| |
| |||||||
Log-Analyse und Auswertung: USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöschtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.10.2013, 10:03
| #1 |
| |  USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht Hallo Forum, so wie auch einige andere habe ich mir im Internetcafe einen Virus eingefangen, der die Dateien auf meinem USB-Stick in Verknüpfungen verwandelt bzw. sieht es so aus, als ob die "echte" Datei auf dem USB-Stick selbst versteckt wird (siehe Log, zu "1"). Folgende Schritte sind gelaufen (Log anbei): 1) Verdeckte Dateien anzeigen (die VBS-Datei kommt nach Löschen immer wieder) 2) Malware-Scan 3) Farbare-Scan 4) OTL-Scan 5) Trend-Mircro (meine Standardsoftware) 5) USB-Vaccination (Panda) Was kann ich tun, um das Problem zu beheben? Würde gerne vermeiden, mein System neu aufzusetzen. Herzlichen Dank für eure Hilfe, Jakki (2) Log Malware Scan Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.10.17.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [Administrator] Schutz: Aktiviert 17.10.2013 17:45:46 mbam-log-2013-10-17 (17-45-46).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|G:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 387753 Laufzeit: 3 Stunde(n), 18 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 14 HKCR\CLSID\{75A4D144-506D-4BE5-81DB-EC7DA1E7F840} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{960DF771-CFCB-4E53-A5B5-6EF2BBE6E706} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\esrv.funmoodsESrvc.1 (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DEALPLY (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\Software\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\DealPly (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Google\Chrome\Extensions\bbjciahceamgodcoidkjpchnokgfpphh (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{C87FC351-A80D-43E9-9A86-CF1E29DC443A} (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\DealPly|Partner (PUP.Optional.DealPly.A) -> Daten: inff -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\DealPly|ChromeCrxPath (PUP.Optional.DealPly.A) -> Daten: C:\Program Files\DealPly\DealPly.crx -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 6 C:\Program Files\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\DealPly (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 19 C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\Uninstall DealPly.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPly.crx (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPly.xpi (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPlyIE.dll (PUP.DealPly) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPlyTune.dll (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPlyUpdate.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPlyUpdate.log (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\DealPlyUpdateRun.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\icon.ico (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files\DealPly\uninst.exe (PUP.Optional.Dealply) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\UpdateTask.exe (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly Help.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly\DealPly.lnk (PUP.OPtional.Dealply.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_bbjciahceamgodcoidkjpchnokgfpphh_0.localstorage (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Local\funmoods.crx (PUP.Funmoods) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\DealPly\UpdateProc\src.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\DealPly\UpdateProc\TTL.DAT (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\User\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\config\systemprofile\AppData\Roaming\DealPly\UpdateProc\config.dat (PUP.Optional.DealPly.A) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Malwarebytes Anti-Malware (Test) 1.75.0.1300 Malwarebytes : Free Anti-Malware download Datenbank Version: v2013.10.17.03 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 User :: USER-PC [Administrator] Schutz: Aktiviert 17.10.2013 21:28:26 mbam-log-2013-10-17 (21-28-26).txt Art des Suchlaufs: Vollständiger Suchlauf (J:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 192467 Laufzeit: 10 Minute(n), 13 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Log 3: Farbare Scan dditional scan result of Farbar Recovery Scan Tool (x86) Version: 19-10-2013 Ran by User at 2013-10-21 13:25:31 Running from C:\Users\User\Downloads Boot Mode: Normal ========================================================== ==================== Security Center ======================== AV: Trend Micro Titanium Maximum Security (Enabled - Up to date) {B7599298-8445-728A-A5C7-A26A082C8BDA} AS: Trend Micro Titanium Maximum Security (Enabled - Up to date) {0C38737C-A27F-7D04-9F77-991873ABC167} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== 3531-W-D (Version: 1.5.18) 7-Zip 9.20 Activation Assistant for the 2007 Microsoft Office suites Activation Assistant for the 2007 Microsoft Office suites (Version: 1.0) Adobe Flash Player 11 ActiveX (Version: 11.9.900.117) Adobe Flash Player 11 Plugin (Version: 11.9.900.117) Adobe Reader X (10.1.8) - Deutsch (Version: 10.1.8) Adobe Shockwave Player 11.6 (Version: 11.6.5.635) Agere Systems HDA Modem airtel (Version: 23.009.05.04.284) Amazon MP3-Downloader 1.0.9 Apple Application Support (Version: 2.3) Apple Software Update (Version: 2.1.3.127) AuthenTec Fingerprint Sensor Minimum Install (Version: 7.9.2) Bing Bar (Version: 7.0.858.0) Canon My Printer Cisco Systems VPN Client 5.0.07.0290 (Version: 5.0.6) Compatibility Pack für 2007 Office System (Version: 12.0.6612.1000) CyberLink PowerDirector (Version: 6.5.2209a) CyberLink YouCam (Version: 1.0.1415) Dell 1130n Laser Printer ESET Online Scanner v3 FastStone Image Viewer 4.6 (Version: 4.6) Firebird SQL Server - MAGIX Edition (Version: 2.0.1.8) Inst5657 (Version: 5.00.91) Intel(R) Matrix Storage Manager Java(TM) 6 Update 4 (Version: 1.6.0.40) Launch Manager V1.4.9 (Version: 1.4.9) Letstrade (Version: 1.00.0000) LetsTrade Komponenten MakeDisc (Version: 3.0.2601) Malwarebytes Anti-Malware Version 1.75.0.1300 (Version: 1.75.0.1300) MediaShow (Version: 3.0.4325) MEDION Fotos auf CD Nord (Version: 6.0.2.0) MEDIONbox (Version: 1.09.0000.00052) Microsoft .NET Framework 1.1 (Version: 1.1.4322) Microsoft .NET Framework 1.1 Security Update (KB2698023) Microsoft .NET Framework 1.1 Security Update (KB2833941) Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft .NET Framework 3.5 Language Pack SP1 - deu (Version: 3.5.30729) Microsoft .NET Framework 3.5 SP1 Microsoft .NET Framework 3.5 SP1 (Version: 3.5.30729) Microsoft .NET Framework 4 Client Profile (Version: 4.0.30319) Microsoft .NET Framework 4 Client Profile DEU Language Pack (Version: 4.0.30319) Microsoft Office 2000 Premium (Version: 9.00.2816) Microsoft Outlook 2002 (Version: 10.0.6626.0) Microsoft PhotoDraw 2000 Microsoft Silverlight (Version: 5.1.20913.0) Microsoft Visual C++ 2005 Redistributable (Version: 8.0.61001) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (Version: 9.0.30729) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (Version: 9.0.30729.4148) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (Version: 9.0.30729.6161) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (Version: 10.0.40219) Microsoft Word 2000 (Version: 9.00.2816) Microsoft Works (Version: 9.7.0621) Mozilla Firefox 24.0 (x86 de) (Version: 24.0) Mozilla Maintenance Service (Version: 24.0) MSXML 4.0 SP2 (KB936181) (Version: 4.20.9848.0) MSXML 4.0 SP2 (KB941833) (Version: 4.20.9849.0) MSXML 4.0 SP2 (KB954430) (Version: 4.20.9870.0) MSXML 4.0 SP2 (KB973688) (Version: 4.20.9876.0) Nero 8 Essentials (Version: 8.10.124) neroxml (Version: 1.0.0) NVIDIA Drivers OmniPass 5.00.91 (Version: 5.00.91) OpenOffice.org 3.4.1 (Version: 3.41.9593) PDF24 Creator 5.4.0 PhotoNow! (Version: 1.0.4310) PowerDVD (Version: 7.0.3118.0) PowerProducer (Version: 4.2.2612) QuickTime (Version: 7.73.80.64) Ralink Wireless LAN (Version: 1.00.0000) Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista (Version: 1.00.0000) Realtek High Definition Audio Driver (Version: 6.0.1.5532) Realtek USB 2.0 Card Reader (Version: ) Sceneo AbsolutTV Skype Click to Call (Version: 5.9.9216) Skype™ 6.9 (Version: 6.9.106) swMSM (Version: 12.0.0.1) Synaptics Pointing Device Driver (Version: 10.0.14.0) Trend Micro Titanium (Version: 6.00) Trend Micro Titanium Maximum Security (Version: 6.0) TVsweeper 3 (Version: 3.0.3) Ulead PhotoImpact 12 (Version: 12.0) Update for Microsoft .NET Framework 3.5 SP1 (KB963707) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939) (Version: 1) Update for Microsoft .NET Framework 4 Client Profile (KB2836939v3) (Version: 3) Update_DealPly VCRedistSetup (Version: 1.0.0) WIDCOMM Bluetooth Software 6.0.1.6000 (Version: 6.0.1.6000) Windows Live Messenger (Version: 8.1.0178.00) WISO Mein Geld 2008 Professional (Version: 9.00.01.0023) WISO Steuer 2012 (Version: 19.00.7303) WISO Steuer-Sparbuch 2013 (Version: 20.00.8137) X10 Hardware(TM) ==================== Restore Points ========================= 23-06-2013 05:55:18 Geplanter Prüfpunkt 24-06-2013 08:22:00 Geplanter Prüfpunkt 01-07-2013 12:00:18 Installed Cisco Systems VPN Client 5.0.07.0290 09-07-2013 06:36:45 Removed Bing Bar 10-07-2013 11:51:19 Windows Update 15-07-2013 05:09:37 Windows Update 16-07-2013 04:56:47 Geplanter Prüfpunkt 20-07-2013 12:49:05 Windows Update 15-08-2013 14:41:32 Windows Update 29-08-2013 08:57:21 Windows Update 10-09-2013 06:39:40 Geplanter Prüfpunkt 13-09-2013 04:37:58 Windows Update 14-09-2013 12:42:39 Windows Update 09-10-2013 05:39:01 Geplanter Prüfpunkt 12-10-2013 08:39:04 Windows Update 17-10-2013 08:32:25 Windows Update ==================== Hosts content: ========================== 2006-11-02 15:53 - 2006-09-19 03:11 - 00000761 ____A C:\Windows\system32\Drivers\etc\hosts 127.0.0.1 localhost ::1 localhost ==================== Scheduled Tasks (whitelisted) ============= Task: {0205A524-AA61-4C74-B9B1-FF114F24E13B} - System32\Tasks\CreateChoiceProcessTask => C:\Windows\System32\browserchoice.exe [2010-02-12] (Microsoft Corporation) Task: {0FAFAE17-8ED6-4CE0-ADDD-BBFC3876BD1F} - System32\Tasks\ROC_JAN2013_TB_rmv => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe Task: {1123AB72-54CA-402B-AB34-15BF94834D46} - \DealPly No Task File Task: {1CBAB76F-B115-4886-92CA-BD6B841F5A6E} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {1CC81347-6204-4B83-900C-01E02F50F067} - System32\Tasks\Microsoft\Windows\MobilePC\TMM Task: {320124A7-D70F-41DE-A9D1-D5E8E19D5D91} - System32\Tasks\Microsoft\Windows\NetworkAccessProtection\NAPStatus UI Task: {3331F768-722C-4783-ACD7-27F88593F395} - System32\Tasks\{8CAFFFF5-B2D4-4D22-8301-2A88F49B3441} => Firefox.exe Skype Privacy Policy Task: {3BCDF251-CA5C-4045-A1FC-8FCEF9FBDC93} - System32\Tasks\Microsoft\Windows\Shell\CrawlStartPages Task: {44980BEE-7809-44A9-AC24-D6E578A3B7DF} - System32\Tasks\Microsoft\Windows\RAC\RACAgent => C:\Windows\system32\RacAgent.exe [2008-01-21] (Microsoft Corporation) Task: {52E43D5A-B014-4F1E-95E8-1971711095FE} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {794FC6F0-C7DA-4AB2-8761-67D167037AA2} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {7E34282C-5D8A-4128-A45C-17F0E9A05D6B} - System32\Tasks\DealPlyUpdate => C:\Program Files\DealPly\DealPlyUpdate.exe Task: {CCAF6078-85C8-457D-AA08-AF181ADD937F} - System32\Tasks\RealUpgradeLogonTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: {D5A273C5-9869-4A69-AA16-F2978517A943} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2013-10-17] (Adobe Systems Incorporated) Task: {DADF685F-68B7-4CB9-B13C-6AB2144AD874} - System32\Tasks\ReclaimerUpdateXML_User => C:\Users\User\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\10.30\agent\rnupgagent.exe [2012-12-21] (RealNetworks, Inc.) Task: {E5150B95-F9B4-4D5D-95A2-7EC1ACBA95F8} - System32\Tasks\Microsoft\Windows\Wireless\GatherWirelessInfo => C:\Windows\system32\gatherWirelessInfo.vbs [2008-01-21] () Task: {F7CB0A16-2B8A-45EB-A6DB-EBBBC9A29992} - System32\Tasks\{56AED09D-DFEA-42FE-8F77-2C9A710171D7} => Firefox.exe Skype Privacy Policy Task: {FE7F01E8-E56F-47F4-BF22-F3A04BA0CA8F} - System32\Tasks\RealUpgradeScheduledTaskS-1-5-21-1306183032-4173219671-3597840-1003 => C:\Program Files\Real\RealUpgrade\RealUpgrade.exe Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\Windows\Tasks\ROC_JAN2013_TB_rmv.job => C:\Program Files\AVG Secure Search\PostInstall\ROC.exe ==================== Loaded Modules (whitelisted) ============= 2008-02-26 09:58 - 2007-11-02 16:57 - 00061440 _____ () C:\Program Files\Softex\OmniPass\SCUREDLL.dll 2008-02-26 09:58 - 2007-11-02 16:57 - 00065536 _____ () C:\Program Files\Softex\OmniPass\opfsdll.dll 2008-02-26 09:58 - 2007-11-02 16:57 - 00016896 _____ () C:\Program Files\Softex\OmniPass\cryptodll.dll 2008-02-26 09:58 - 2007-11-02 16:58 - 00434176 _____ () C:\Program Files\Softex\OmniPass\userdata.dll 2008-02-26 09:58 - 2007-11-02 16:58 - 01077248 _____ () C:\Program Files\Softex\OmniPass\autheng.dll 2008-02-26 09:58 - 2007-11-02 16:57 - 00013824 _____ () C:\Program Files\Softex\OmniPass\ssplogon.dll 2008-02-26 09:58 - 2007-11-02 16:57 - 00532480 _____ () C:\Program Files\Softex\OmniPass\storeng.dll 2007-12-04 18:37 - 2007-12-04 18:37 - 00126976 _____ () C:\Program Files\WIDCOMM\Bluetooth Software\btkeyind.dll 2013-10-18 15:10 - 2013-01-22 11:59 - 00537088 _____ () C:\Users\User\Desktop\Airtel New\airtel\core.dll 2013-10-18 15:10 - 2012-11-28 15:37 - 00286720 _____ () C:\Users\User\Desktop\Airtel New\airtel\sdk.dll 2013-10-18 15:11 - 2009-01-11 02:32 - 00011362 _____ () C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll 2013-10-18 15:11 - 2009-06-23 10:42 - 00043008 _____ () C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll 2013-10-18 15:11 - 2012-10-31 17:11 - 02417152 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll 2013-10-18 15:11 - 2012-10-31 17:33 - 09562624 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll 2013-10-18 15:11 - 2012-10-31 19:04 - 15675904 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll 2013-10-18 15:11 - 2012-10-31 17:14 - 01148416 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll 2013-10-18 15:11 - 2012-10-31 17:53 - 03962368 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll 2013-10-18 15:11 - 2012-10-31 17:54 - 00306176 _____ () C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00405504 _____ () C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll 2013-10-18 15:10 - 2012-11-28 15:32 - 00628224 _____ () C:\Users\User\Desktop\Airtel New\airtel\Common.dll 2013-10-18 15:10 - 2012-11-29 15:41 - 00158208 _____ () C:\Users\User\Desktop\Airtel New\airtel\Trace.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00583168 _____ () C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00646144 _____ () C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll 2013-10-18 15:10 - 2012-12-11 15:06 - 00729088 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00195584 _____ () C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00241152 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00164864 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00155136 _____ () C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll 2013-10-18 15:10 - 2012-11-28 15:36 - 00177152 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00672768 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:35 - 00219648 _____ () C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:35 - 00142336 _____ () C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:35 - 00157184 _____ () C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:35 - 00730624 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00065536 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll 2013-10-18 15:10 - 2012-06-06 06:52 - 00155648 _____ () C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll 2013-10-18 15:10 - 2012-11-29 15:41 - 01124352 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:35 - 00704000 _____ () C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:36 - 00187392 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:36 - 00569344 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00158720 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00236032 _____ () C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00102400 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll 2013-10-18 15:10 - 2012-11-28 15:34 - 00201216 _____ () C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:33 - 00131584 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll 2013-10-18 15:10 - 2012-07-27 12:23 - 01114112 _____ () C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll 2013-10-18 15:10 - 2012-11-28 15:36 - 00702464 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:37 - 00062976 _____ () C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll 2013-10-18 15:10 - 2012-06-06 06:52 - 00224256 _____ () C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll 2013-10-18 15:10 - 2012-11-28 15:44 - 00582144 _____ () C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll 2013-10-18 15:11 - 2012-10-31 17:11 - 00398336 _____ () C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll 2013-10-18 15:10 - 2012-11-28 15:36 - 00168960 _____ () C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll 2013-10-18 15:10 - 2012-11-28 15:45 - 00276992 _____ () C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll 2013-10-18 15:10 - 2012-11-28 15:49 - 00717824 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:41 - 00097792 _____ () C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll 2013-10-18 15:10 - 2012-11-28 15:44 - 00326656 _____ () C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll 2013-10-18 15:10 - 2012-12-03 10:16 - 00359936 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:38 - 00605184 _____ () C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:45 - 00118784 _____ () C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:47 - 00212992 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:39 - 00108032 _____ () C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll 2013-10-18 15:10 - 2013-01-22 12:00 - 00334848 _____ () C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll 2013-10-18 15:10 - 2013-01-28 19:26 - 00144384 _____ () C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:39 - 00150016 _____ () C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll 2013-10-18 15:10 - 2013-01-28 18:24 - 00519168 _____ () C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll 2013-10-18 15:10 - 2013-01-22 12:00 - 00304128 _____ () C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:47 - 00493568 _____ () C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:41 - 00872448 _____ () C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:43 - 00818688 _____ () C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll 2013-10-18 15:10 - 2012-11-28 15:50 - 00416768 _____ () C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll 2013-10-18 15:10 - 2013-01-28 18:08 - 00144896 _____ () C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll 2013-10-18 15:10 - 2012-11-30 10:24 - 00236544 _____ () C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll 2013-10-18 15:11 - 2012-10-31 16:44 - 00082944 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll 2013-10-18 15:11 - 2012-10-31 16:46 - 00081920 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll 2013-10-18 15:11 - 2012-10-31 16:44 - 00192000 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll 2013-10-18 15:11 - 2012-10-31 16:45 - 00350720 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll 2013-10-18 15:11 - 2012-10-31 16:45 - 00370176 _____ () C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll 2008-02-26 09:58 - 2007-11-02 17:06 - 00048208 _____ () C:\Program Files\Softex\OmniPass\hdddrv.dll 2007-12-04 18:25 - 2007-12-04 18:25 - 00389120 _____ () C:\Windows\system32\btwhidcs.DLL 2013-02-24 16:42 - 2012-05-03 00:56 - 00049152 _____ () C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll 2013-02-24 16:42 - 2012-05-03 00:54 - 00057344 _____ () C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 08925264 _____ () C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll 2013-01-25 14:26 - 2013-04-11 11:38 - 00028672 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll 2013-01-25 14:26 - 2013-04-11 11:38 - 00308816 _____ () C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll 2013-01-25 14:26 - 2013-04-11 11:38 - 00321104 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll 2013-01-25 14:25 - 2013-04-11 11:39 - 03001424 _____ () C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll 2013-01-25 14:26 - 2013-04-11 11:38 - 00136272 _____ () C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 02173520 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01607248 _____ () C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01724496 _____ () C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 04158544 _____ () C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll 2013-01-17 14:30 - 2013-03-15 16:09 - 01041408 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll 2013-01-17 14:30 - 2013-02-12 12:03 - 00094208 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll 2013-01-17 14:30 - 2013-02-12 12:03 - 00251392 _____ () C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01493584 _____ () C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 04947536 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01368144 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01748048 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01560656 _____ () C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01145936 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau113.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01216080 _____ () C:\Program Files\WISO\Steuersoftware 2013\whau213.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01305680 _____ () C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 06761552 _____ () C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01245184 _____ () C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll 2013-01-25 14:25 - 2013-04-11 11:38 - 01313872 _____ () C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll 2012-08-10 16:51 - 2012-08-10 16:51 - 00985088 _____ () C:\Program Files\OpenOffice.org 3\program\libxml2.dll 2013-10-08 12:31 - 2013-10-08 12:31 - 03279768 _____ () C:\Program Files\Mozilla Firefox\mozjs.dll 2013-10-17 13:06 - 2013-10-17 13:06 - 16233864 _____ () C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll ==================== Alternate Data Streams (whitelisted) ========= ==================== Safe Mode (whitelisted) =================== ==================== Faulty Device Manager Devices ============= Name: Microsoft-ISATAP-Adapter #3 Description: Microsoft-ISATAP-Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: tunnel Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31) Resolution: Update the driver Name: Cisco Systems VPN Adapter Description: Cisco Systems VPN Adapter Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318} Manufacturer: Cisco Systems Service: CVirtA Problem: : This device is disabled. (Code 22) Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions. ==================== Event log errors: ========================= Application errors: ================== Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service) (User: ) Description: Eintrag <C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK> in der Hash-Zuordnung kann nicht aktualisiert werden. Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) System errors: ============= Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: ) Description: HWiNFO32 Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%2 Error: (10/21/2013 00:54:18 PM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (10/21/2013 00:52:44 PM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 21.10.2013 um 12:50:26 unerwartet heruntergefahren. Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: ) Description: HWiNFO32 Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: ) Description: DgiVecp%%2 Error: (10/21/2013 11:41:17 AM) (Source: Service Control Manager) (User: ) Description: Parallel port driver%%1058 Error: (10/21/2013 11:40:37 AM) (Source: EventLog) (User: ) Description: Das System wurde zuvor am 21.10.2013 um 11:38:56 unerwartet heruntergefahren. Error: (10/20/2013 03:50:05 PM) (Source: DCOM) (User: ) Description: {6295DF2D-35EE-11D1-8707-00C04FD93327} Error: (10/20/2013 02:50:16 PM) (Source: Service Control Manager) (User: ) Description: HWiNFO32 Microsoft Office Sessions: ========================= Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\CYBERLINK POWERDVD.LNK Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK Error: (10/21/2013 01:00:53 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\README.LNK Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\ONLINE-REGISTRIERUNG.LNK Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK Error: (10/21/2013 01:00:51 PM) (Source: Windows Search Service)(User: ) Description: Kontext: Anwendung, SystemIndex Katalog Details: Ein an das System angeschlossenes Gerät funktioniert nicht. (0x8007001f) C:\USERS\USER\APPDATA\ROAMING\MICROSOFT\WINDOWS\START MENU\PROGRAMS\HOME CINEMA\POWERDVD\POWERDVD-HILFE.LNK CodeIntegrity Errors: =================================== Date: 2013-10-17 20:34:46.602 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:46.337 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:46.040 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:45.727 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:45.368 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:45.025 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22713_none_b39feb737f8937a0\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:44.479 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:44.152 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:43.855 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. Date: 2013-10-17 20:34:43.512 Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\winsxs\x86_microsoft-windows-tcpip-binaries_31bf3856ad364e35_6.0.6001.22636_none_b38d4a937f96be60\tcpip.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde. ==================== Memory info =========================== Percentage of memory in use: 53% Total physical RAM: 3069.69 MB Available physical RAM: 1428.66 MB Total Pagefile: 6343.64 MB Available Pagefile: 4503.92 MB Total Virtual: 2047.88 MB Available Virtual: 1904.08 MB ==================== Drives ================================ Drive c: (BOOT) (Fixed) (Total:252.39 GB) (Free:87.74 GB) NTFS ==>[Drive with boot components (obtained from BCD)] Drive d: (RECOVER) (Fixed) (Total:45.69 GB) (Free:33.65 GB) FAT32 Drive e: (airtel) (CDROM) (Total:0.06 GB) (Free:0 GB) CDFS Drive j: (JULIA) (Removable) (Total:1.88 GB) (Free:1.88 GB) FAT ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 298 GB) (Disk ID: B14F9CC9) Partition 1: (Not Active) - (Size=46 GB) - (Type=OF Extended) Partition 2: (Active) - (Size=252 GB) - (Type=07 NTFS) ======================================================== Disk: 1 (Size: 2 GB) (Disk ID: 6E652072) No partition Table on disk 1. Log 4: OTL ScanOTL Logfile: Code:
ATTFilter OTL logfile created on: 21.10.2013 13:58:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,24% Memory free 6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 252,39 Gb Total Space | 87,73 Gb Free Space | 34,76% Space Free | Partition Type: NTFS Drive D: | 45,69 Gb Total Space | 33,65 Gb Free Space | 73,64% Space Free | Partition Type: FAT32 Drive E: | 62,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 1,88 Gb Total Space | 1,88 Gb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe () PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.) PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe () PRC - C:\Windows\System32\lxducoms.exe ( ) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Softex\OmniPass\scureapp.exe () PRC - C:\Program Files\Softex\OmniPass\opvapp.exe () PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\LaunchAp.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\whau213.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\whau113.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\core.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Trace.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\sdk.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Common.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll () MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll () MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll () MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe () MOD - C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Program Files\Softex\OmniPass\hdddrv.dll () MOD - C:\Program Files\Softex\OmniPass\scureapp.exe () MOD - C:\Program Files\Softex\OmniPass\userdata.dll () MOD - C:\Program Files\Softex\OmniPass\autheng.dll () MOD - C:\Program Files\Softex\OmniPass\storeng.dll () MOD - C:\Program Files\Softex\OmniPass\scuredll.dll () MOD - C:\Program Files\Softex\OmniPass\opfsdll.dll () MOD - C:\Program Files\Softex\OmniPass\cryptodll.dll () MOD - C:\Program Files\Softex\OmniPass\SSPLogon.dll () MOD - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( ) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- G:\uxddrv86.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (HWiNFO32) -- G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.) DRV - (TMEBC) -- C:\Windows\System32\drivers\TMEBC32.sys (Trend Micro Inc.) DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS" FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013.02.24 16:43:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013.10.19 11:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.18 03:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.09.27 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\051kq9w4.default\extensions [2013.08.15 11:32:36 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013.08.12 20:22:15 | 000,010,530 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\duckduckgo.xml [2013.08.15 19:06:35 | 000,002,492 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\ixquick-https.xml [2013.10.08 12:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.10.08 12:31:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: {_signature:+fOUjDGgTSww+l34/R1SX6n8Zt9jJAZrqpr94XtiMLs=,_version:4,browser:{show_home_button:true},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,aohghmighlieiainnegkcijnfilokake,apdfllckaahabafndbhieahigkjlhalf,bbjciahceamgodcoidkjpchnokgfpphh,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,eemcgdkfndhakfknompkggombfjjjeno,gaiilaahiahdejapggenmdmafpmbipje,idhngdhcfkoamngbedgpaokgjbnpdiji,mfehgcgbbipciphmccgaenjidiccnmng,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:true,homepage_is_newtabpage:true,session:{restore_on_startup:5}},browser:{last_known_google_url:hxxp://www.google.de/,last_prompted_google_url:hxxp://www.google.de/,show_home_button:true,window_placement:{bottom:760,left:10,maximized:false,right:1060,top:10,work_area_bottom:770,work_area_left:0,work_area_right:1280,work_area_top:0}},countryid_at_install:17477,default_apps:install,default_apps_install_state:3,distribution:{alternate_shortcut_text:false,chrome_shortcut_icon_index:0,create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[Google,[hxxp://www.google.de/,2.60370040]],[Google,[hxxp://ssl.gstatic.com/,2.27338020,hxxp://www.google.com/,2.27338020,hxxp://www.google.de/,4.915941799999999]]],startup_list:[1,hxxp://addon.greetingmoods.com/,hxxp://cdn.montiera.com/,hxxp://chrome.dealply.com/,hxxp://reports.funmoods.com/,hxxp://ssl.gstatic.com/,hxxp://udp.dpstack.com/,hxxp://www.google-analytics.com/,hxxp://www.google.com/,hxxp://www.google.de/,https://ssl.google-analytics.com/]},download:{directory_upgrade:true},extensions:{autoupdate:{next_check:13003165276373603},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},last_chrome_version:24.0.1312.52,settings:{ahfgeienlihckogmohjhadlkjgocpleb:{app_launcher_ordinal:n,page_ordinal:n},aohghmighlieiainnegkcijnfilokake:{ack_external:true,app_launcher_ordinal:t,creation_flags:137,exclude_from_sideload_wipeout:true,from_bookmark:false,from_webstore:true,install_time:13003146664302981,location:1,manifest:{app:{launch:{local_path:main.html}},description:Create, share, and access your Google Docs from anywhere.,icons:{128:icon_128.png,16:icon_16.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB,manifest_version:2,name:Docs,offline_enabled:true,update_url:hxxp://clients2.google.com/service/update2/crx,version:0.0.0.6},page_ordinal:n,path:aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0,state:1,was_installed_by_default:true},apdfllckaahabafndbhieahigkjlhalf:{ack_external:true,exclude_from_sideload_wipeout:true},bbjciahceamgodcoidkjpchnokgfpphh:{ack_external: true CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ O1 HOSTS File: ([2006.09.19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [XBVDHI~1] wscript.exe //B "C:\Users\User\AppData\Roaming\XBVDHI~1.VBS" File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 121.242.190.180 121.242.190.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEAD9C8-1BAC-487A-A893-87458C7F9BEC}: NameServer = 122.160.120.56 202.56.230.7 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2013.01.29 16:32:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2009.06.20 15:43:04 | 000,000,094 | R--- | M] () - E:\autorun.sh -- [ CDFS ] O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell - "" = AutoRun O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell - "" = AutoRun O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell - "" = AutoRun O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell - "" = AutoRun O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.10.21 14:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine [2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2013.10.21 13:24:04 | 000,000,000 | ---D | C] -- C:\FRST [2013.10.18 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel [2013.10.18 15:12:23 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2013.10.18 15:12:23 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2013.10.18 15:12:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2013.10.18 15:12:22 | 000,249,472 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2013.10.18 15:12:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2013.10.18 15:12:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2013.10.18 15:12:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2013.10.18 15:12:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2013.10.18 15:12:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2013.10.18 15:12:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2013.10.18 15:12:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.10.18 15:09:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Airtel New [2013.10.18 11:46:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.10.17 21:44:03 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Internet Security [2013.10.17 21:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.10.17 14:03:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.10.17 14:03:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.10.17 14:03:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.10.17 14:03:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.10.17 14:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.10.17 14:03:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.10.17 14:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.10.17 14:03:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.10.17 13:36:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.10.17 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.10.11 16:01:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.10.11 16:01:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.10.11 16:01:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.10.11 16:01:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.10.11 16:01:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.10.11 16:01:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.10.11 16:01:08 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.10.11 16:01:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.10.11 15:43:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.10.11 15:43:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013.10.11 15:43:38 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.10.11 15:31:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.10.11 15:31:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.10.11 15:24:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.10.11 15:24:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.10.11 15:20:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiafbdrv.dll [2013.10.11 15:20:32 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013.10.10 12:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\airtel [2013.10.10 12:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\airtel [2013.10.08 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.10.21 14:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.21 13:58:24 | 000,686,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.10.21 13:58:24 | 000,646,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.10.21 13:58:24 | 000,150,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.10.21 13:58:24 | 000,123,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.10.21 13:53:32 | 000,054,932 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001 [2013.10.21 13:51:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.21 13:51:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.21 13:51:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013.10.21 13:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.21 13:51:35 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2013.10.21 13:50:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.10.21 12:52:34 | 328,056,218 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.10.18 15:22:51 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk [2013.10.18 15:12:51 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\airtel.lnk [2013.10.18 11:46:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.10.17 13:06:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.10.17 13:06:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.10.17 10:54:12 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe [2013.10.16 18:10:28 | 000,036,590 | ---- | M] () -- C:\Users\User\Desktop\Methodology.odt [2013.10.12 14:53:53 | 000,481,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\sg_backup_2013-10-10-1222.spg [2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\FirstBackup.spg [2013.09.22 15:52:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.09.22 15:44:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.09.22 15:42:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.09.22 15:39:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.09.22 15:38:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.09.22 15:35:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.09.22 15:33:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.09.22 15:29:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.10.18 15:22:51 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk [2013.10.18 15:12:51 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\airtel.lnk [2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\XBVDHI~1.VBS [2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS [2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\sg_backup_2013-10-10-1222.spg [2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\FirstBackup.spg [2013.10.01 09:29:47 | 000,036,590 | ---- | C] () -- C:\Users\User\Desktop\Methodology.odt [2013.06.12 08:48:03 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe [2013.02.24 16:42:49 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat [2013.02.24 16:34:42 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache [2013.01.21 15:44:39 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2013.01.21 15:44:38 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2013.01.21 15:44:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe [2013.01.21 15:44:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2013.01.21 15:44:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2013.01.21 15:44:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2013.01.21 15:44:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2013.01.21 15:44:34 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2013.01.21 15:44:34 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2013.01.21 15:44:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2013.01.21 15:44:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe [2013.01.21 15:44:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2013.01.21 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe [2013.01.21 15:44:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2013.01.21 15:41:42 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2013.01.21 15:41:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2013.01.21 15:41:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2012.06.09 12:53:36 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe [2012.06.09 12:50:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll [2012.06.09 00:29:26 | 000,000,098 | ---- | C] () -- C:\Users\User\AppData\Roaming\Default.PLS [2012.02.25 22:46:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.02.25 22:46:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.02.19 17:31:31 | 000,014,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.19 03:45:59 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.02.18 00:14:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.02.17 20:55:10 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.15 15:20:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.02.15 15:01:13 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001 [2012.02.15 14:59:57 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat [2012.02.15 13:44:32 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.10 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon [2012.06.09 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2012.05.13 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2013.06.17 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2013.05.16 10:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\René's Homepage ========== Purity Check ========== < End of report > Geändert von Jakki (21.10.2013 um 09:56 Uhr) |
|
21.10.2013, 10:10
| #2 |
| | USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht Log 4: OTL ScanOTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 21.10.2013 13:58:33 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\User\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,54 Gb Available Physical Memory | 51,24% Memory free 6,20 Gb Paging File | 4,76 Gb Available in Paging File | 76,78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 252,39 Gb Total Space | 87,73 Gb Free Space | 34,76% Space Free | Partition Type: NTFS Drive D: | 45,69 Gb Total Space | 33,65 Gb Free Space | 73,64% Space Free | Partition Type: FAT32 Drive E: | 62,00 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive J: | 1,88 Gb Total Space | 1,88 Gb Free Space | 100,00% Space Free | Partition Type: FAT Computer Name: USER-PC | User Name: User | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\User\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiSeAgnt.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\UniClient\UiFrmwrk\uiWatchDog.exe (Trend Micro Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe () PRC - C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) PRC - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe () PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\AMSP\coreFrameworkHost.exe (Trend Micro Inc.) PRC - C:\Program Files\Trend Micro\AMSP\AMSP_LogServer.exe (Trend Micro Inc.) PRC - C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) PRC - C:\Windows\Dell\PanelMgr\SSMMgr.exe () PRC - C:\Windows\System32\lxducoms.exe ( ) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) PRC - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.) PRC - C:\Program Files\Softex\OmniPass\scureapp.exe () PRC - C:\Program Files\Softex\OmniPass\opvapp.exe () PRC - C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) PRC - C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - C:\Program Files\Launch Manager\WButton.exe (Wistron) PRC - C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Program Files\Launch Manager\LaunchAp.exe () PRC - C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) PRC - C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) PRC - C:\Program Files\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) PRC - C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Windows\System32\agrsmsvc.exe (Agere Systems) PRC - C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wcore13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae113.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wgui13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wkont13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsguiwinapi48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wauff13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wfvie13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rscorewinapi48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wfabu13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wwerb13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae413.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wimp13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\whau213.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\whau113.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae313.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wsteu13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wbae213.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\wreli13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\mshaktuell.exe () MOD - C:\Program Files\WISO\Steuersoftware 2013\wmain13.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsodbc48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\rsdcom48.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-core.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-contribs-lib.dll () MOD - C:\Program Files\WISO\Steuersoftware 2013\clucene-shared.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\WebPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AdvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DiagnosisPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\MenuMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\core.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\ToolBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Trace.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\airtel.exe () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoRecordUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoUIExPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\LayoutPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\XFramePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\StatusBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceMgrUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NotifyServicePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SMSUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\TopToolBarMgrPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DownLoadAndCache.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DialupUIPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\sdk.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSCall.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallLogSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\CallAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\ATR2SMgr.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetInfoSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DeviceAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsAppPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\SmsSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\STKSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\USSDSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AddrBookSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DialUpPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NetConnectSrvPlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\DataServicePlugin.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Proxy.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSPowerMgr.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSNDIS.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSDialup.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\OSAdapt.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\AtCodec.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\XCodec.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\PluginContainer.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Common.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtWebKit4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\phonon4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXmlPatterns4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtGui4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtNetwork4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtXml4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\QtCore4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qico4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qtiff4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qmng4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qgif4.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxslt.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\NDISAPI.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\tdpcvoice.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\Win7Support.dll () MOD - C:\Program Files\Trend Micro\AMSP\boost_date_time-vc80-mt-1_49.dll () MOD - C:\Program Files\Trend Micro\AMSP\boost_thread-vc80-mt-1_49.dll () MOD - C:\Windows\Dell\PanelMgr\SSMMgr.exe () MOD - C:\Users\User\Desktop\Airtel New\airtel\libgcc_s_dw2-1.dll () MOD - C:\Users\User\Desktop\Airtel New\airtel\mingwm10.dll () MOD - C:\Program Files\WIDCOMM\Bluetooth Software\BTKeyInd.dll () MOD - C:\Windows\System32\btwhidcs.dll () MOD - C:\Program Files\Softex\OmniPass\hdddrv.dll () MOD - C:\Program Files\Softex\OmniPass\scureapp.exe () MOD - C:\Program Files\Softex\OmniPass\userdata.dll () MOD - C:\Program Files\Softex\OmniPass\autheng.dll () MOD - C:\Program Files\Softex\OmniPass\storeng.dll () MOD - C:\Program Files\Softex\OmniPass\scuredll.dll () MOD - C:\Program Files\Softex\OmniPass\opfsdll.dll () MOD - C:\Program Files\Softex\OmniPass\cryptodll.dll () MOD - C:\Program Files\Softex\OmniPass\SSPLogon.dll () MOD - C:\Program Files\Launch Manager\LaunchAp.exe () ========== Services (SafeList) ========== SRV - (Amsp) -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (BBSvc) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (lxdu_device) -- C:\Windows\System32\lxducoms.exe ( ) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (omniserv) -- C:\Program Files\Softex\OmniPass\OmniServ.exe (Softex Inc.) SRV - (IAANTMON) -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (WisLMSvc) -- C:\Program Files\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (srvcPVR) -- C:\Program Files\Sceneo\AbsolutTV\Services\PVR\pvrservice.exe (Buhl Data Service GmbH) SRV - (GnabService) -- c:\Program Files\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files\ALDI Foto Service Nord\Common\Database\bin\fbserver.exe (MAGIX®) SRV - (x10nets) -- C:\Program Files\Common Files\X10\Common\X10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV - (uxddrv) -- G:\uxddrv86.sys File not found DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (HWiNFO32) -- G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS File not found DRV - (DgiVecp) -- C:\Windows\system32\Drivers\DgiVecp.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (tmcomm) -- C:\Windows\System32\drivers\tmcomm.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\Windows\System32\drivers\tmactmon.sys (Trend Micro Inc.) DRV - (tmevtmgr) -- C:\Windows\System32\drivers\tmevtmgr.sys (Trend Micro Inc.) DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcecm) -- C:\Windows\System32\drivers\ew_jucdcecm.sys (Huawei Technologies Co., Ltd.) DRV - (TMEBC) -- C:\Windows\System32\drivers\TMEBC32.sys (Trend Micro Inc.) DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (tmtdi) -- C:\Windows\System32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (CVPNDRVA) -- C:\Windows\System32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.) DRV - (SSPORT) -- C:\Windows\System32\drivers\SSPORT.sys (Samsung Electronics) DRV - (winusb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (SiFilter) -- C:\Windows\System32\drivers\SiWinAcc.sys (Silicon Image, Inc.) DRV - (SiRemFil) -- C:\Windows\System32\drivers\SiRemFil.sys (Silicon Image, Inc.) DRV - (Si3531) -- C:\Windows\System32\drivers\Si3531.sys (Silicon Image, Inc) DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (PhilCap) -- C:\Windows\System32\drivers\PhilCap.sys (NXP Semiconductors Germany GmbH) DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Welcome to ALDI IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-1306183032-4173219671-3597840-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ixquick HTTPS" FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:24.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_9_900_117.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@TrendMicro.com/FFExtension: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension\components\npToolbarChrome.dll (Trend Micro Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\tmbepff-7.5@trendmicro.com: C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\firefoxextension FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22181a4d-af90-4ca3-a569-faed9118d6bc}: C:\Program Files\Trend Micro\Titanium\UIFramework\Toolbar\firefoxextension [2013.02.24 16:43:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\module\20004\FxExt\firefoxextension\ [2013.10.19 11:40:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.10.08 12:31:13 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 24.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.02.18 03:32:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Extensions [2013.09.27 16:17:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\User\AppData\Roaming\mozilla\Firefox\Profiles\051kq9w4.default\extensions [2013.08.15 11:32:36 | 000,320,337 | ---- | M] () (No name found) -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2013.08.12 20:22:15 | 000,010,530 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\duckduckgo.xml [2013.08.15 19:06:35 | 000,002,492 | ---- | M] () -- C:\Users\User\AppData\Roaming\mozilla\firefox\profiles\051kq9w4.default\searchplugins\ixquick-https.xml [2013.10.08 12:31:13 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions [2013.10.08 12:31:28 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} ========== Chrome ========== CHR - homepage: {_signature:+fOUjDGgTSww+l34/R1SX6n8Zt9jJAZrqpr94XtiMLs=,_version:4,browser:{show_home_button:true},extensions:{ids:[ahfgeienlihckogmohjhadlkjgocpleb,aohghmighlieiainnegkcijnfilokake,apdfllckaahabafndbhieahigkjlhalf,bbjciahceamgodcoidkjpchnokgfpphh,blpcfgokakmgnkcojhhkbfbldkacnbeo,coobgpohoikkiipiblmjeljniedjpjpf,eemcgdkfndhakfknompkggombfjjjeno,gaiilaahiahdejapggenmdmafpmbipje,idhngdhcfkoamngbedgpaokgjbnpdiji,mfehgcgbbipciphmccgaenjidiccnmng,pjkljhegncpnkpknbcohdijeoejaedia]},homepage:true,homepage_is_newtabpage:true,session:{restore_on_startup:5}},browser:{last_known_google_url:hxxp://www.google.de/,last_prompted_google_url:hxxp://www.google.de/,show_home_button:true,window_placement:{bottom:760,left:10,maximized:false,right:1060,top:10,work_area_bottom:770,work_area_left:0,work_area_right:1280,work_area_top:0}},countryid_at_install:17477,default_apps:install,default_apps_install_state:3,distribution:{alternate_shortcut_text:false,chrome_shortcut_icon_index:0,create_all_shortcuts:true,do_not_launch_chrome:true,import_history:false,import_home_page:false,import_search_engine:false,make_chrome_default_for_user:true,show_welcome_page:true,skip_first_run_ui:true,verbose_logging:false},dns_prefetching:{host_referral_list:[2,[Google,[hxxp://www.google.de/,2.60370040]],[Google,[hxxp://ssl.gstatic.com/,2.27338020,hxxp://www.google.com/,2.27338020,hxxp://www.google.de/,4.915941799999999]]],startup_list:[1,hxxp://addon.greetingmoods.com/,hxxp://cdn.montiera.com/,hxxp://chrome.dealply.com/,hxxp://reports.funmoods.com/,hxxp://ssl.gstatic.com/,hxxp://udp.dpstack.com/,hxxp://www.google-analytics.com/,hxxp://www.google.com/,hxxp://www.google.de/,https://ssl.google-analytics.com/]},download:{directory_upgrade:true},extensions:{autoupdate:{next_check:13003165276373603},chrome_url_overrides:{bookmarks:[chrome-extension://eemcgdkfndhakfknompkggombfjjjeno/main.html]},last_chrome_version:24.0.1312.52,settings:{ahfgeienlihckogmohjhadlkjgocpleb:{app_launcher_ordinal:n,page_ordinal:n},aohghmighlieiainnegkcijnfilokake:{ack_external:true,app_launcher_ordinal:t,creation_flags:137,exclude_from_sideload_wipeout:true,from_bookmark:false,from_webstore:true,install_time:13003146664302981,location:1,manifest:{app:{launch:{local_path:main.html}},description:Create, share, and access your Google Docs from anywhere.,icons:{128:icon_128.png,16:icon_16.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDJhLK6fk/BWTEvJhywpk7jDe4A2r0bGXGOLZW4/AdBp3IiD9o9nx4YjLAtv0tIPxi7MvFd/GUUbQBwHT5wQWONJj1z/0Rc2qBkiJA0yqXh42p0snuA8dCfdlhOLsp7/XTMEwAVasjV5hC4awl78eKfJYlZ+8fM/UldLWJ/51iBQwIDAQAB,manifest_version:2,name:Docs,offline_enabled:true,update_url:hxxp://clients2.google.com/service/update2/crx,version:0.0.0.6},page_ordinal:n,path:aohghmighlieiainnegkcijnfilokake\\0.0.0.6_0,state:1,was_installed_by_default:true},apdfllckaahabafndbhieahigkjlhalf:{ack_external:true,exclude_from_sideload_wipeout:true},bbjciahceamgodcoidkjpchnokgfpphh:{ack_external: true CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.0.0.6_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjciahceamgodcoidkjpchnokgfpphh\1.0_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\ CHR - Extension: {api:[cookies,tabs],explicit_host:[hxxp://*.facebook.com/*,hxxp://*/*,https://*.facebook.com/*]},creation_flags:1,from_bookmark:false,from_webstore:false,install_time:13003146668376981,location:3,manifest:{background_page:background.html,browser_action:{default_icon:img/16.png,default_popup:dropdown.html,default_title:Post smileys to your wall!!!},description:Enhance your facebook chat with smileys, emoticons, winks and much more...,icons:{128:img/128.png,16:img/16.png,32:img/32.png,48:img/48.png},key:MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDq1NL3ABlEj82oSCEwo5xSu+I6opn8J8bsv/FfOEJptWzsQlr35rqyhX7t8jn+IDdMn8Mneu5b4H0bPx+Sm6TPpzMmVIzXP3OlnPAUCR1ivGdmhBnjvdoKuuijyDmqQscKL5bIJZ5u1dFUKx9/tog+jZEQr5P8UCyhiE0eIIEWBwIDAQAB,name:Funmoods,permissions:[tabs,cookies,hxxp://*/*,hxxp://*.facebook.com/,https://*.facebook.com/,hxxp://addon.greetingmoods.com],update_url:hxxp://funmoods.com/public/download/chrome/update.xml,version:1.0},path:bbjciahceamgodcoidkjpchnokgfpphh\\1.0_0,state:1,was_installed_by_default:false},blpcfgokakmgnkcojhhkbfbldkacnbeo:{ack_external:true,exclude_from_sideload_wipeout:true},coobgpohoikkiipiblmjeljniedjpjpf:{ack_external:true,exclude_from_sideload_wipeout:true},gaiilaahiahdejapggenmdmafpmbipje:{ack_external: true = C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\ O1 HOSTS File: ([2006.09.19 03:11:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found O2 - BHO: (TSToolbarBHO) - {43C6D902-A1C5-45c9-91F6-FD9E90337E18} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found. O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Trend Micro Toolbar) - {CCAC5586-44D7-4c43-B64A-F042461A97D2} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CtrlVol] "C:\Program Files\Launch Manager\CtrlVol.exe" File not found O4 - HKLM..\Run: [Dell PanelMgr] C:\Windows\Dell\PanelMgr\SSMMgr.exe () O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [LanguageShortcut] C:\Program Files\HomeCinema\PowerDVD\Language\Language.exe () O4 - HKLM..\Run: [LaunchAp] C:\Program Files\Launch Manager\LaunchAp.exe () O4 - HKLM..\Run: [LMgrOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [OmniPass] C:\Program Files\Softex\OmniPass\scureapp.exe () O4 - HKLM..\Run: [PDFPrint] C:\Program Files\PDF24\pdf24.exe (Geek Software GmbH) O4 - HKLM..\Run: [PLFSetL] C:\Windows\PLFSetL.exe (sonix) O4 - HKLM..\Run: [RemoteControl] C:\Program Files\HomeCinema\PowerDVD\PDVDServ.exe (Cyberlink Corp.) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [snp2uvc] C:\Windows\vsnp2uvc.exe File not found O4 - HKLM..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe (Synaptics, Inc.) O4 - HKLM..\Run: [toolbar_eula_launcher] C:\Program Files\GoogleEULA\EULALauncher.exe ( ) O4 - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.) O4 - HKLM..\Run: [TVBroadcast] C:\Program Files\Sceneo\AbsolutTV\Services\ODSBC\ODSBCApp.exe (ODSoft multimedia) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files\HomeCinema\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O4 - HKU\S-1-5-21-1306183032-4173219671-3597840-1003..\Run: [XBVDHI~1] wscript.exe //B "C:\Users\User\AppData\Roaming\XBVDHI~1.VBS" File not found O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll (Sun Microsystems, Inc.) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - Elektronik, Autos, Mode, Sammlerstücke, Gutscheine und mehr Online-Shopping | eBay File not found O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3E26C523-76DB-460F-BC8B-080A024841E5}: DhcpNameServer = 121.242.190.180 121.242.190.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6BEAD9C8-1BAC-487A-A893-87458C7F9BEC}: NameServer = 122.160.120.56 202.56.230.7 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\7.5.1137\7.5.1137\TmBpIe32.dll File not found O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\2.5.1331\6.8.1094\TmIEPlg.dll File not found O18 - Protocol\Handler\tmtb {04EAF3FB-4BAC-4B5A-A37D-A1CF210A5A42} - C:\Program Files\Trend Micro\Titanium\UIFramework\ToolbarIE.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmtbim {0B37915C-8B98-4B9E-80D4-464D2C830D10} - C:\Program Files\Trend Micro\Titanium\UIFramework\ProToolbarIMRatingActiveX.dll (Trend Micro Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.19 03:13:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2013.01.29 16:32:00 | 000,000,044 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2009.06.20 15:43:04 | 000,000,094 | R--- | M] () - E:\autorun.sh -- [ CDFS ] O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell - "" = AutoRun O33 - MountPoints2\{09318160-96b7-11e2-a16f-0015af9df547}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell - "" = AutoRun O33 - MountPoints2\{0931816c-96b7-11e2-a16f-001e101f79c9}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell - "" = AutoRun O33 - MountPoints2\{683b4771-37d8-11e3-b37b-001e101f0d12}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell - "" = AutoRun O33 - MountPoints2\{6ae60c06-37d5-11e3-9b2c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell - "" = AutoRun O33 - MountPoints2\{d8125774-3170-11e3-b26c-0016d38bbcce}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell - "" = AutoRun O33 - MountPoints2\{d812577f-3170-11e3-b26c-001e101fabdd}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2011.03.15 02:27:21 | 000,148,320 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013.10.21 14:05:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Panda Security [2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\Program Files\Panda USB Vaccine [2013.10.21 14:05:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security [2013.10.21 13:24:04 | 000,000,000 | ---D | C] -- C:\FRST [2013.10.18 15:12:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\airtel [2013.10.18 15:12:23 | 000,070,272 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcecm.sys [2013.10.18 15:12:23 | 000,027,520 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_juextctrl.sys [2013.10.18 15:12:22 | 000,861,696 | ---- | C] (DiBcom SA) -- C:\Windows\System32\drivers\mod7700.sys [2013.10.18 15:12:22 | 000,249,472 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbnet.sys [2013.10.18 15:12:22 | 000,199,168 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ewusbmdm.sys [2013.10.18 15:12:22 | 000,102,784 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwusbdev.sys [2013.10.18 15:12:22 | 000,096,000 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jucdcacm.sys [2013.10.18 15:12:22 | 000,076,544 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_jubusenum.sys [2013.10.18 15:12:22 | 000,025,856 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\System32\drivers\ewdcsc.sys [2013.10.18 15:12:22 | 000,019,200 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_hwupgrade.sys [2013.10.18 15:12:22 | 000,011,136 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys [2013.10.18 15:09:38 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Airtel New [2013.10.18 11:46:36 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.10.17 21:44:03 | 000,000,000 | ---D | C] -- C:\Users\User\Desktop\Internet Security [2013.10.17 21:42:48 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2013.10.17 14:03:25 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.10.17 14:03:22 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.10.17 14:03:21 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.10.17 14:03:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.10.17 14:03:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.10.17 14:03:18 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.10.17 14:03:17 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.10.17 14:03:15 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.10.17 13:36:43 | 000,000,000 | ---D | C] -- C:\Users\User\AppData\Roaming\Malwarebytes [2013.10.17 13:36:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.10.11 16:01:09 | 001,172,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.10.11 16:01:09 | 001,069,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.10.11 16:01:09 | 000,683,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.10.11 16:01:09 | 000,486,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.10.11 16:01:09 | 000,219,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.10.11 16:01:09 | 000,189,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.10.11 16:01:08 | 001,029,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.10.11 16:01:08 | 000,160,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.10.11 15:43:40 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2013.10.11 15:43:39 | 000,102,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationCFFRasterizerNative_v0300.dll [2013.10.11 15:43:38 | 002,050,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.10.11 15:31:18 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2013.10.11 15:31:18 | 000,006,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2013.10.11 15:24:51 | 000,293,376 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\System32\atmfd.dll [2013.10.11 15:24:50 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\System32\atmlib.dll [2013.10.11 15:20:32 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wiafbdrv.dll [2013.10.11 15:20:32 | 000,025,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\hidparse.sys [2013.10.10 12:20:47 | 000,000,000 | ---D | C] -- C:\ProgramData\airtel [2013.10.10 12:18:32 | 000,000,000 | ---D | C] -- C:\Program Files\airtel [2013.10.08 12:31:12 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.10.21 14:05:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.10.21 13:58:24 | 000,686,244 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.10.21 13:58:24 | 000,646,062 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.10.21 13:58:24 | 000,150,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.10.21 13:58:24 | 000,123,966 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.10.21 13:53:32 | 000,054,932 | ---- | M] () -- C:\Users\User\AppData\Roaming\nvModes.001 [2013.10.21 13:51:54 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013.10.21 13:51:50 | 000,003,616 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013.10.21 13:51:49 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\ROC_JAN2013_TB_rmv.job [2013.10.21 13:51:39 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.10.21 13:51:35 | 3219,578,880 | -HS- | M] () -- C:\hiberfil.sys [2013.10.21 13:50:30 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013.10.21 12:52:34 | 328,056,218 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.10.18 15:22:51 | 000,000,739 | ---- | M] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk [2013.10.18 15:12:51 | 000,000,707 | ---- | M] () -- C:\Users\Public\Desktop\airtel.lnk [2013.10.18 11:46:36 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2013.10.17 13:06:33 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.10.17 13:06:30 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.10.17 10:54:12 | 000,181,808 | ---- | M] () -- C:\Windows\RegBootClean.exe [2013.10.16 18:10:28 | 000,036,590 | ---- | M] () -- C:\Users\User\Desktop\Methodology.odt [2013.10.12 14:53:53 | 000,481,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\sg_backup_2013-10-10-1222.spg [2013.10.10 12:22:39 | 000,001,735 | ---- | M] () -- C:\FirstBackup.spg [2013.09.22 15:52:59 | 001,800,704 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.09.22 15:44:39 | 001,427,968 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.09.22 15:42:32 | 000,231,936 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.09.22 15:39:55 | 000,065,024 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.09.22 15:38:41 | 000,142,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.09.22 15:35:42 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.09.22 15:33:18 | 002,382,848 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.09.22 15:29:06 | 000,176,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [30 C:\Users\User\Desktop\*.tmp files -> C:\Users\User\Desktop\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.10.18 15:22:51 | 000,000,739 | ---- | C] () -- C:\Users\Public\Desktop\TCPOptimizer.lnk [2013.10.18 15:12:51 | 000,000,707 | ---- | C] () -- C:\Users\Public\Desktop\airtel.lnk [2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\XBVDHI~1.VBS [2013.10.17 10:50:32 | 000,073,288 | -HS- | C] () -- C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XBVDHI~1.VBS [2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\sg_backup_2013-10-10-1222.spg [2013.10.10 12:22:39 | 000,001,735 | ---- | C] () -- C:\FirstBackup.spg [2013.10.01 09:29:47 | 000,036,590 | ---- | C] () -- C:\Users\User\Desktop\Methodology.odt [2013.06.12 08:48:03 | 000,181,808 | ---- | C] () -- C:\Windows\RegBootClean.exe [2013.02.24 16:42:49 | 000,000,059 | ---- | C] () -- C:\Windows\System32\SupportTool.exe.bat [2013.02.24 16:34:42 | 000,000,036 | ---- | C] () -- C:\Users\User\AppData\Local\housecall.guid.cache [2013.01.21 15:44:39 | 001,069,056 | ---- | C] ( ) -- C:\Windows\System32\lxduserv.dll [2013.01.21 15:44:38 | 000,651,264 | ---- | C] ( ) -- C:\Windows\System32\lxdupmui.dll [2013.01.21 15:44:38 | 000,589,824 | ---- | C] ( ) -- C:\Windows\System32\lxducoms.exe [2013.01.21 15:44:38 | 000,577,536 | ---- | C] ( ) -- C:\Windows\System32\lxdulmpm.dll [2013.01.21 15:44:36 | 000,376,832 | ---- | C] ( ) -- C:\Windows\System32\lxducomm.dll [2013.01.21 15:44:35 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxduinpa.dll [2013.01.21 15:44:35 | 000,339,968 | ---- | C] ( ) -- C:\Windows\System32\lxduiesc.dll [2013.01.21 15:44:34 | 000,860,160 | ---- | C] ( ) -- C:\Windows\System32\lxduusb1.dll [2013.01.21 15:44:34 | 000,761,856 | ---- | C] ( ) -- C:\Windows\System32\lxducomc.dll [2013.01.21 15:44:33 | 000,684,032 | ---- | C] ( ) -- C:\Windows\System32\lxduhbn3.dll [2013.01.21 15:44:31 | 000,364,544 | ---- | C] ( ) -- C:\Windows\System32\lxducfg.exe [2013.01.21 15:44:31 | 000,208,896 | ---- | C] () -- C:\Windows\System32\lxdugrd.dll [2013.01.21 15:44:29 | 000,323,584 | ---- | C] ( ) -- C:\Windows\System32\lxduih.exe [2013.01.21 15:44:29 | 000,040,960 | ---- | C] () -- C:\Windows\System32\lxduvs.dll [2013.01.21 15:41:42 | 001,036,288 | ---- | C] () -- C:\Windows\System32\lxdudrs.dll [2013.01.21 15:41:42 | 000,081,920 | ---- | C] () -- C:\Windows\System32\lxducaps.dll [2013.01.21 15:41:42 | 000,069,632 | ---- | C] () -- C:\Windows\System32\lxducnv4.dll [2012.06.09 12:53:36 | 000,484,592 | ---- | C] () -- C:\Windows\SSndii.exe [2012.06.09 12:50:56 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sdc1ml3.dll [2012.06.09 00:29:26 | 000,000,098 | ---- | C] () -- C:\Users\User\AppData\Roaming\Default.PLS [2012.02.25 22:46:05 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2012.02.25 22:46:05 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2012.02.19 17:31:31 | 000,014,848 | ---- | C] () -- C:\Users\User\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.19 03:45:59 | 000,000,680 | ---- | C] () -- C:\Users\User\AppData\Local\d3d9caps.dat [2012.02.18 00:14:17 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2012.02.17 20:55:10 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.15 15:20:10 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini [2012.02.15 15:01:13 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.001 [2012.02.15 14:59:57 | 000,054,932 | ---- | C] () -- C:\Users\User\AppData\Roaming\nvModes.dat [2012.02.15 13:44:32 | 000,000,092 | ---- | C] () -- C:\Users\User\AppData\Local\fusioncache.dat ========== ZeroAccess Check ========== [2006.11.02 18:24:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:17:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 11:58:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 11:58:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.06.10 14:01:59 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Amazon [2012.06.09 13:19:22 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\Buhl Data Service [2012.05.13 20:35:30 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\MAGIX [2013.06.17 10:12:33 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\OpenOffice.org [2013.05.16 10:09:40 | 000,000,000 | ---D | M] -- C:\Users\User\AppData\Roaming\René's Homepage ========== Purity Check ========== < End of report > Log Avast Scan aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-10-21 12:59:47 ----------------------------- 12:59:47.359 OS Version: Windows 6.0.6002 Service Pack 2 12:59:47.360 Number of processors: 2 586 0xF0D 12:59:47.367 ComputerName: USER-PC UserName: User 12:59:50.884 Initialize success 13:13:12.903 AVAST engine defs: 13102000 13:13:36.851 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0 13:13:36.855 Disk 0 Vendor: Hitachi_ FC4O Size: 305245MB BusType: 3 13:13:37.254 Disk 0 MBR read successfully 13:13:37.257 Disk 0 MBR scan 13:13:37.262 Disk 0 Windows VISTA default MBR code 13:13:37.265 Disk 0 Partition - 00 0F Extended LBA 46798 MB offset 529293555 13:13:37.269 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 258444 MB offset 63 13:13:37.301 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 46798 MB offset 529293618 13:13:37.310 Disk 0 scanning sectors +625137345 13:13:37.466 Disk 0 scanning C:\Windows\system32\drivers 13:13:59.065 Service scanning 13:14:16.525 Service HWiNFO32 G:\DIAGNOSE\HWiNFO32\HWiNFO32.SYS **LOCKED** 87 13:14:38.411 Service uxddrv G:\uxddrv86.sys **LOCKED** 21 13:14:45.072 Modules scanning 13:14:54.918 Disk 0 trace - called modules: 13:14:54.944 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys hal.dll 13:14:54.952 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86821218] 13:14:54.960 3 CLASSPNP.SYS[8abac8b3] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x85932028] 13:14:54.968 Scan finished successfully 13:16:30.770 Disk 0 MBR has been saved successfully to "C:\Users\User\Desktop\Internet Security\MBR.dat" 13:16:30.778 The log file has been saved successfully to "C:\Users\User\Desktop\Internet Security\aswMBR-20-10-2013.txt" Habe hoffentlich die Logs angemessen gepostet... Zum USB-Stick - wie gesagt: die Datei XBVDHI-1.VBS lässt sich nicht dauerhaft löschen. Beim Anzeigen verdeckter Files wird die "echte Datei" verdeckt angezeigt, sichtbar ist jedoch nur die Verknüpfung. Lieben Dank für Euren Rat, Jakki |
|
22.10.2013, 09:56
| #3 |
| /// the machine /// TB-Ausbilder    | USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht hi,
__________________ So funktioniert es:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
Stick anklemmen, dran lassen. Scan mit Combofix
__________________ |
|
23.10.2013, 13:29
| #4 |
| | USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht Hallo Schrauber, ok - werde beim nächsten Mal die Logs richtig posten, dank der Infos. Habe den Schädling nun gefunden (mit Avira) und gelöscht: das Program heisst VBS.Dunihi.O und saß unter C:\users\appdata\roaming. Avira hat die Files in Quarantäne geschoben und gelöscht - jetzt gehen die Sticks wieder (das unsichtbar gemachte File wurde wieder sichtbar und es wurden keine neuen Verknüpfungen erstellt)  Würde die von dir empfohlenen Programme trotzdem laufen lassen, vielleicht finden sich andere Dateien, die nicht auf den Rechner gehören. Vielen Dank und Grüße, Jakki |
|
24.10.2013, 06:40
| #5 |
| /// the machine /// TB-Ausbilder | USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht ok.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu USB Stick - nur noch Verknüpfungen gespeichert, Files werden "versteckt" bzw. gelöscht |
| 4d36e972-e325-11ce-bfc1-08002be10318, andere, anzeige, anzeigen, beheben, bingbar, dateien, device driver, eingefangen, farbar recovery scan tool, files, gelaufen, gelöscht, gespeichert, panda, plug-in, pup.dealply, pup.funmoods, pup.optional.dealply, pup.optional.dealply.a, required, secure search, system, system neu, usb stick, verknüpfungen, wscript.exe |
Linear-Darstellung
