #17 |
 | GVÜ- Trojaner Windows 7 32 bit [CODE][
__________________FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by SYSTEM on 21-08-2013 11:22:06
Running from E:\
Windows 7 Ultimate (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [630784 2012-09-13] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKU\Pippo\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [ 2011-06-04] (Acresso Corporation)
HKU\Pippo\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKU\Pippo\...\RunOnce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_de;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280141163462" [x]
HKU\Pippo\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Pippo\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <===== ATTENTION!
Startup: C:\Users\Pippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
========================== Services (Whitelisted) =================
S2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
S2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
S2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
S2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
S0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
S0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
S3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
S3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-20] (Symantec Corporation)
S1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
S0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-20] (Symantec Corporation)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-16] (Elaborate Bytes AG)
S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-20] (Symantec Corporation)
S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-08-09] (Symantec Corporation)
S3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
S2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
S3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
S2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.)
S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVENG.SYS [93272 2013-08-17] (Symantec Corporation)
S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVEX15.SYS [1611992 2013-08-17] (Symantec Corporation)
S1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
S1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
S0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
S0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-12] (Symantec Corporation)
S1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
S1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
S1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
S3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UacCtl2; system32\DRIVERS\uacctl2.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-17 11:28 - 2013-08-21 08:13 - 00003328 _____ C:\Windows\setupact.log
2013-08-17 11:28 - 2013-08-17 11:28 - 00408960 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:28 - 2013-08-17 11:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 10:29 - 2013-08-17 11:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-14 15:31 - 2013-08-14 15:32 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 15:27 - 2013-07-26 04:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-08-14 15:27 - 2013-07-26 04:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-08-14 15:27 - 2013-07-26 04:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-08-14 15:27 - 2013-07-26 04:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-08-14 15:27 - 2013-07-26 04:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-08-14 15:27 - 2013-07-26 04:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-08-14 15:27 - 2013-07-26 04:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-08-14 15:27 - 2013-07-26 03:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-08-14 15:27 - 2013-07-26 02:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-08-14 15:26 - 2013-07-26 04:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-08-14 12:53 - 2013-08-14 12:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 12:51 - 2013-08-14 12:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:51 - 2013-08-14 12:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 12:51 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 12:43 - 2013-08-14 12:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 12:43 - 2013-08-14 12:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-14 06:20 - 2013-07-25 09:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
2013-08-14 06:20 - 2013-07-09 06:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe
2013-08-14 06:20 - 2013-07-09 06:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2013-08-14 06:20 - 2013-07-09 05:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\System32\ntdll.dll
2013-08-14 06:20 - 2013-07-09 05:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\System32\wintrust.dll
2013-08-14 06:20 - 2013-07-09 05:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\System32\rpcrt4.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2013-08-14 06:20 - 2013-07-09 05:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2013-08-14 06:20 - 2013-07-06 06:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
2013-08-14 06:19 - 2013-07-19 02:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\System32\tzres.dll
2013-08-14 06:19 - 2013-06-15 04:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\tssecsrv.sys
2013-08-13 09:59 - 2013-04-17 08:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll
2013-08-13 06:08 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-08-13 02:49 - 2013-08-13 02:49 - 00000000 __SHD C:\found.000
2013-08-13 02:04 - 2013-08-13 02:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-13 02:04 - 2013-08-13 02:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-13 02:04 - 2013-08-13 02:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-13 02:04 - 2013-08-13 02:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-13 02:04 - 2013-08-13 02:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-13 02:03 - 2013-08-13 02:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 14:25 - 2013-08-12 14:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 13:54 - 2013-03-04 19:14 - 00036512 ____R (Symantec Corporation) C:\Windows\System32\Drivers\SymIMV.sys
2013-08-12 12:56 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-08-12 12:56 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-08-12 12:56 - 2013-05-13 04:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\System32\certutil.exe
2013-08-12 12:56 - 2013-05-13 04:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\System32\certenc.dll
2013-08-12 12:56 - 2013-05-10 04:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll
2013-08-12 12:56 - 2013-04-26 05:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\System32\win32spl.dll
2013-08-12 12:56 - 2013-04-26 00:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\System32\d3d11.dll
2013-08-12 12:56 - 2013-04-12 14:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ntfs.sys
2013-08-12 12:56 - 2013-04-10 06:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgkrnl.sys
2013-08-12 12:56 - 2013-04-10 06:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\dxgmms1.sys
2013-08-12 12:56 - 2013-03-19 05:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\System32\wwansvc.dll
2013-08-12 12:56 - 2013-03-19 05:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\System32\csrsrv.dll
2013-08-12 12:56 - 2013-03-19 04:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\System32\wwanprotdim.dll
2013-08-12 12:56 - 2013-03-19 03:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\System32\smss.exe
2013-08-12 12:56 - 2013-01-24 05:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\fvevol.sys
2013-08-12 12:48 - 2013-02-27 06:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\System32\consent.exe
2013-08-12 12:48 - 2013-02-27 05:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\System32\shell32.dll
2013-08-12 12:48 - 2013-02-27 05:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\System32\shdocvw.dll
2013-08-12 12:48 - 2013-02-27 05:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-08-12 12:48 - 2013-02-27 05:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\System32\appinfo.dll
2013-08-12 12:44 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023x.sys
2013-08-12 12:44 - 2013-02-12 04:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usb8023.sys
==================== One Month Modified Files and Folders =======
2013-08-21 08:17 - 2009-10-15 11:20 - 01507106 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-21 08:16 - 2013-02-23 11:00 - 01130290 _____ C:\Windows\WindowsUpdate.log
2013-08-21 08:13 - 2013-08-17 11:28 - 00003328 _____ C:\Windows\setupact.log
2013-08-21 07:08 - 2009-07-14 05:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 07:08 - 2009-07-14 05:34 - 00015344 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 08:48 - 2013-08-20 08:48 - 00000000 ____D C:\FRST
2013-08-18 12:34 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-17 11:29 - 2013-08-17 10:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 11:29 - 2013-08-17 10:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 11:29 - 2013-08-17 10:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
2013-08-17 11:28 - 2013-08-17 11:28 - 00408960 _____ C:\Windows\System32\FNTCACHE.DAT
2013-08-17 11:28 - 2013-08-17 11:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 08:14 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 08:01 - 2010-07-01 07:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 08:00 - 2009-07-14 03:04 - 00000478 _____ C:\Windows\win.ini
2013-08-15 12:34 - 2009-10-15 10:06 - 00000000 ____D C:\Windows\Panther
2013-08-15 07:25 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 06:22 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE
2013-08-14 15:32 - 2013-08-14 15:31 - 00000000 ____D C:\Windows\System32\MRT
2013-08-14 15:31 - 2009-10-15 11:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-08-14 12:53 - 2013-08-14 12:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 12:52 - 2013-08-14 12:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 12:52 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 12:51 - 2013-08-14 12:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 12:51 - 2009-10-30 07:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-14 12:43 - 2013-08-14 12:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 12:43 - 2013-08-14 12:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-13 02:51 - 2011-02-28 10:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-13 02:49 - 2013-08-13 02:49 - 00000000 __SHD C:\found.000
2013-08-13 02:45 - 2009-07-14 09:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 02:45 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-TW
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-HK
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\zh-CN
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\tr-TR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\sv-SE
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ru-RU
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-PT
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pt-BR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\pl-PL
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nl-NL
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\nb-NO
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ko-KR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\ja-JP
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\it-IT
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\hu-HU
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fr-FR
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\fi-FI
2013-08-13 02:45 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\el-GR
2013-08-13 02:04 - 2013-08-13 02:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-08-13 02:04 - 2013-08-13 02:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-08-13 02:04 - 2013-08-13 02:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-08-13 02:04 - 2013-08-13 02:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-08-13 02:04 - 2013-08-13 02:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-08-13 02:04 - 2013-08-13 02:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-08-13 02:04 - 2013-08-13 02:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-08-13 02:03 - 2013-08-13 02:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\System32\d2d1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\System32\msmpeg2vdec.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\System32\d3d10warp.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\System32\XpsPrint.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\System32\d3d10.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\System32\FntCache.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10level9.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\System32\WMPhoto.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\System32\XpsGdiConverter.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\System32\dxgi.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\System32\d3d10core.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\System32\WindowsCodecsExt.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\System32\UIAnimation.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\System32\d3d10_1.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 02:03 - 2013-08-13 02:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 14:25 - 2013-08-12 14:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 13:56 - 2009-10-15 12:14 - 00000000 ____D C:\ProgramData\Norton
2013-08-12 13:55 - 2011-01-13 16:45 - 00000000 ____D C:\Windows\System32\Drivers\NIS
2013-08-12 13:53 - 2011-01-13 16:45 - 00002431 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-12 13:32 - 2011-01-13 16:45 - 00142496 _____ (Symantec Corporation) C:\Windows\System32\Drivers\SYMEVENT.SYS
2013-08-12 13:32 - 2011-01-13 16:45 - 00007611 _____ C:\Windows\System32\Drivers\SYMEVENT.CAT
2013-08-12 13:28 - 2012-05-22 15:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe
2013-08-12 13:28 - 2012-05-22 15:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl
2013-08-12 13:13 - 2012-09-05 15:49 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-12 12:57 - 2010-10-19 13:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-26 04:13 - 2013-08-14 15:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-26 04:13 - 2013-08-14 15:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-26 04:13 - 2013-08-14 15:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-26 04:12 - 2013-08-14 15:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-26 04:12 - 2013-08-14 15:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-26 04:12 - 2013-08-14 15:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-26 04:11 - 2013-08-14 15:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-26 04:11 - 2013-08-14 15:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-26 03:49 - 2013-08-14 15:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-26 02:59 - 2013-08-14 15:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-25 09:57 - 2013-08-14 06:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-08-17 12:01:51
==================== Memory info ===========================
Percentage of memory in use: 11%
Total physical RAM: 4076.36 MB
Available physical RAM: 3588.24 MB
Total Pagefile: 4074.64 MB
Available Pagefile: 3587.33 MB
Total Virtual: 2047.88 MB
Available Virtual: 1931.84 MB
==================== Drives ================================
Drive c: (BOOTCAMP) (Fixed) (Total:101.11 GB) (Free:65.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: (USB DISK) (Removable) (Total:1.86 GB) (Free:1.86 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 186 GB) (Disk ID: 4523A045)
Partition: GPT Partition TypePartition 2: (Not Active) - (Size=85 GB) - (Type=AF)
Partition 3: (Active) - (Size=101 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 2 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=2 GB) - (Type=0B)
LastRegBack: 2013-08-12 16:52
==================== End Of Log ============================
/CODE] |
|
21.08.2013, 13:51
| #18 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit So jetzt nochmal aus der Recovery Console
__________________Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKU\Pippo\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION
HKU\Pippo\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION
HKU\Pippo\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <===== ATTENTION!
2013-08-17 10:29 - 2013-08-17 11:29 - 01084835 _____ C:\ProgramData\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433
2013-08-17 10:29 - 2013-08-17 11:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________ |
|
21.08.2013, 15:28
| #19 |
| | GVÜ- Trojaner Windows 7 32 bit [CODE][Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03 Ran by SYSTEM at 2013-08-21 16:18:08 Run:6 Running from E:\ Boot Mode: Recovery ============================================== Content of fixlist: ***************** HKU\Pippo\...\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] - C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe [x] <===== ATTENTION HKU\Pippo\...\Winlogon: [Shell] cmd.exe [ 2010-11-20] (Microsoft Corporation) <==== ATTENTION HKU\Pippo\...\Command Processor: "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" <===== ATTENTION! 2013-08-17 10:29 - 2013-08-17 11:29 - 01084835 _____ C:\ProgramData\2433f433 2013-08-17 10:29 - 2013-08-17 11:29 - 01084811 _____ C:\Users\Pippo\AppData\Roaming\2433f433 2013-08-17 10:29 - 2013-08-17 11:29 - 01084807 _____ C:\Users\Pippo\AppData\Local\2433f433 C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe ***************** HKU\Pippo\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx => Value deleted successfully. HKU\Pippo\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully. HKU\Pippo\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully. C:\ProgramData\2433f433 => Moved successfully. C:\Users\Pippo\AppData\Roaming\2433f433 => Moved successfully. C:\Users\Pippo\AppData\Local\2433f433 => Moved successfully. "C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.exe" => File/Directory not found. ==== End of Fixlog ====/CODE] im normalen Modus ist der böse Start Bildschirm wieder da und keine cmd.exe mehr |
|
21.08.2013, 20:44
| #20 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit -RECOVERY CONSOLE- Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Boote das System neu und falls der Normalmdus kommt: bitte sofort ein frisches FRST logfile aus dem Normalen Modus hinter |
|
22.08.2013, 06:09
| #21 |
| | GVÜ- Trojaner Windows 7 32 bitCode:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 20-08-2013 03
Ran by SYSTEM at 2013-08-22 07:00:31 Run:7
Running from E:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll
*****************
C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll => Moved successfully.
==== End of Fixlog ====
Du hast es geschafft!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Pippo (administrator) on 22-08-2013 07:06:09
Running from D:\
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Apple Inc.) C:\Program Files\Boot Camp\Bootcamp.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Elaborate Bytes AG) C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Acresso Corporation) C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Symantec Corporation) C:\Program Files\Norton Internet Security\Engine\20.4.0.40\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
(Microsoft Corporation) C:\Windows\system32\cmd.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [630784 2012-09-13] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)
HKCU\...\Runonce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_de;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280141163462" [x]
MountPoints2: {d962e389-26e5-11e1-ad92-001ec28fc323} - F:\setup.exe
Startup: C:\Users\Pippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.terminland.de/heinicke/intern/default.aspx?m=1422&sg=0&sw=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
URLSearchHook: (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM - DefaultScope {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKLM - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL = hxxp://dts.search-results.com/sr?src=ieb&appid=400&systemid=406&sr=0&q={searchTerms}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112570&tt=270912_11_3912_8&babsrc=SP_ss&mntrId=9ada3f02000000000000001ec28fc323
SearchScopes: HKCU - BrowserMngrDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - bProtectorDefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://search.babylon.com/?q={searchTerms}&affID=112570&tt=270912_11_3912_8&babsrc=SP_ss&mntrId=9ada3f02000000000000001ec28fc323
SearchScopes: HKCU - {1687F676-F971-410D-9227-8017E2C1BC03} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406} URL =
BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\bh\BabylonToolbar.dll (Babylon BHO)
BHO: Norton Identity Protection - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
BHO: Norton Vulnerability Protection - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\IPS\IPSBHO.DLL (Symantec Corporation)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
Toolbar: HKLM - No Name - {99079a25-328f-4bd4-be04-00955acaa0a7} - No File
Toolbar: HKLM - Babylon Toolbar - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.0.7\BabylonToolbarTlbr.dll (Babylon Ltd.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\coIEPlg.dll (Symantec Corporation)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
FireFox:
========
FF ProfilePath: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default
FF user.js: detected! => C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\user.js
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\askcom.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\BabylonMngr.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Search.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\Search_Results.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Pippo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Firefox Hotfix - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\firefox-hotfix@mozilla.org
FF Extension: firefox-hotfix - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\firefox-hotfix@mozilla.org.xpi
FF Extension: No Name - C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
FF HKLM\...\Firefox\Extensions: [{BBDA0591-3099-440a-AA10-41764D9DB4DB}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF Extension: Norton Vulnerability Protection - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\IPSFFPlgn\
FF HKLM\...\Firefox\Extensions: [{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}] C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\coFFPlgn\
Chrome:
=======
CHR Extension: () - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo\7.15.9.29524
CHR Extension: (YouTube) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1
CHR Extension: (Google Search) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1
CHR Extension: (Norton Identity Protection) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk\2012.5.6.10_0
CHR Extension: (Gmail) - C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1
CHR HKLM\...\Chrome\Extension: [mkfokfffehpeedafpekjeddnmnjhmcmk] - C:\Program Files\Norton Internet Security\Engine\20.4.0.40\Exts\Chrome.crx
CHR HKLM\...\Chrome\Extension: [pmlghpafmmnmmkjdhacccolfgnkiboco] - C:\Program Files\1ClickDownload\oneclickdownloader11.crx
========================== Services (Whitelisted) =================
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
R2 NIS; C:\Program Files\Norton Internet Security\Engine\20.4.0.40\diMaster.dll [556336 2013-05-29] (Symantec Corporation)
==================== Drivers (Whitelisted) ====================
R0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
R0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
R1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\BASHDefs\20130715.001\BHDrvx86.sys [1002072 2013-05-20] (Symantec Corporation)
R1 ccSet_NIS; C:\Windows\system32\drivers\NIS\1404000.028\ccSetx86.sys [134744 2013-04-15] (Symantec Corporation)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376920 2013-08-20] (Symantec Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [108120 2013-08-20] (Symantec Corporation)
R1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\IPSDefs\20130813.001\IDSvix86.sys [386720 2013-08-09] (Symantec Corporation)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.)
R3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVENG.SYS [93272 2013-08-17] (Symantec Corporation)
R3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_20.4.0.40\Definitions\VirusDefs\20130819.017\NAVEX15.SYS [1611992 2013-08-17] (Symantec Corporation)
R1 SRTSP; C:\Windows\System32\Drivers\NIS\1404000.028\SRTSP.SYS [603224 2013-05-15] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\NIS\1404000.028\SRTSPX.SYS [32344 2013-03-04] (Symantec Corporation)
R0 SymDS; C:\Windows\System32\drivers\NIS\1404000.028\SYMDS.SYS [367704 2013-05-20] (Symantec Corporation)
R0 SymEFA; C:\Windows\System32\drivers\NIS\1404000.028\SYMEFA.SYS [934488 2013-05-22] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [142496 2013-08-12] (Symantec Corporation)
R1 SymIM; C:\Windows\System32\DRIVERS\SymIMv.sys [36512 2013-03-04] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\NIS\1404000.028\Ironx86.SYS [175264 2013-03-04] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\NIS\1404000.028\SYMNETS.SYS [339544 2013-04-24] (Symantec Corporation)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UacCtl2; system32\DRIVERS\uacctl2.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\FRST
2013-08-17 12:28 - 2013-08-22 07:03 - 00003440 _____ C:\Windows\setupact.log
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 16:31 - 2013-08-14 16:32 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:26 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-14 07:20 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:20 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 07:20 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:20 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:20 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:20 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:20 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:19 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:59 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-13 07:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 14:54 - 2013-03-04 20:14 - 00036512 ____R (Symantec Corporation) C:\Windows\system32\Drivers\SymIMV.sys
2013-08-12 13:56 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-12 13:56 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-12 13:56 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-12 13:56 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-12 13:56 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-12 13:56 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-12 13:56 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-12 13:56 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-12 13:56 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-12 13:56 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-12 13:56 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-12 13:56 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-12 13:56 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-12 13:48 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-12 13:48 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-12 13:48 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
==================== One Month Modified Files and Folders =======
2013-08-22 07:05 - 2013-08-22 07:05 - 00109280 _____ C:\Users\Pippo\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-22 07:03 - 2013-08-17 12:28 - 00003440 _____ C:\Windows\setupact.log
2013-08-22 07:03 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-21 16:28 - 2012-11-01 17:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-21 16:27 - 2013-02-23 12:00 - 01136076 _____ C:\Windows\WindowsUpdate.log
2013-08-21 09:17 - 2009-10-15 12:20 - 01507106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-21 08:08 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-21 08:08 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\FRST
2013-08-18 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 09:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 09:01 - 2010-07-01 08:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 09:00 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-15 13:34 - 2009-10-15 11:06 - 00000000 ____D C:\Windows\Panther
2013-08-15 08:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 16:32 - 2013-08-14 16:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:31 - 2009-10-15 12:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:51 - 2009-10-30 08:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-13 03:51 - 2011-02-28 11:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 03:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 14:56 - 2009-10-15 13:14 - 00000000 ____D C:\ProgramData\Norton
2013-08-12 14:55 - 2011-01-13 17:45 - 00000000 ____D C:\Windows\system32\Drivers\NIS
2013-08-12 14:53 - 2011-01-13 17:45 - 00002431 _____ C:\Users\Public\Desktop\Norton Internet Security.lnk
2013-08-12 14:32 - 2011-01-13 17:45 - 00142496 _____ (Symantec Corporation) C:\Windows\system32\Drivers\SYMEVENT.SYS
2013-08-12 14:32 - 2011-01-13 17:45 - 00007611 _____ C:\Windows\system32\Drivers\SYMEVENT.CAT
2013-08-12 14:28 - 2012-05-22 16:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 14:28 - 2012-05-22 16:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 14:13 - 2012-09-05 16:49 - 00000000 ____D C:\ProgramData\Browser Manager
2013-08-12 13:57 - 2010-10-19 14:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-26 05:13 - 2013-08-14 16:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-14 16:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 16:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-14 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-14 07:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-12 17:52
==================== End Of Log ============================
--- --- --- --- --- --- Hast Du irgendwelche Tipps, was ich jetzt an Antivirensoftware etc. installieren soll? Soll ich das Malwarebytes installieren? |
|
22.08.2013, 06:50
| #22 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Offen ist das System ja erstmal, aber wir sind noch nicht fertig... es geht weiter. Ich analysiere jetzt das komplette neue Logfile und melde mich bei dir mit weiteren Schritten. Malwarebytes Antimalware kommt später keine sorge... und Antivirenlösungen auch. |
|
22.08.2013, 08:28
| #23 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Hi Terryly so gehts weiter: Schritt 1:
Schritt 2: Lade dir  TFC (TempFileCleaner von Oldtimer) herunter und speichere es auf den Desktop.
Schritt 3: Kontrollscan mit FRST Führe wie zuvor beschrieben einen Scan mit FRST aus. Es wird nur eine FRST.txt erzeugt. Poste mir diese. Bitte poste mir in deiner Antwort folgende Logfiles: AdwCleaner FRST |
|
22.08.2013, 12:57
| #24 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Hi bitte arbeite zusätzlich noch diesen Schritt ab: Scan mit SystemLook Lade SystemLook von jpshortstuff vom folgenden Spiegel herunter und speichere das Tool auf dem Desktop: SystemLook (32 bit)
|
|
22.08.2013, 13:33
| #25 |
| | GVÜ- Trojaner Windows 7 32 bit Schritt 1: Code:
ATTFilter # AdwCleaner v3.000 - Report created 22/08/2013 at 14:12:15
# Updated 20/08/2013 by Xplode
# Operating System : Windows 7 Ultimate Service Pack 1 (32 bits)
# Username : Pippo - PIPPO-PC
# Running from : C:\Users\Pippo\Desktop\adwcleaner.exe
# Option : Clean
***** [ Services ] *****
***** [ Files / Folders ] *****
Folder Deleted : C:\ProgramData\Ask
Folder Deleted : C:\ProgramData\Babylon
Folder Deleted : C:\ProgramData\boost_interprocess
[!] Folder Deleted : C:\ProgramData\Browser Manager
Folder Deleted : C:\ProgramData\InstallMate
Folder Deleted : C:\ProgramData\Premium
Folder Deleted : C:\ProgramData\Tarma Installer
Folder Deleted : C:\Program Files\1ClickDownload
Folder Deleted : C:\Program Files\BabylonToolbar
Folder Deleted : C:\Program Files\Conduit
Folder Deleted : C:\Program Files\SweetIM
Folder Deleted : C:\Users\Pippo\AppData\Local\Conduit
Folder Deleted : C:\Users\Pippo\AppData\Local\Ilivid Player
Folder Deleted : C:\Users\Pippo\AppData\LocalLow\BabylonToolbar
Folder Deleted : C:\Users\Pippo\AppData\LocalLow\Conduit
Folder Deleted : C:\Users\Pippo\AppData\LocalLow\PriceGong
Folder Deleted : C:\Users\Pippo\AppData\LocalLow\searchquband
Folder Deleted : C:\Users\Pippo\AppData\Roaming\Babylon
Folder Deleted : C:\Users\Pippo\AppData\Roaming\freeTVRadio
Folder Deleted : C:\Users\Pippo\AppData\Roaming\OfferBox
Folder Deleted : C:\Users\Pippo\AppData\Roaming\yourfiledownloader
Folder Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\jetpack
Folder Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\SweetPacksToolbarData
Folder Deleted : C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aaaaojmikegpiepcfdkkjaplodkpfmlo
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\Extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi
File Deleted : C:\END
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Askcom.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Babylon.xml
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\BabylonMngr.xml
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\search.xml
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\Search_Results.xml
File Deleted : C:\Program Files\Mozilla Firefox\searchplugins\Search_Results.xml
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\SweetIm.xml
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\bProtector_extensions.rdf
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\bprotector_extensions.sqlite
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\bprotector_prefs.js
File Deleted : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\user.js
File Deleted : C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\bProtector Web Data
File Deleted : C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\bprotectorpreferences
File Deleted : C:\Windows\System32\Tasks\YourFile Update
***** [ Shortcuts ] *****
***** [ Registry ] *****
Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Key Deleted : HKLM\SOFTWARE\Classes\b
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd
Key Deleted : HKLM\SOFTWARE\Classes\Babylon.dskBnd.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore
Key Deleted : HKLM\SOFTWARE\Classes\bbylnApp.appCore.1
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr
Key Deleted : HKLM\SOFTWARE\Classes\bbylntlbr.bbylntlbrHlpr.1
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane
Key Deleted : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc
Key Deleted : HKLM\SOFTWARE\Classes\esrv.BabylonESrvc.1
Key Deleted : HKLM\SOFTWARE\Classes\oneclick
Key Deleted : HKLM\SOFTWARE\Classes\oneclickmg
Key Deleted : HKLM\SOFTWARE\Classes\Prod.cap
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [bprotector start page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\Main [BrowserMngr Start Page]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [bProtectorDefaultScope]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [BrowserMngrDefaultScope]
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\bProtectSettings
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Key Deleted : HKLM\SOFTWARE\Classes\Applications\ilividsetupv1.exe
Key Deleted : HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\ApnUpdater
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\ConduitInstaller_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\datamngrUI_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\iLividSetupV1_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\offerbox_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SearchquMediaBar_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SetupDataMngr_Searchqu_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASAPI32
Key Deleted : HKLM\SOFTWARE\Microsoft\Tracing\SweetPacksUpdateManager_RASMANCS
Key Deleted : HKCU\Software\52578a88b76aec43
Key Deleted : HKLM\SOFTWARE\52578a88b76aec43
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{291BCCC1-6890-484A-89D3-318C928DAC1B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B8276A94-891D-453C-9FF3-715C042A2575}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FFB9ADCB-8C79-4C29-81D3-74D46A93D370}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{44C3C1DB-2127-433C-98EC-4C9412B5FC3A}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4D5132DD-BB2B-4249-B5E0-D145A8C982E1}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{706D4A4B-184A-4434-B331-296B07493D2D}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8BE10F21-185F-4CA0-B789-9921674C3993}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{94C0B25D-3359-4B10-B227-F96A77DB773F}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B0B75FBA-7288-4FD3-A9EB-7EE27FA65599}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B173667F-8395-4317-8DD6-45AD1FE00047}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{B32672B3-F656-46E0-B584-FE61C0BB6037}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2434722-5C85-4CA0-BA69-1B67E7AB3D68}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C2996524-2187-441F-A398-CD6CB6B3D020}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E047E227-5342-4D94-80F7-CFB154BF55BD}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F79BE9-24D4-4F4D-8C13-DF2C9899F82E}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E77EEF95-3E83-4BB8-9C0D-4A5163774997}
Key Deleted : HKLM\SOFTWARE\Classes\Interface\{FD8F79A0-D2E2-4FA2-AEAF-393EAC8064F7}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{6E8BF012-2C85-4834-B10A-1B31AF173D70}
Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{9D717F81-9148-4F12-8568-69135F087DB0}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D0F4A166-B8D4-48B8-9D63-80849FE137CB}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{8375D9C8-634F-4ECB-8CF5-C7416BA5D542}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{98889811-442D-49DD-99D7-DC866BE87DBC}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{99079A25-328F-4BD4-BE04-00955ACAA0A7}]
Value Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Value Deleted : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{EF99BD32-C1FB-11D2-892F-0090271D4F88}]
Key Deleted : HKCU\Software\1ClickDownload
Key Deleted : HKCU\Software\BabylonToolbar
Key Deleted : HKCU\Software\BrowserMngr
Key Deleted : HKCU\Software\DataMngr
[#] Key Deleted : HKCU\Software\DataMngr_Toolbar
Key Deleted : HKCU\Software\freeTVRadio
Key Deleted : HKCU\Software\InstallCore
Key Deleted : HKCU\Software\Offerbox
Key Deleted : HKCU\Software\YahooPartnerToolbar
Key Deleted : HKCU\Software\YourFileDownloader
Key Deleted : HKCU\Software\AppDataLow\HavingFunOnline
Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
Key Deleted : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
Key Deleted : HKCU\Software\AppDataLow\Software\PriceGong
Key Deleted : HKCU\Software\AppDataLow\Software\searchqutoolbar
Key Deleted : HKCU\Software\AppDataLow\Software\SmartBar
Key Deleted : HKLM\Software\Babylon
Key Deleted : HKLM\Software\BabylonToolbar
Key Deleted : HKLM\Software\BrowserMngr
Key Deleted : HKLM\Software\Conduit
Key Deleted : HKLM\Software\DataMngr
Key Deleted : HKLM\Software\Tarma Installer
Key Deleted : HKLM\Software\YourFileDownloader
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Data Deleted : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows [AppInit_DLLs] - c:\progra~2\browse~1\261519~1.190\{16cdf~1\browse~1.dll
***** [ Browsers ] *****
-\\ Internet Explorer v10.0.9200.16660
Setting Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls [Tabs]
-\\ Mozilla Firefox v12.0 (de)
[ File : C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\prefs.js ]
Line Deleted : user_pref("avg.install.userHPSettings", "hxxp://search.babylon.com/?affID=112570&tt=270912_11_3912_8&babsrc=HP_ss&mntrId=9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("avg.install.userSPSettings", "Search the web (Babylon)");
Line Deleted : user_pref("browser.BabylonToolbar_i.newTab", "");
Line Deleted : user_pref("browser.BabylonToolbar_i.newTabUrl", "");
Line Deleted : user_pref("browser.babylon.HPOnNewTab", "");
Line Deleted : user_pref("browser.search.defaultengine", "Ask.com");
Line Deleted : user_pref("browser.search.defaulturl", "hxxp://www3.iamwired.net/websearch.php?src=tops&search=");
Line Deleted : user_pref("extensions.BabylonToolbar.admin", false);
Line Deleted : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar.appId", "{BDB69379-802F-4eaf-B541-F8DE92DD98DB}");
Line Deleted : user_pref("extensions.BabylonToolbar.autoRvrt", "false");
Line Deleted : user_pref("extensions.BabylonToolbar.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar.babTrack", "affID=112570&tt=270912_11_3912_8");
Line Deleted : user_pref("extensions.BabylonToolbar.bbDpng", 8);
Line Deleted : user_pref("extensions.BabylonToolbar.cntry", "DE");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Line Deleted : user_pref("extensions.BabylonToolbar.dfltSrch", true);
Line Deleted : user_pref("extensions.BabylonToolbar.dpk", "");
Line Deleted : user_pref("extensions.BabylonToolbar.dpkLst", "");
Line Deleted : user_pref("extensions.BabylonToolbar.excTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.hdrMd5", "2BBC58270EF00DD3C7117DBFB053A60D");
Line Deleted : user_pref("extensions.BabylonToolbar.hmpg", false);
Line Deleted : user_pref("extensions.BabylonToolbar.id", "9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("extensions.BabylonToolbar.instlDay", "15611");
Line Deleted : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar.keyWordUrl", "hxxp://search.babylon.com/?affID=111253&babsrc=KW_ss&mntrId=9ada3f02000000000000001ec28fc323&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.lastDP", 8);
Line Deleted : user_pref("extensions.BabylonToolbar.lastVrsnTs", "1.8.0.715:16:36");
Line Deleted : user_pref("extensions.BabylonToolbar.mntrFFxVrsn", "3.6");
Line Deleted : user_pref("extensions.BabylonToolbar.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar.newTabUrl", "hxxp://search.babylon.com/?affID=112570&tt=270912_11_3912_8&babsrc=HP_ss&mntrId=9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("extensions.BabylonToolbar.noFFXTlbr", false);
Line Deleted : user_pref("extensions.BabylonToolbar.pnu_base", "{\"newVrsn\":\"66\",\"lastVrsn\":\"66\",\"vrsnLoad\":\"\",\"showMsg\":\"false\",\"showSilent\":\"true\",\"msgTs\":0,\"lstMsgTs\":\"0\"}");
Line Deleted : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar.propectorlck", 75044221);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkDS", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtkHmpg", 0);
Line Deleted : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar.ptch_0717", true);
Line Deleted : user_pref("extensions.BabylonToolbar.sg", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.smplGrp", "azb");
Line Deleted : user_pref("extensions.BabylonToolbar.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Line Deleted : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://search.babylon.com/?babsrc=TB_def&mntrId=9ada3f02000000000000001ec28fc323&q=");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsn", "1.8.0.7");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsnTs", "1.8.0.715:16:36");
Line Deleted : user_pref("extensions.BabylonToolbar.vrsni", "1.8.0.7");
Line Deleted : user_pref("extensions.BabylonToolbar_i.aflt", "babsst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babExt", "");
Line Deleted : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=112570&tt=270912_11_3912_8");
Line Deleted : user_pref("extensions.BabylonToolbar_i.hardId", "9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("extensions.BabylonToolbar_i.id", "9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlDay", "15524");
Line Deleted : user_pref("extensions.BabylonToolbar_i.instlRef", "sst");
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTab", false);
Line Deleted : user_pref("extensions.BabylonToolbar_i.newTabUrl", "hxxp://search.babylon.com/?affID=112555&tt=3412_1&babsrc=NT_ss&mntrId=9ada3f02000000000000001ec28fc323");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prdct", "BabylonToolbar");
Line Deleted : user_pref("extensions.BabylonToolbar_i.prtnrId", "babylon");
Line Deleted : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Line Deleted : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Line Deleted : user_pref("extensions.BabylonToolbar_i.tlbrId", "tb9");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsn", "1.5.3.17");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.8.0.715:16:36");
Line Deleted : user_pref("extensions.BabylonToolbar_i.vrsni", "1.5.3.17");
Line Deleted : user_pref("sweetim.toolbar.Visibility.VisibilityGuardLastUnHide", "0");
Line Deleted : user_pref("sweetim.toolbar.Visibility.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.Visibility.intervaldays", "7");
Line Deleted : user_pref("sweetim.toolbar.cda.DisableOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.HideOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.cda.RemoveOveride.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.handler", "chrome://sim_toolbar_package/content/optionsdialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.height", "335");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.id", "id_options_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.title", "$string.config.label;");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.url", "hxxp://www.sweetim.com/simffbar/options_remote_ff_1_6.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.0.width", "761");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.handler", "chrome://sim_toolbar_package/content/exampledialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.height", "300");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.id", "id_example_dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.title", "Example (unit-test) dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.url", "chrome://sim_toolbar_package/content/exampledialog.html");
Line Deleted : user_pref("sweetim.toolbar.dialogs.1.width", "500");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.enable", "true");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.handler", "chrome://sim_toolbar_package/content/cdadialog-handler.js");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.height", "150");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.id", "id_dialog_hide_disable_remove");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.title", "Option Dialog");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.url", "hxxp://www.sweetim.com/simffbar/simcdadialog.asp");
Line Deleted : user_pref("sweetim.toolbar.dialogs.2.width", "530");
Line Deleted : user_pref("sweetim.toolbar.dnscatch.domain-blacklist", ".*.sweetim.com/.*|.*.facebook.com/.*|.*.google.com/.*|.*.google.co.in/.*|.*.google.com.br/.*|.*.google.es/.*|.*.youtube.com/.*|.*.yahoo.com/.*|.[...]
Line Deleted : user_pref("sweetim.toolbar.highlight.colors", "#FFFF00,#00FFE4,#5AFF00,#0087FF,#FFCC00,#FF00F0");
Line Deleted : user_pref("sweetim.toolbar.logger.ConsoleHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.FileName", "ff-toolbar.log");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MaxFileSize", "200000");
Line Deleted : user_pref("sweetim.toolbar.logger.FileHandler.MinReportLevel", "7");
Line Deleted : user_pref("sweetim.toolbar.mode.debug", "false");
Line Deleted : user_pref("sweetim.toolbar.previous.keyword.URL", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.domain-whitelist", "hxxp://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.id", "id_script_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.0.url", "hxxp://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.addcontextdiv", "true");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.callback", "simVerification");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-blacklist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.domain-whitelist", "hxxps://(www.|apps.)?facebook\\.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.elementid", "id_script_sim_fb");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.id", "id_script_fb_hxxpS");
Line Deleted : user_pref("sweetim.toolbar.scripts.1.url", "hxxps://sc.sweetim.com/apps/in/fb/infb.js");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.addcontextdiv", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.callback", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-blacklist", ".*.google..*|.*.bing..*|.*.live..*|.*.msn..*|.*.yahoo..*|.*.youtube.com.*|.*ask.com.*|.*.sweetim.com.*");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.domain-whitelist", "");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.elementid", "id_predict_include_script");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.id", "id_script_prad");
Line Deleted : user_pref("sweetim.toolbar.scripts.2.url", "hxxp://cdn1.certified-apps.com/scripts/shared/enable.js?si=3104&tid=chff1");
Line Deleted : user_pref("sweetim.toolbar.search.external", "<?xml version=\"1.0\"?><TOOLBAR><EXTERNAL_SEARCH engine=\"hxxp://*google.*\" param=\"q=\" /><EXTERNAL_SEARCH engine=\"hxxp://search.yahoo.com/*\" param=\"[...]
Line Deleted : user_pref("sweetim.toolbar.search.history.capacity", "10");
Line Deleted : user_pref("sweetim.toolbar.searchguard.enable", "false");
Line Deleted : user_pref("sweetim.toolbar.searchguard.initialized_by_rc", "true");
Line Deleted : user_pref("sweetim.toolbar.simapp_id", "{BE3DE99E-F769-11E1-A5BA-001EC28FC323}");
Line Deleted : user_pref("sweetim.toolbar.version", "1.6.0.3");
-\\ Google Chrome v
[ File : C:\Users\Pippo\AppData\Local\Google\Chrome\User Data\Default\preferences ]
Deleted : homepage
Deleted : urls_to_restore_on_startup
*************************
AdwCleaner[R0].txt - [26072 octets] - [22/08/2013 14:09:43]
AdwCleaner[R1].txt - [26133 octets] - [22/08/2013 14:11:52]
AdwCleaner[S0].txt - [26202 octets] - [22/08/2013 14:12:15]
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [26263 octets] ##########
Schritt 3: FRST Logfile: FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 20-08-2013 03
Ran by Pippo (administrator) on 22-08-2013 14:23:42
Running from D:\
Microsoft Windows 7 Ultimate Service Pack 1 (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Normal
==================== Processes (Whitelisted) ===================
(Microsoft Corporation) C:\Windows\system32\WLANExt.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
() C:\Windows\system32\AppleOSSMgr.exe
(Apple Inc.) C:\Windows\system32\AppleTimeSrv.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Nuance Communications, Inc.) C:\Program Files\Common Files\Nuance\dgnsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdc.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Microsoft Corporation) C:\Windows\System32\mobsync.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [7739936 2010-01-15] (Realtek Semiconductor)
HKLM\...\Run: [Apple_KbdMgr] - C:\Program Files\Boot Camp\Bootcamp.exe [526208 2011-08-15] (Apple Inc.)
HKLM\...\Run: [NvCplDaemon] - C:\Windows\system32\NvCpl.dll [13826664 2010-01-05] (NVIDIA Corporation)
HKLM\...\Run: [AppleSyncNotifier] - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe [59240 2011-10-06] (Apple Inc.)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM\...\Run: [Windows Mobile Device Center] - C:\Windows\WindowsMobile\wmdc.exe [648072 2007-05-31] (Microsoft Corporation)
HKLM\...\Run: [APSDaemon] - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-04-21] (Apple Inc.)
HKLM\...\Run: [VirtualCloneDrive] - C:\Program Files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
HKLM\...\Run: [BrMfcWnd] - C:\Program Files\Brother\Brmfcmon\BrMfcWnd.exe [630784 2012-09-13] (Brother Industries, Ltd.)
HKLM\...\Run: [QuickTime Task] - C:\Program Files\QuickTime\QTTask.exe [421888 2013-05-01] (Apple Inc.)
HKLM\...\Run: [iTunesHelper] - C:\Program Files\iTunes\iTunesHelper.exe [152392 2013-05-31] (Apple Inc.)
HKLM\...\Winlogon: [Userinit] C:\Windows\system32\userinit.exe
HKCU\...\Run: [ISUSPM] - C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [222496 2011-06-04] (Acresso Corporation)
HKCU\...\Runonce: [Shockwave Updater] - C:\Windows\system32\Adobe\Shockwave 11\SwHelper_1151601.exe -Update -1151601 -"Mozilla/5.0_(Windows;_U;_Windows_NT_6.1;_de;_rv:1.9.2.6)_Gecko/20100625_Firefox/3.6.6" -"hxxp://cc.porsche.com/icc_euro/ui/pva/application/bpModules/interior_3D.jsp?pluginsInstalled=true&RT=1280141163462" [x]
MountPoints2: {d962e389-26e5-11e1-ad92-001ec28fc323} - F:\setup.exe
Startup: C:\Users\Pippo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk
ShortcutTarget: OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk -> C:\Program Files\Microsoft Office\Office14\ONENOTEM.EXE (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = https://www.terminland.de/heinicke/intern/default.aspx?m=1422&sg=0&sw=0
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
URLSearchHook: (No Name) - {462be121-2b54-4218-bf00-b9bf8135b23f} - No File
SearchScopes: HKLM - DefaultScope value is missing.
SearchScopes: HKCU - DefaultScope {1687F676-F971-410D-9227-8017E2C1BC03} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKCU - {1687F676-F971-410D-9227-8017E2C1BC03} URL = hxxp://www.bing.com/search?FORM=BDKTDF&PC=BDT3&q={searchTerms}&src=IE-SearchBox
BHO: Adobe PDF Link Helper - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
Toolbar: HKCU -No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKCU -No Name - {462BE121-2B54-4218-BF00-B9BF8135B23F} - No File
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
DPF: {4871A87A-BFDD-4106-8153-FFDE2BAC2967} hxxp://dlm.tools.akamai.com/dlmanager/versions/activex/dlm-activex-2.2.5.7.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Winsock: Catalog5 10 C:\Program Files\Bonjour\mdnsNSP.dll [121704] (Apple Inc.)
Hosts: Hosts file not detected in the default directory
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default
FF NewTab: user_pref("browser.newtab.url", "");
FF SelectedSearchEngine: Google
FF Homepage: about:home
FF Keyword.URL: hxxp://www.google.com/search?ie=UTF-8&oe=utf-8&q=
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF Plugin: @adobe.com/ShockwavePlayer - C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin: @Apple.com/iTunes,version=1.0 - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin: @java.com/DTPlugin,version=10.9.2 - C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.9.2 - C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin: Adobe Reader - C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Pippo\AppData\Roaming\Mozilla\Firefox\Profiles\mwfxljih.default\searchplugins\bingp.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
FF SearchPlugin: C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: No Name - C:\Users\Pippo\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
FF Extension: Default - C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
FF Extension: Java Console - C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
========================== Services (Whitelisted) =================
R2 AppleOSSMgr; C:\Windows\system32\AppleOSSMgr.exe [194432 2011-08-15] ()
R2 AppleTimeSrv; C:\Windows\system32\AppleTimeSrv.exe [99640 2010-01-16] (Apple Inc.)
R2 DragonSvc; C:\Program Files\Common Files\Nuance\dgnsvc.exe [296808 2011-06-04] (Nuance Communications, Inc.)
==================== Drivers (Whitelisted) ====================
R0 AppleHFS; C:\Windows\System32\Drivers\AppleHFS.sys [58200 2011-08-15] (Apple Inc.)
R0 AppleMNT; C:\Windows\System32\Drivers\AppleMNT.sys [15320 2011-08-15] (Apple Inc.)
R3 applemtm; C:\Windows\System32\DRIVERS\applemtm.sys [10880 2011-01-31] (Apple Inc.)
R3 applemtp; C:\Windows\System32\DRIVERS\applemtp.sys [29824 2011-01-31] (Apple Inc.)
R0 CLFS; C:\Windows\System32\CLFS.sys [249408 2009-07-14] (Microsoft Corporation)
R1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [31088 2010-12-17] (Elaborate Bytes AG)
R3 IRRemoteFlt; C:\Windows\System32\DRIVERS\IRFilter.sys [16512 2009-07-22] (Apple Inc.)
R2 KeyAgent; C:\Windows\system32\drivers\KeyAgent.sys [15064 2011-08-15] (Apple Inc.)
R3 KeyMagic; C:\Windows\System32\DRIVERS\KeyMagic.sys [26624 2011-06-02] (Apple Inc.)
R2 MacHALDriver; C:\Windows\system32\drivers\MacHALDriver.sys [12928 2010-11-11] (Apple Inc.)
R3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-09-28] ()
S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]
S3 tsusbhub; system32\drivers\tsusbhub.sys [x]
S3 UacCtl2; system32\DRIVERS\uacctl2.sys [x]
S3 VGPU; System32\drivers\rdvgkmd.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-22 14:09 - 2013-08-22 14:12 - 00000000 ____D C:\AdwCleaner
2013-08-22 14:09 - 2013-08-22 14:09 - 00975858 _____ C:\Users\Pippo\Desktop\adwcleaner.exe
2013-08-22 14:05 - 2013-08-22 14:05 - 00641892 _____ C:\Windows\PFRO.log
2013-08-22 07:39 - 2013-08-22 07:39 - 00000017 _____ C:\Users\Pippo\AppData\Local\resmon.resmoncfg
2013-08-22 07:05 - 2013-08-22 07:05 - 00109280 _____ C:\Users\Pippo\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\FRST
2013-08-17 12:28 - 2013-08-22 14:13 - 00003608 _____ C:\Windows\setupact.log
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-14 16:31 - 2013-08-14 16:32 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:27 - 2013-07-26 05:13 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-08-14 16:27 - 2013-07-26 05:13 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-08-14 16:27 - 2013-07-26 05:12 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-08-14 16:27 - 2013-07-26 05:12 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-08-14 16:27 - 2013-07-26 05:11 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-08-14 16:27 - 2013-07-26 04:49 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-08-14 16:27 - 2013-07-26 03:59 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-08-14 16:26 - 2013-07-26 05:12 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:51 - 2013-08-14 13:52 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-14 07:20 - 2013-07-25 10:57 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2013-08-14 07:20 - 2013-07-09 07:03 - 03968960 _____ (Microsoft Corporation) C:\Windows\system32\ntkrnlpa.exe
2013-08-14 07:20 - 2013-07-09 07:03 - 03913664 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2013-08-14 07:20 - 2013-07-09 06:53 - 01289096 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2013-08-14 07:20 - 2013-07-09 06:52 - 00175104 _____ (Microsoft Corporation) C:\Windows\system32\wintrust.dll
2013-08-14 07:20 - 2013-07-09 06:50 - 00652800 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 01166848 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\cryptsvc.dll
2013-08-14 07:20 - 2013-07-09 06:46 - 00103936 _____ (Microsoft Corporation) C:\Windows\system32\cryptnet.dll
2013-08-14 07:20 - 2013-07-06 07:05 - 01293760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2013-08-14 07:19 - 2013-07-19 03:41 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2013-08-14 07:19 - 2013-06-15 05:38 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tssecsrv.sys
2013-08-13 10:59 - 2013-04-17 09:02 - 01230336 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
2013-08-13 07:08 - 2013-04-10 01:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\system32\DWrite.dll
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 13:56 - 2013-06-05 05:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2013-08-12 13:56 - 2013-06-04 06:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2013-08-12 13:56 - 2013-05-13 05:08 - 00903168 _____ (Microsoft Corporation) C:\Windows\system32\certutil.exe
2013-08-12 13:56 - 2013-05-13 05:08 - 00043008 _____ (Microsoft Corporation) C:\Windows\system32\certenc.dll
2013-08-12 13:56 - 2013-05-10 05:20 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\cryptdlg.dll
2013-08-12 13:56 - 2013-04-26 06:55 - 00492544 _____ (Microsoft Corporation) C:\Windows\system32\win32spl.dll
2013-08-12 13:56 - 2013-04-26 01:30 - 01505280 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2013-08-12 13:56 - 2013-04-12 15:45 - 01211752 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00728424 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2013-08-12 13:56 - 2013-04-10 07:18 - 00218984 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2013-08-12 13:56 - 2013-03-19 06:53 - 00186368 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2013-08-12 13:56 - 2013-03-19 06:48 - 00038912 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2013-08-12 13:56 - 2013-03-19 05:33 - 00040960 _____ (Microsoft Corporation) C:\Windows\system32\wwanprotdim.dll
2013-08-12 13:56 - 2013-03-19 04:49 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2013-08-12 13:56 - 2013-01-24 06:47 - 00196328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fvevol.sys
2013-08-12 13:48 - 2013-02-27 07:05 - 00101720 _____ (Microsoft Corporation) C:\Windows\system32\consent.exe
2013-08-12 13:48 - 2013-02-27 06:55 - 12872704 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2013-08-12 13:48 - 2013-02-27 06:55 - 00180224 _____ (Microsoft Corporation) C:\Windows\system32\shdocvw.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 01796096 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-08-12 13:48 - 2013-02-27 06:49 - 00047104 _____ (Microsoft Corporation) C:\Windows\system32\appinfo.dll
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023x.sys
2013-08-12 13:44 - 2013-02-12 05:32 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
==================== One Month Modified Files and Folders =======
2013-08-22 14:22 - 2009-10-15 12:20 - 01507106 _____ C:\Windows\system32\PerfStringBackup.INI
2013-08-22 14:21 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-22 14:21 - 2009-07-14 06:34 - 00015344 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-22 14:18 - 2013-08-22 14:18 - 00448512 _____ (OldTimer Tools) C:\Users\Pippo\Desktop\TFC.exe
2013-08-22 14:17 - 2013-02-23 12:00 - 01183032 _____ C:\Windows\WindowsUpdate.log
2013-08-22 14:13 - 2013-08-17 12:28 - 00003608 _____ C:\Windows\setupact.log
2013-08-22 14:13 - 2009-07-14 06:53 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-08-22 14:12 - 2013-08-22 14:09 - 00000000 ____D C:\AdwCleaner
2013-08-22 14:09 - 2013-08-22 14:09 - 00975858 _____ C:\Users\Pippo\Desktop\adwcleaner.exe
2013-08-22 14:05 - 2013-08-22 14:05 - 00641892 _____ C:\Windows\PFRO.log
2013-08-22 14:05 - 2009-10-15 13:14 - 00000000 ____D C:\ProgramData\Norton
2013-08-22 08:28 - 2012-11-01 17:39 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-08-22 07:39 - 2013-08-22 07:39 - 00000017 _____ C:\Users\Pippo\AppData\Local\resmon.resmoncfg
2013-08-22 07:05 - 2013-08-22 07:05 - 00109280 _____ C:\Users\Pippo\AppData\Local\GDIPFONTCACHEV1.DAT
2013-08-20 09:48 - 2013-08-20 09:48 - 00000000 ____D C:\FRST
2013-08-18 13:34 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\LogFiles
2013-08-17 12:28 - 2013-08-17 12:28 - 00408960 _____ C:\Windows\system32\FNTCACHE.DAT
2013-08-17 12:28 - 2013-08-17 12:28 - 00000000 _____ C:\Windows\setuperr.log
2013-08-17 09:14 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-08-17 09:01 - 2010-07-01 08:03 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-08-17 09:00 - 2009-07-14 04:04 - 00000478 _____ C:\Windows\win.ini
2013-08-15 13:34 - 2009-10-15 11:06 - 00000000 ____D C:\Windows\Panther
2013-08-15 08:25 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\rescache
2013-08-15 07:22 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\de-DE
2013-08-14 16:32 - 2013-08-14 16:31 - 00000000 ____D C:\Windows\system32\MRT
2013-08-14 16:31 - 2009-10-15 12:37 - 75778376 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-08-14 13:53 - 2013-08-14 13:53 - 00001761 _____ C:\Users\Public\Desktop\iTunes.lnk
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
2013-08-14 13:52 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iTunes
2013-08-14 13:51 - 2013-08-14 13:51 - 00000000 ____D C:\Program Files\iPod
2013-08-14 13:51 - 2009-10-30 08:50 - 00000000 ____D C:\Program Files\Common Files\Apple
2013-08-14 13:43 - 2013-08-14 13:43 - 00001823 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2013-08-14 13:43 - 2013-08-14 13:43 - 00000000 ____D C:\Program Files\QuickTime
2013-08-13 03:51 - 2011-02-28 11:56 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-08-13 03:49 - 2013-08-13 03:49 - 00000000 __SHD C:\found.000
2013-08-13 03:45 - 2009-07-14 10:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-08-13 03:45 - 2009-07-14 06:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-TW
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-HK
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\zh-CN
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\tr-TR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\sv-SE
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ru-RU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-PT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pt-BR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\pl-PL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nl-NL
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\nb-NO
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ko-KR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\ja-JP
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\it-IT
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\hu-HU
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fr-FR
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\fi-FI
2013-08-13 03:45 - 2009-07-14 04:37 - 00000000 ____D C:\Windows\system32\el-GR
2013-08-13 03:04 - 2013-08-13 03:04 - 01441280 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-08-13 03:04 - 2013-08-13 03:04 - 01400416 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-08-13 03:04 - 2013-08-13 03:04 - 00745472 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00719360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00629248 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00523264 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00361984 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-08-13 03:04 - 2013-08-13 03:04 - 00357888 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00242200 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00232960 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00226816 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00158720 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00150528 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00138752 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00125440 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00117248 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00110592 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00082432 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00069120 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00061952 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-08-13 03:04 - 2013-08-13 03:04 - 00057344 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00038400 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00023040 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-08-13 03:04 - 2013-08-13 03:04 - 00012800 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-08-13 03:04 - 2013-08-13 03:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-08-13 03:03 - 2013-08-13 03:03 - 03419136 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 02284544 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01988096 _____ (Microsoft Corporation) C:\Windows\system32\d3d10warp.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01158144 _____ (Microsoft Corporation) C:\Windows\system32\XpsPrint.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 01080832 _____ (Microsoft Corporation) C:\Windows\system32\d3d10.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00906240 _____ (Microsoft Corporation) C:\Windows\system32\FntCache.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00604160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\WMPhoto.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00364544 _____ (Microsoft Corporation) C:\Windows\system32\XpsGdiConverter.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00293376 _____ (Microsoft Corporation) C:\Windows\system32\dxgi.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00249856 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00220160 _____ (Microsoft Corporation) C:\Windows\system32\d3d10core.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00207872 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecsExt.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\UIAnimation.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00161792 _____ (Microsoft Corporation) C:\Windows\system32\d3d10_1.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00010752 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00009728 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shlwapi-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00005632 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-ole32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-user32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-advapi32-l2-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-version-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-shell32-l1-1-0.dll
2013-08-13 03:03 - 2013-08-13 03:03 - 00002560 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-downlevel-normaliz-l1-1-0.dll
2013-08-12 15:25 - 2013-08-12 15:25 - 04429440 _____ (Piriform Ltd) C:\Users\Pippo\Downloads\ccsetup404.exe
2013-08-12 14:28 - 2012-05-22 16:17 - 00692104 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerApp.exe
2013-08-12 14:28 - 2012-05-22 16:17 - 00071048 _____ (Adobe Systems Incorporated) C:\Windows\system32\FlashPlayerCPLApp.cpl
2013-08-12 13:57 - 2010-10-19 14:03 - 00000000 ____D C:\Users\Public\Downloads\Norton
2013-07-26 05:13 - 2013-08-14 16:27 - 01767936 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 01141248 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-07-26 05:13 - 2013-08-14 16:27 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-07-26 05:12 - 2013-08-14 16:27 - 02877440 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 02048512 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00493056 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00391168 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00061440 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-07-26 05:12 - 2013-08-14 16:27 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-07-26 05:12 - 2013-08-14 16:26 - 14329344 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 13761024 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-07-26 05:11 - 2013-08-14 16:27 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-07-26 04:49 - 2013-08-14 16:27 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-07-26 03:59 - 2013-08-14 16:27 - 00071680 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-07-25 10:57 - 2013-08-14 07:20 - 01620992 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-08-22 08:44
==================== End Of Log ============================
--- --- --- --- --- --- Schritt 4: Code:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 14:31 on 22/08/2013 by Pippo
Administrator - Elevation successful
========== reg ==========
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers]
(No values found)
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\BriefcaseMenu]
@="{85BBD920-42A0-1069-A2E4-08002B30309D}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\DefragglerShellExtension]
@="{4380C993-0C43-4E02-9A7A-0D40B6EA7590}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Open With]
@="{09799AFB-AD67-11d1-ABCD-00C04FC30936}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Open With EncryptionMenu]
@="{A470F8CF-A1E8-4f65-8335-227475AA5C46}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\PhotoStreamsExt]
@="{89D984B3-813B-406A-8298-118AFA3A22AE}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\Sharing]
@="{f81e9010-6ea4-11ce-a7ff-00aa003ca9f6}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\VirtualCloneDrive]
@="{B7056B8E-4F99-44f8-8CBD-282390FE5428}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\XXX Groove GFS Context Menu Handler XXX]
@="{6C467336-8281-4E60-8204-430CED96822D}"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{90AA3A4E-1CBA-4233-B8BB-535773D48449}]
@="Taskband Pin"
[HKEY_LOCAL_MACHINE\Software\Classes\*\shellex\ContextMenuHandlers\{a2a9545d-a0c2-42b4-9708-a0b2badd77c8}]
@="Start Menu Pin"
[HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers]
(No values found)
[HKEY_CURRENT_USER\Software\Classes\*\shellex\ContextMenuHandlers\{07007868-6407-6630-8379-599317828579}]
(No values found)
========== regfind ==========
Searching for "hujodpntdskxyscvc"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{07007868-6407-6630-8379-599317828579}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000\Software\Classes\CLSID\{07007868-6407-6630-8379-599317828579}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000\Software\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000_Classes\CLSID\{07007868-6407-6630-8379-599317828579}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}\InProcServer32]
@="C:\Users\Pippo\AppData\Local\Temp\hujodpntdskxyscvc.dll"
-= EOF =-
|
|
22.08.2013, 13:47
| #26 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Hi da sind noch Reste vorhanden... bitte arbeite zusätzlich noch diesen Schritt ab: Scan mit SystemLook
|
|
22.08.2013, 14:00
| #27 |
| | GVÜ- Trojaner Windows 7 32 bitCode:
ATTFilter SystemLook 30.07.11 by jpshortstuff
Log created at 14:58 on 22/08/2013 by Pippo
Administrator - Elevation successful
========== regfind ==========
Searching for "D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D"
[HKEY_CURRENT_USER\Software\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EhStorShell.IconOverlayHandler\CLSID]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\EhStorShell.IconOverlayHandler.1\CLSID]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\EnhancedStorageShell]
@="{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}"
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000\Software\Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
[HKEY_USERS\S-1-5-21-2349668028-3664965015-369763663-1000_Classes\CLSID\{D9144DCD-E998-4ECA-AB6A-DCD83CCBA16D}]
-= EOF =-
|
|
22.08.2013, 14:01
| #28 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Thx , ich werte das Ding jetzt aus und meld mich dann wieder mit nem Fix.. dauert etwas , lohnt nicht zu warten. |
|
22.08.2013, 14:06
| #29 |
| | GVÜ- Trojaner Windows 7 32 bit danke |
|
23.08.2013, 07:28
| #30 |
| /// Malwareteam | GVÜ- Trojaner Windows 7 32 bit Hi Schritt 1 Downloade Dir bitte  Malwarebytes Anti-Malware
Schritt 2 ESET Online Scanner
|
|
| Themen zu GVÜ- Trojaner Windows 7 32 bit |
| 32 bit, adobe, association, browser, ccsetup, crypt, desktop, explorer, explorer.exe, farbar, farbar recovery scan tool, logfiles, microsoft, norton internet security, nvidia, realtek, registry, scan, security, services.exe, svchost.exe, symantec, system, system32, temp, trojaner, windows, windows 7 32 bit, windows xp, winlogon, winlogon.exe |
Gruß Aneri 
Linear-Darstellung
