| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Sparkassen Online Banking Umsätze laden nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
22.07.2010, 11:32
| #1 |
 |  Sparkassen Online Banking Umsätze laden nicht Hallo, seit ca 1er Woche, habe ich ein Problem mit dem Sparkassen Onlinebanking. Ich kann mich zwar ganz normal einloggen aber wenn es dann zum finanzstatus geht kommt erstmal ein Meldung in einem grauen Feld: "Warten Sie bitte, wärend wir Ihre Browser-Sicherheitseinstellungen bestätigen....." Wenn das dann nach einigen Sekunden verschwunden ist versuche ich auf meine Umsätze zu klicken doch die Seite wird nur weiß angezeigt, ohne error oder Sonstiges und untem im Browser steht "Fertig". Alle anderen Unterseiten, wie Überweisung funktionieren. Auf anderen Rechnern scheint dieses Problem nicht aufzutreten. Ich habe es bei Freunden versucht und da hat alles funktioniert. Nun bin ich mir nicht sicher ob es an Einstellungen meines Computers liegt oder an meinem Internetanbieter, da ich den erst seit ca 2 wochen habe. Ich habe bei der Sparkasse angerufen, doch die konten mir nicht weiterhelfen und waren etwas verblüfft. Dann habe ich meinen Internetprovider (Alice) angerufen, er hat mit mir einige Einstellungen überprüft aber am ende auch hier kein Glück. Ich bin inzwischen ein wenig ratlos... Wäre dankbar, wenn jemand Vorschläge für mich hätte!  |
|
22.07.2010, 13:34
| #2 |
| /// Malware-holic   | Sparkassen Online Banking Umsätze laden nicht rufe sofort die bank an, dies klingt seeeeeeeeehr stark nach nem banking trojaner, lasse sofort!!! deinen online zugang sperren und dir neue zugangsdaten senden.
__________________außerdem solltest du dich auch mal über alternativen zum pin /than beraten lassen, diese verfahren kosten dann zwar was, also einmalig, sind aber viel sicherer. das sicherste wäre bei solch einem problem, dass system neu aufzusetzen, nur so bekommst du einen sicheren pc zurück und kannst wieder in ruhe online banking betreiben. danach natürlich sonstige passwörter endern. teile mir mit, wie du verfahren möchtest. ich möchte aber trotzdem einen blick auf deinen pc werfen, um evtl. unbekannte schädliche dateien einzusammeln, damit andere user geschützt sind. ootl: Systemscan mit OTL download otl: Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
|
22.07.2010, 17:54
| #3 |
| | Sparkassen Online Banking Umsätze laden nicht Hey, also ich habe ja schon mehrmals mit der Bank gesprochen und die sagen, es sei kein Virus aber was los ist wissen sie auch nicht...
__________________Und nach Viren habe ich ja nun auch schon mehrmals gescannt. Die von der Bank meinen, es sei irgendwas mit meinen sicherheitseinstellungen am Computer oder im Browser falsch. |
|
22.07.2010, 18:33
| #4 |
| /// Malware-holic | Sparkassen Online Banking Umsätze laden nicht nein, diese symtome, dieser "sicherheitscheck" klingt definitiv nach malware. mache mal die von mir genannten scans und wir sehen weiter. |
|
22.07.2010, 21:30
| #5 |
| | Sparkassen Online Banking Umsätze laden nicht Hi, ich hab den OTL scanner jetzt mal benutzt. das hat mir aber so einige protokolle gegeben, das hier ist das letzte: OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/22/2010 8:49:09 PM - Run 1 OTL by OldTimer - Version 3.2.9.1 Folder = C:\Downloads Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Ireland | Language: ENI | Date Format: dd/MM/yyyy 3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 67.00% Memory free 6.00 Gb Paging File | 5.00 Gb Available in Paging File | 79.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 116.21 Gb Total Space | 52.28 Gb Free Space | 44.99% Space Free | Partition Type: NTFS D: Drive not present or media not loaded Drive E: | 115.21 Gb Total Space | 27.51 Gb Free Space | 23.88% Space Free | Partition Type: NTFS F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: LISA-PC Current User Name: Lisa Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\plugin-container.exe (Mozilla Corporation) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) PRC - C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) PRC - C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) PRC - C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com) PRC - C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files\Orbitdownloader\orbitnet.exe (Orbitdownloader.com) PRC - C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) ========== Modules (SafeList) ========== MOD - C:\downloads\OTL.exe (OldTimer Tools) MOD - C:\Windows\System32\guard32.dll (COMODO) MOD - C:\Windows\System32\sspicli.dll (Microsoft Corporation) MOD - C:\Windows\System32\sechost.dll (Microsoft Corporation) MOD - C:\Windows\System32\samcli.dll (Microsoft Corporation) MOD - C:\Windows\System32\profapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\netutils.dll (Microsoft Corporation) MOD - C:\Windows\System32\KernelBase.dll (Microsoft Corporation) MOD - C:\Windows\System32\dwmapi.dll (Microsoft Corporation) MOD - C:\Windows\System32\devobj.dll (Microsoft Corporation) MOD - C:\Windows\System32\cryptbase.dll (Microsoft Corporation) MOD - C:\Windows\System32\cfgmgr32.dll (Microsoft Corporation) MOD - C:\Windows\System32\msscript.ocx (Microsoft Corporation) MOD - C:\Windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7600.16385_none_421189da2b7fabfc\comctl32.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (TomTomHOMEService) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe (TomTom) SRV - (cmdAgent) -- C:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (WwanSvc) -- C:\Windows\System32\wwansvc.dll (Microsoft Corporation) SRV - (WbioSrvc) -- C:\Windows\System32\wbiosrvc.dll (Microsoft Corporation) SRV - (Power) -- C:\Windows\System32\umpo.dll (Microsoft Corporation) SRV - (Themes) -- C:\Windows\System32\themeservice.dll (Microsoft Corporation) SRV - (sppuinotify) -- C:\Windows\System32\sppuinotify.dll (Microsoft Corporation) SRV - (RpcEptMapper) -- C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (PNRPsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (p2pimsvc) -- C:\Windows\System32\pnrpsvc.dll (Microsoft Corporation) SRV - (HomeGroupProvider) -- C:\Windows\System32\provsvc.dll (Microsoft Corporation) SRV - (PNRPAutoReg) -- C:\Windows\System32\pnrpauto.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (HomeGroupListener) -- C:\Windows\System32\ListSvc.dll (Microsoft Corporation) SRV - (FontCache) -- C:\Windows\System32\FntCache.dll (Microsoft Corporation) SRV - (Dhcp) -- C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SRV - (defragsvc) -- C:\Windows\System32\defragsvc.dll (Microsoft Corporation) SRV - (BDESVC) -- C:\Windows\System32\bdesvc.dll (Microsoft Corporation) SRV - (AxInstSV) ActiveX Installer (AxInstSV) -- C:\Windows\System32\AxInstSv.dll (Microsoft Corporation) SRV - (AppIDSvc) -- C:\Windows\System32\appidsvc.dll (Microsoft Corporation) SRV - (sppsvc) -- C:\Windows\System32\sppsvc.exe (Microsoft Corporation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) ========== Driver Services (SafeList) ========== DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 B8 7C EA 81 29 CB 01 [binary data] IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27 FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/17 00:02:48 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.5\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions [2010/02/16 22:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2010/07/22 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions [2010/07/04 21:21:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/06/17 12:19:47 | 000,000,000 | ---D | M] (RSE Tools) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430} [2010/02/17 00:11:17 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010/02/16 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/06/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\support@platinumhideip.com [2010/05/28 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 19:07:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/05/03 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/30 08:59:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/06/30 08:59:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/06/30 08:59:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/06/30 08:59:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/03/15 23:37:06 | 000,079,745 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 actionsplash.com O1 - Hosts: 127.0.0.1 ads.x10.com O1 - Hosts: 127.0.0.1 images.x10.com O1 - Hosts: 127.0.0.1 adserv.internetfuel.com O1 - Hosts: 127.0.0.1 popme.163.com O1 - Hosts: 127.0.0.1 servedby.advertising.com O1 - Hosts: 127.0.0.1 specialoffers.aol.com O1 - Hosts: 127.0.0.1 whenushop.whenu.com O1 - Hosts: 127.0.0.1 www.popupnation.com O1 - Hosts: 127.0.0.1 www.popuptraffic.com O1 - Hosts: 127.0.0.1 view.popupsponsor.com O1 - Hosts: 127.0.0.1 popups.infostart.com O1 - Hosts: 127.0.0.1 ads.ad-flow.com O1 - Hosts: 127.0.0.1 www.popupmoney.com O1 - Hosts: 127.0.0.1 ad0.popupad.net O1 - Hosts: 127.0.0.1 ad00.popupad.net O1 - Hosts: 127.0.0.1 ad01.popupad.net O1 - Hosts: 127.0.0.1 ad03.popupad.net O1 - Hosts: 127.0.0.1 ad04.popupad.net O1 - Hosts: 127.0.0.1 ad05.popupad.net O1 - Hosts: 127.0.0.1 ad06.popupad.net O1 - Hosts: 127.0.0.1 ad07.popupad.net O1 - Hosts: 127.0.0.1 ad08.popupad.net O1 - Hosts: 127.0.0.1 ad09.popupad.net O1 - Hosts: 127.0.0.1 contest.x10.com O1 - Hosts: 2700 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [{3DC0EA0D-0450-367E-AB25-642CC3D76234}] C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe () O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [fsm] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: Wmi - C:\Windows\System32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: Themes - C:\Windows\System32\themeservice.dll (Microsoft Corporation) NetSvcs: BDESVC - C:\Windows\System32\bdesvc.dll (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.) MsConfig - StartUpReg: Software Informer - hkey= - key= - C:\Program Files\Software Informer\softinfo.exe (Informer Technologies, Inc.) MsConfig - StartUpReg: TomTomHOME.exe - hkey= - key= - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootMin: Primary disk - Driver Group SafeBootMin: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000 begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting begin_of_the_skype_highlighting**************056-444553540000******end_of_the_skype_highlighting} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: Dhcp - C:\Windows\System32\dhcpcore.dll (Microsoft Corporation) SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: ndiscap - C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Power - C:\Windows\System32\umpo.dll (Microsoft Corporation) SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: RpcEptMapper - C:\Windows\System32\RpcEpMap.dll (Microsoft Corporation) SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/07/21 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010/07/21 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010/07/21 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AliceHilfe [2010/07/06 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/27 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Croatia-Montenegro [2010/06/24 00:42:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/24 00:42:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/24 00:42:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 16:52:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 16:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 16:52:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/23 16:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/22 20:51:49 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 19:28:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 23:39:40 | 000,020,048 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== Files Created - No Company Name ========== [2010/07/22 09:26:41 | 000,000,970 | ---- | C] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 21:14:06 | 000,020,048 | ---- | C] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | C] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 11:57:59 | 001,595,392 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:16 | 000,010,948 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/18 22:14:41 | 000,033,280 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:13 | 000,012,163 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:27 | 000,451,668 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/16 12:07:25 | 000,000,000 | R--- | C] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:48:26 | 000,045,532 | ---- | C] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | C] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | C] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:40 | 000,349,857 | ---- | C] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:36 | 000,028,551 | ---- | C] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:08 | 000,286,550 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:55 | 000,244,607 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:43 | 000,359,447 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:27 | 000,309,122 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:26:59 | 000,232,910 | ---- | C] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:05:53 | 001,460,278 | ---- | C] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 22:52:57 | 000,093,184 | ---- | C] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:52 | 000,065,368 | ---- | C] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:23 | 002,657,376 | ---- | C] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/26 17:44:12 | 000,222,380 | ---- | C] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/02/17 00:10:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 03:14:53 | 000,050,688 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\appidapi.dll [2009/08/03 16:07:42 | 000,322,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\OGAAddin.dll < End of report > [2010/07/22 21:13:34 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:13:33 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1 [2010/07/22 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Temp [2010/07/22 21:03:24 | 000,020,330 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:03:24 | 000,000,000 | R--D | M] -- C:\Users\Lisa\My Documents [2010/07/22 21:01:30 | 000,000,162 | -H-- | M] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 19:28:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/22 09:26:41 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Desktop [2010/07/22 09:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010/07/22 09:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/07/21 12:10:25 | 000,000,000 | ---D | M] -- C:\ProgramData\COMODO [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 12:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO [2010/07/21 12:04:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:59:31 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2010/07/21 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Microsoft [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\AliceHilfe [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/07/17 00:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird [2010/07/16 22:59:58 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Music [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/07/16 12:07:25 | 000,000,000 | R--- | M] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/14 13:21:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/09 00:54:08 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Pictures [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/07/06 16:09:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 23:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/06/26 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Diagnostics [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/06/26 17:43:35 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Downloads ========== Files - Modified Within 30 Days ========== [2010/07/22 21:13:44 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:03:24 | 000,020,330 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:01:30 | 000,000,162 | -H-- | M] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 19:28:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== |
|
22.07.2010, 21:32
| #6 |
| | Sparkassen Online Banking Umsätze laden nicht und der zweite teil: ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/08/03 16:07:42 | 000,322,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\OGAAddin.dll < End of report > DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 B8 7C EA 81 29 CB 01 [binary data] IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27 FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 21:24:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions [2010/02/16 22:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2010/07/22 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions [2010/07/04 21:21:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/06/17 12:19:47 | 000,000,000 | ---D | M] (RSE Tools) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430} [2010/02/17 00:11:17 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010/02/16 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/06/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\support@platinumhideip.com [2010/05/28 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 19:07:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/05/03 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/30 08:59:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/06/30 08:59:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/06/30 08:59:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/06/30 08:59:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/03/15 23:37:06 | 000,079,745 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 actionsplash.com O1 - Hosts: 127.0.0.1 ads.x10.com O1 - Hosts: 127.0.0.1 images.x10.com O1 - Hosts: 127.0.0.1 adserv.internetfuel.com O1 - Hosts: 127.0.0.1 popme.163.com O1 - Hosts: 127.0.0.1 servedby.advertising.com O1 - Hosts: 127.0.0.1 specialoffers.aol.com O1 - Hosts: 127.0.0.1 whenushop.whenu.com O1 - Hosts: 127.0.0.1 www.popupnation.com O1 - Hosts: 127.0.0.1 www.popuptraffic.com O1 - Hosts: 127.0.0.1 view.popupsponsor.com O1 - Hosts: 127.0.0.1 popups.infostart.com O1 - Hosts: 127.0.0.1 ads.ad-flow.com O1 - Hosts: 127.0.0.1 www.popupmoney.com O1 - Hosts: 127.0.0.1 ad0.popupad.net O1 - Hosts: 127.0.0.1 ad00.popupad.net O1 - Hosts: 127.0.0.1 ad01.popupad.net O1 - Hosts: 127.0.0.1 ad03.popupad.net O1 - Hosts: 127.0.0.1 ad04.popupad.net O1 - Hosts: 127.0.0.1 ad05.popupad.net O1 - Hosts: 127.0.0.1 ad06.popupad.net O1 - Hosts: 127.0.0.1 ad07.popupad.net O1 - Hosts: 127.0.0.1 ad08.popupad.net O1 - Hosts: 127.0.0.1 ad09.popupad.net O1 - Hosts: 127.0.0.1 contest.x10.com O1 - Hosts: 2700 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [{3DC0EA0D-0450-367E-AB25-642CC3D76234}] C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe () O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [fsm] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/07/21 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010/07/21 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010/07/21 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AliceHilfe [2010/07/06 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/27 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Croatia-Montenegro [2010/06/24 00:42:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/24 00:42:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/24 00:42:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 16:52:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 16:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 16:52:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/23 16:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/22 21:34:19 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:34:14 | 000,020,582 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== Files Created - No Company Name ========== [2010/07/22 21:33:06 | 000,000,162 | -H-- | C] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 09:26:41 | 000,000,970 | ---- | C] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 21:14:06 | 000,020,496 | ---- | C] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | C] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 11:57:59 | 001,595,392 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:16 | 000,010,948 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/18 22:14:41 | 000,033,280 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:13 | 000,012,163 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:27 | 000,451,668 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/16 12:07:25 | 000,000,000 | R--- | C] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:48:26 | 000,045,532 | ---- | C] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | C] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | C] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:40 | 000,349,857 | ---- | C] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:36 | 000,028,551 | ---- | C] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:08 | 000,286,550 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:55 | 000,244,607 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:43 | 000,359,447 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:27 | 000,309,122 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:26:59 | 000,232,910 | ---- | C] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:05:53 | 001,460,278 | ---- | C] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 22:52:57 | 000,093,184 | ---- | C] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:52 | 000,065,368 | ---- | C] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:23 | 002,657,376 | ---- | C] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/26 17:44:12 | 000,222,380 | ---- | C] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/02/17 00:10:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 B8 7C EA 81 29 CB 01 [binary data] IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27 FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 21:24:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions [2010/02/16 22:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2010/07/22 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions [2010/07/04 21:21:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/06/17 12:19:47 | 000,000,000 | ---D | M] (RSE Tools) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430} [2010/02/17 00:11:17 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010/02/16 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/06/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\support@platinumhideip.com [2010/05/28 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 19:07:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/05/03 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/30 08:59:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/06/30 08:59:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/06/30 08:59:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/06/30 08:59:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/03/15 23:37:06 | 000,079,745 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 actionsplash.com O1 - Hosts: 127.0.0.1 ads.x10.com O1 - Hosts: 127.0.0.1 images.x10.com O1 - Hosts: 127.0.0.1 adserv.internetfuel.com O1 - Hosts: 127.0.0.1 popme.163.com O1 - Hosts: 127.0.0.1 servedby.advertising.com O1 - Hosts: 127.0.0.1 specialoffers.aol.com O1 - Hosts: 127.0.0.1 whenushop.whenu.com O1 - Hosts: 127.0.0.1 www.popupnation.com O1 - Hosts: 127.0.0.1 www.popuptraffic.com O1 - Hosts: 127.0.0.1 view.popupsponsor.com O1 - Hosts: 127.0.0.1 popups.infostart.com O1 - Hosts: 127.0.0.1 ads.ad-flow.com O1 - Hosts: 127.0.0.1 www.popupmoney.com O1 - Hosts: 127.0.0.1 ad0.popupad.net O1 - Hosts: 127.0.0.1 ad00.popupad.net O1 - Hosts: 127.0.0.1 ad01.popupad.net O1 - Hosts: 127.0.0.1 ad03.popupad.net O1 - Hosts: 127.0.0.1 ad04.popupad.net O1 - Hosts: 127.0.0.1 ad05.popupad.net O1 - Hosts: 127.0.0.1 ad06.popupad.net O1 - Hosts: 127.0.0.1 ad07.popupad.net O1 - Hosts: 127.0.0.1 ad08.popupad.net O1 - Hosts: 127.0.0.1 ad09.popupad.net O1 - Hosts: 127.0.0.1 contest.x10.com O1 - Hosts: 2700 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [ Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [{3DC0EA0D-0450-367E-AB25-642CC3D76234}] C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe () O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [fsm] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/07/21 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010/07/21 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010/07/21 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AliceHilfe [2010/07/06 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/27 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Croatia-Montenegro [2010/06/24 00:42:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/24 00:42:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/24 00:42:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 16:52:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 16:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 16:52:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/23 16:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/22 21:51:55 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:34:14 | 000,020,582 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== Files Created - No Company Name ========== [2010/07/22 09:26:41 | 000,000,970 | ---- | C] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 21:14:06 | 000,020,582 | ---- | C] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | C] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 11:57:59 | 001,595,392 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:16 | 000,010,948 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/18 22:14:41 | 000,033,280 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:13 | 000,012,163 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:27 | 000,451,668 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/16 12:07:25 | 000,000,000 | R--- | C] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:48:26 | 000,045,532 | ---- | C] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | C] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | C] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:40 | 000,349,857 | ---- | C] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:36 | 000,028,551 | ---- | C] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:08 | 000,286,550 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:55 | 000,244,607 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:43 | 000,359,447 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:27 | 000,309,122 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:26:59 | 000,232,910 | ---- | C] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:05:53 | 001,460,278 | ---- | C] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 22:52:57 | 000,093,184 | ---- | C] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:52 | 000,065,368 | ---- | C] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:23 | 002,657,376 | ---- | C] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/26 17:44:12 | 000,222,380 | ---- | C] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/02/17 00:10:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
23.07.2010, 00:07
| #7 |
| /// Malware-holic | Sparkassen Online Banking Umsätze laden nicht also ich sehe den trojaner schon. machst du bitte mal das combofix log. ich möchte alles an infizierten dateien einsammeln. wie gesagt würde ich dir dann zum formatieren raten und du solltest dich von der bank über sicherere alternativen beraten lassen. die trojaner werden immer ausgeklügelter und man muss mit der zeit gehen denke ich. lieber ne einmalige investition als dann evtl. mal seinem geld hinterher rennen zu müssen. und es gilt, bank anrufen, online banking sperren lassen |
|
23.07.2010, 09:15
| #8 |
| | Sparkassen Online Banking Umsätze laden nicht Hey, danke für deine hilfe bisher! Sag mal, wie mach ich denn den combofix log? Is das nochmal in dem OTL scanner? Ich habs nich so mit Computern...  Werd die Bank gleich anrufen.. Ich hatte vor ca nem Monat schonmal einen fishing Angriff auf mein online banking und musste es da schonmal sperren lassen... Das ist vielleicht ne sch***e!! Ich werd mich mal nach alternativen erkundigen. |
|
23.07.2010, 11:01
| #9 |
| | Sparkassen Online Banking Umsätze laden nicht Hi, also ich hab jetzt mal "Run Fix" gemacht mit dem OTL scanner mit den daten im Textfeld, die du mir am Anfang gegeben hast... Weiß nich ob das jetzt das war was du meintest Hier is das Log: Error: Unable to interpret <Error: Unable to interpret <activex> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <drivers32> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%APPDATA%\*.> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret </md5start> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <userinit.exe> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <eventlog.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <scecli.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <netlogon.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <cngaudit.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ws2ifsl.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <sceclt.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ntelogon.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <logevent.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <iaStor.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvstor.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <atapi.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <IdeChnDr.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <viasraid.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <AGP440.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <vaxscsi.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvatabus.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <viamraid.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvata.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvgts.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <iastorv.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ViPrt.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <eNetHook.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ahcix86.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <KR10N.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvstor32.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ahcix86s.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret </md5stop> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <CREATERESTOREPOINT> in the current context!> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.9.1 log created on 07232010_115935> in the current context! OTL by OldTimer - Version 3.2.9.1 log created on 07232010_120009 |
|
23.07.2010, 12:11
| #10 |
| | Sparkassen Online Banking Umsätze laden nicht hey sorry, jetzt hab ich das doch kapiert mit dem combofix log... Also habs laufen lassen und das is das log: Combofix Logfile: Code:
ATTFilter ComboFix 10-07-22.01 - Lisa 23/07/2010 12:37:00.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.353.1033.18.3070.2107 [GMT 2:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\program files\FlashGet Network
c:\program files\FlashGet Network\FlashGet 3\adns.dll
c:\program files\FlashGet Network\FlashGet 3\btcoreu.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.dll
c:\program files\FlashGet Network\FlashGet 3\BugReport.exe
c:\program files\FlashGet Network\FlashGet 3\cd1.ico
c:\program files\FlashGet Network\FlashGet 3\ckcore.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\14_43260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\28_83260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\atrc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\Codecs.zip
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\cook.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ddnt3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\dnet3260.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv1.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drv2.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\drvc.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\hxltcolor.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\raac.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\ralf.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv10.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv20.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv30.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\rv40.dll
c:\program files\FlashGet Network\FlashGet 3\codec\real\Codecs\sipr.dll
c:\program files\FlashGet Network\FlashGet 3\commonlib.dll
c:\program files\FlashGet Network\FlashGet 3\componentskrnl.dll
c:\program files\FlashGet Network\FlashGet 3\config\clients.met
c:\program files\FlashGet Network\FlashGet 3\config\cryptkey.dat
c:\program files\FlashGet Network\FlashGet 3\config\emfriends.met
c:\program files\FlashGet Network\FlashGet 3\config\known.met
c:\program files\FlashGet Network\FlashGet 3\config\known2_64.met
c:\program files\FlashGet Network\FlashGet 3\config\preferences.dat
c:\program files\FlashGet Network\FlashGet 3\config\preferences.ini
c:\program files\FlashGet Network\FlashGet 3\config\server.met
c:\program files\FlashGet Network\FlashGet 3\config\upload.met
c:\program files\FlashGet Network\FlashGet 3\corestat.dll
c:\program files\FlashGet Network\FlashGet 3\dbghelp.dll
c:\program files\FlashGet Network\FlashGet 3\fg.ico
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\default.htm
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\FGResDetector.conf
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\banner.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\bullet.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\close.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\closelabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\download-icon.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\explorer.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\ftp.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\image.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\introTextBg.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\loading.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\nextlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\prevlabel.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\software.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\data\images\vod.gif
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\FGResDetector.exe
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\about.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\ftplist_tree_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\option_icon.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_hide.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\quickop_show.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\statusbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\tasktab_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_back.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_bk.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_close.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_forward.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\image\toolbar_refresh.png
c:\program files\FlashGet Network\FlashGet 3\FGResDetector_I\lang\l.eng.xml
c:\program files\FlashGet Network\FlashGet 3\FGSoftware.exe
c:\program files\FlashGet Network\FlashGet 3\Flashget3.exe
c:\program files\FlashGet Network\FlashGet 3\FlashGet3.xpi
c:\program files\FlashGet Network\FlashGet 3\FlashGetBHO3.dll
c:\program files\FlashGet Network\FlashGet 3\FlashGetHook.dll
c:\program files\FlashGet Network\FlashGet 3\fnsArchive.dll
c:\program files\FlashGet Network\FlashGet 3\fnsDirectuix.dll
c:\program files\FlashGet Network\FlashGet 3\fnsLanguage.dll
c:\program files\FlashGet Network\FlashGet 3\fnslanguage_en.dll
c:\program files\FlashGet Network\FlashGet 3\fnsScheduler.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSecurity.dll
c:\program files\FlashGet Network\FlashGet 3\fnsSkinX.dll
c:\program files\FlashGet Network\FlashGet 3\fnsStatistics.dll
c:\program files\FlashGet Network\FlashGet 3\game.ico
c:\program files\FlashGet Network\FlashGet 3\gb2312-unicode.dic
c:\program files\FlashGet Network\FlashGet 3\gdiplus.dll
c:\program files\FlashGet Network\FlashGet 3\GetAllUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GetUrl.htm
c:\program files\FlashGet Network\FlashGet 3\GoogleToolbarInstaller_download_signed.exe
c:\program files\FlashGet Network\FlashGet 3\libem.dll
c:\program files\FlashGet Network\FlashGet 3\license.txt
c:\program files\FlashGet Network\FlashGet 3\lst_tz.bin
c:\program files\FlashGet Network\FlashGet 3\P2PCfg.ini
c:\program files\FlashGet Network\FlashGet 3\p2pcore.dll
c:\program files\FlashGet Network\FlashGet 3\p2score.dll
c:\program files\FlashGet Network\FlashGet 3\perf.ini
c:\program files\FlashGet Network\FlashGet 3\pncrt.dll
c:\program files\FlashGet Network\FlashGet 3\pstat.dat
c:\program files\FlashGet Network\FlashGet 3\pup.dat
c:\program files\FlashGet Network\FlashGet 3\RdOldDb.dll
c:\program files\FlashGet Network\FlashGet 3\RealMediaSplitter.ax
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\BarSet.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_check.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_normal.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\btn_radio.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\desktoplink.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\login_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\menu_icon.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\option_page_line.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\skin.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\SuspendNoLogo.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_backgrand.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_cancle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_catgroy.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_group.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_new.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_open.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_option.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_pause.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_recly.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbar_start.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_left.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_middle.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\toolbarbutton_right.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\top_logotitle.gif
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\torrent.ico
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\userinfo_head.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\image\VistaStyleListItems.bmp
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\preview.png
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\skin.xml
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginfailed.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\loginsucc.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\msgnotify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\sound\notify.wav
c:\program files\FlashGet Network\FlashGet 3\skin\international\default\topmain.png
c:\program files\FlashGet Network\FlashGet 3\SnapShot.dll
c:\program files\FlashGet Network\FlashGet 3\storage.dll
c:\program files\FlashGet Network\FlashGet 3\SysOptimize.exe
c:\program files\FlashGet Network\FlashGet 3\uninst.exe
c:\program files\FlashGet Network\FlashGet 3\VodCore.dll
c:\program files\FlashGet Network\FlashGet 3\zlib.dll
c:\users\Lisa\AppData\Roaming\BITS
c:\users\Lisa\AppData\Roaming\BITS\BITS.ini
c:\users\Lisa\AppData\Roaming\BITS\DHTTable.dat
c:\users\Lisa\AppData\Roaming\BITS\ProxyList.ini
c:\users\Lisa\AppData\Roaming\BITS\UPnP.ini
c:\users\Lisa\AppData\Roaming\FlashGetBHO
c:\users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll
c:\users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetHook.dll
c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm
c:\users\Lisa\AppData\Roaming\Qaqo
c:\users\Lisa\AppData\Roaming\Qaqo\pialf.exe
c:\windows\7Loader.TAG
c:\windows\system32\secushr.dat
c:\windows\system32\secustat.dat
.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.
2010-07-23 10:46 . 2010-07-23 10:46 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2010-07-23 10:46 . 2010-07-23 10:46 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 09:59 . 2010-07-23 09:59 -------- d-----w- C:\_OTL
2010-07-22 07:26 . 2010-07-22 07:26 -------- d-----w- c:\program files\CCleaner
2010-07-21 10:09 . 2010-07-21 10:10 -------- d-----w- c:\programdata\COMODO
2010-07-21 10:06 . 2010-07-21 10:06 -------- d-----w- c:\program files\COMODO
2010-07-21 10:03 . 2010-07-21 10:04 -------- d-----w- c:\programdata\Comodo Downloader
2010-07-21 09:55 . 2010-07-21 09:55 -------- d-----w- c:\users\Lisa\AppData\Roaming\AliceHilfe
2010-07-21 09:55 . 2010-07-21 09:55 -------- d-----w- c:\program files\AliceHilfe
2010-07-19 21:17 . 2009-12-15 13:49 6640976 ----a-w- c:\users\Lisa\AppData\Roaming\TomTom\HOME\Profiles\q1l27xhw.default\extensions\Navcore.9.026.483454@tomtom.com\9-026-483454-1.dll
2010-07-06 14:08 . 2010-07-06 14:09 -------- dc----w- c:\users\Lisa\AppData\Local\MigWiz
2010-06-23 22:42 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 22:42 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 22:42 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 22:42 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 22:42 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
2010-06-23 14:52 . 2010-03-24 06:37 1286456 ----a-w- c:\windows\system32\ntdll.dll
2010-06-23 14:52 . 2010-05-09 09:14 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-06-23 14:52 . 2010-05-09 09:14 417792 ----a-w- c:\windows\system32\msdri.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 10:36 . 2010-06-14 13:03 -------- d-----w- c:\users\Lisa\AppData\Roaming\Wupuuw
2010-07-23 10:30 . 2010-02-16 17:05 -------- d-----w- c:\users\Lisa\AppData\Roaming\Orbit
2010-07-22 20:35 . 2010-04-07 16:07 650826 ----a-w- c:\windows\system32\perfh007.dat
2010-07-22 20:35 . 2010-04-07 16:07 132688 ----a-w- c:\windows\system32\perfc007.dat
2010-07-22 19:24 . 2010-02-16 20:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-22 10:11 . 2010-02-16 22:14 188152 ----a-w- c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe
2010-07-22 07:20 . 2010-05-29 15:01 -------- d-----w- c:\users\Lisa\AppData\Roaming\Software Informer
2010-07-18 08:59 . 2010-02-16 22:30 -------- d-----w- c:\users\Lisa\AppData\Roaming\vlc
2010-07-18 08:52 . 2010-04-24 15:53 -------- d-----w- c:\users\Lisa\AppData\Roaming\dvdcss
2010-07-14 11:21 . 2010-02-24 12:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-12 21:00 . 2010-05-09 01:50 -------- d-----w- c:\users\Lisa\AppData\Roaming\Apmysi
2010-07-12 18:36 . 2010-02-23 12:05 -------- d-----w- c:\users\Lisa\AppData\Roaming\Goem
2010-07-07 17:27 . 2010-07-07 17:27 4 ----a-w- c:\users\Lisa\AppData\Roaming\dhxiuw.dat
2010-06-26 21:49 . 2010-02-24 12:47 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 17:39 . 2010-02-16 17:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\Skype
2010-06-26 17:39 . 2010-02-16 17:11 -------- d-----w- c:\users\Lisa\AppData\Roaming\skypePM
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\programdata\TomTom
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\users\Lisa\AppData\Roaming\TomTom
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\program files\TomTom International B.V
2010-06-14 21:18 . 2010-06-14 21:18 -------- d-----w- c:\program files\TomTom HOME 2
2010-06-12 15:12 . 2010-06-12 15:12 -------- d-----w- c:\program files\ffdshow
2010-06-10 22:25 . 2010-06-10 22:23 -------- d-----w- c:\programdata\HideIPEasy
2010-06-10 22:23 . 2010-06-10 22:23 -------- d-----w- c:\users\Lisa\AppData\Roaming\HideIPEasy
2010-06-10 22:22 . 2010-06-10 22:22 -------- d-----w- c:\program files\HideIPEasy
2010-06-10 07:45 . 2010-06-09 17:05 -------- d-----w- c:\programdata\PlatinumHideIP
2010-06-09 17:05 . 2010-06-09 17:05 -------- d-----w- c:\users\Lisa\AppData\Roaming\PlatinumHideIP
2010-06-06 14:28 . 2010-06-06 14:28 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2010-06-06 14:28 . 2010-06-06 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\programdata\Malwarebytes
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-04 09:05 . 2010-04-07 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-29 15:01 . 2010-05-29 15:01 -------- d-----w- c:\program files\Software Informer
2010-05-28 16:19 . 2010-02-16 17:05 -------- d-----w- c:\program files\Orbitdownloader
2010-05-27 07:24 . 2010-06-08 22:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-08 22:17 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 08:43 . 2010-02-16 17:46 -------- d-----w- c:\program files\Microsoft
2010-05-21 12:14 . 2010-02-16 17:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-08 22:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 10:58 . 2010-05-20 10:58 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-05-01 14:49 . 2010-06-08 22:19 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-06-06 14:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-06 14:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2010-05-27 02:13 2285637 ----a-w- c:\program files\Software Informer\softinfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
Contents of the 'Scheduled Tasks' folder
2010-03-15 c:\windows\Tasks\AdsGone.job
- c:\program files\AdsGone\AdsGone.exe [2010-03-15 13:26]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 23:10]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 23:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {A05B96A2-39E7-41D1-9959-EA9F77A8362F} = 213.191.74.18,217.237.149.161
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
- - - - ORPHANS REMOVED - - - -
HKCU-Run-fsm - (no file)
HKCU-Run-{3DC0EA0D-0450-367E-AB25-642CC3D76234} - c:\users\Lisa\AppData\Roaming\Qaqo\pialf.exe
AddRemove-FlashGet 3.3 - c:\program files\FlashGet Network\FlashGet 3\uninst.exe
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(596)
c:\windows\system32\guard32.dll
- - - - - - - > 'lsass.exe'(668)
c:\windows\system32\guard32.dll
.
Completion time: 2010-07-23 12:49:57
ComboFix-quarantined-files.txt 2010-07-23 10:49
Pre-Run: 51,722,145,792 bytes free
Post-Run: 51,638,386,688 bytes free
- - End Of File - - 86A25FC273943942C17912058F5946BF
|
|
23.07.2010, 18:29
| #11 |
| /// Malware-holic | Sparkassen Online Banking Umsätze laden nicht Start, ausführen, zubehör, editor, kopiere rein: Killall:: Folder:: c:\users\Lisa\AppData\Roaming\Wupuuw c:\users\Lisa\AppData\Roaming\Apmysi c:\users\Lisa\AppData\Roaming\Goem c:\users\Lisa\AppData\Roaming\dhxiuw.dat datei speichern unter, tüp, alle dateien, name cfscript.txt speichere es dort wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten. |
|
23.07.2010, 21:11
| #12 |
| | Sparkassen Online Banking Umsätze laden nicht Combofix Logfile: Code:
ATTFilter ComboFix 10-07-22.01 - Lisa 23/07/2010 21:55:09.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.353.1033.18.3070.2085 [GMT 2:00]
Running from: c:\users\Lisa\Desktop\ComboFix.exe
Command switches used :: c:\users\Lisa\Desktop\cfscript.txt
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
c:\users\Lisa\AppData\Roaming\Apmysi
c:\users\Lisa\AppData\Roaming\Goem
c:\users\Lisa\AppData\Roaming\Goem\yzypi.tmp
c:\users\Lisa\AppData\Roaming\Goem\yzypi.yvl
c:\users\Lisa\AppData\Roaming\Qaqo\pialf.exe
c:\users\Lisa\AppData\Roaming\Wupuuw
.
((((((((((((((((((((((((( Files Created from 2010-06-23 to 2010-07-23 )))))))))))))))))))))))))))))))
.
2010-07-23 20:03 . 2010-07-23 20:05 -------- d-----w- c:\users\Lisa\AppData\Local\temp
2010-07-23 20:03 . 2010-07-23 20:03 -------- d-----w- c:\users\Public\AppData\Local\temp
2010-07-23 20:03 . 2010-07-23 20:03 -------- d-----w- c:\users\Default\AppData\Local\temp
2010-07-23 19:52 . 2010-07-23 19:53 -------- d-----w- C:\32788R22FWJFW
2010-07-23 09:59 . 2010-07-23 09:59 -------- d-----w- C:\_OTL
2010-07-22 07:26 . 2010-07-22 07:26 -------- d-----w- c:\program files\CCleaner
2010-07-21 10:09 . 2010-07-21 10:10 -------- d-----w- c:\programdata\COMODO
2010-07-21 10:06 . 2010-07-21 10:06 -------- d-----w- c:\program files\COMODO
2010-07-21 10:03 . 2010-07-21 10:04 -------- d-----w- c:\programdata\Comodo Downloader
2010-07-21 09:55 . 2010-07-21 09:55 -------- d-----w- c:\users\Lisa\AppData\Roaming\AliceHilfe
2010-07-21 09:55 . 2010-07-21 09:55 -------- d-----w- c:\program files\AliceHilfe
2010-07-19 21:17 . 2009-12-15 13:49 6640976 ----a-w- c:\users\Lisa\AppData\Roaming\TomTom\HOME\Profiles\q1l27xhw.default\extensions\Navcore.9.026.483454@tomtom.com\9-026-483454-1.dll
2010-07-06 14:08 . 2010-07-06 14:09 -------- dc----w- c:\users\Lisa\AppData\Local\MigWiz
2010-06-23 22:42 . 2009-11-25 10:47 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll
2010-06-23 22:42 . 2009-11-25 10:47 49472 ----a-w- c:\windows\system32\netfxperf.dll
2010-06-23 22:42 . 2009-11-25 10:47 297808 ----a-w- c:\windows\system32\mscoree.dll
2010-06-23 22:42 . 2009-11-25 10:47 295264 ----a-w- c:\windows\system32\PresentationHost.exe
2010-06-23 22:42 . 2009-11-25 10:47 1130824 ----a-w- c:\windows\system32\dfshim.dll
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-23 11:39 . 2010-02-16 17:05 -------- d-----w- c:\users\Lisa\AppData\Roaming\Orbit
2010-07-23 11:10 . 2010-02-16 20:35 -------- d-----w- c:\program files\Mozilla Thunderbird
2010-07-22 20:35 . 2010-04-07 16:07 650826 ----a-w- c:\windows\system32\perfh007.dat
2010-07-22 20:35 . 2010-04-07 16:07 132688 ----a-w- c:\windows\system32\perfc007.dat
2010-07-22 10:11 . 2010-02-16 22:14 188152 ----a-w- c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe
2010-07-22 07:20 . 2010-05-29 15:01 -------- d-----w- c:\users\Lisa\AppData\Roaming\Software Informer
2010-07-18 08:59 . 2010-02-16 22:30 -------- d-----w- c:\users\Lisa\AppData\Roaming\vlc
2010-07-18 08:52 . 2010-04-24 15:53 -------- d-----w- c:\users\Lisa\AppData\Roaming\dvdcss
2010-07-14 11:21 . 2010-02-24 12:43 -------- d-----w- c:\programdata\Microsoft Help
2010-07-07 17:27 . 2010-07-07 17:27 4 ----a-w- c:\users\Lisa\AppData\Roaming\dhxiuw.dat
2010-06-26 21:49 . 2010-02-24 12:47 -------- d-----w- c:\program files\Microsoft.NET
2010-06-26 17:39 . 2010-02-16 17:07 -------- d-----w- c:\users\Lisa\AppData\Roaming\Skype
2010-06-26 17:39 . 2010-02-16 17:11 -------- d-----w- c:\users\Lisa\AppData\Roaming\skypePM
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\programdata\TomTom
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\users\Lisa\AppData\Roaming\TomTom
2010-06-14 21:19 . 2010-06-14 21:19 -------- d-----w- c:\program files\TomTom International B.V
2010-06-14 21:18 . 2010-06-14 21:18 -------- d-----w- c:\program files\TomTom HOME 2
2010-06-12 15:12 . 2010-06-12 15:12 -------- d-----w- c:\program files\ffdshow
2010-06-10 22:25 . 2010-06-10 22:23 -------- d-----w- c:\programdata\HideIPEasy
2010-06-10 22:23 . 2010-06-10 22:23 -------- d-----w- c:\users\Lisa\AppData\Roaming\HideIPEasy
2010-06-10 22:22 . 2010-06-10 22:22 -------- d-----w- c:\program files\HideIPEasy
2010-06-10 07:45 . 2010-06-09 17:05 -------- d-----w- c:\programdata\PlatinumHideIP
2010-06-09 17:05 . 2010-06-09 17:05 -------- d-----w- c:\users\Lisa\AppData\Roaming\PlatinumHideIP
2010-06-06 14:28 . 2010-06-06 14:28 -------- d-----w- c:\users\Lisa\AppData\Roaming\Malwarebytes
2010-06-06 14:28 . 2010-06-06 14:27 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-06 14:27 . 2010-06-06 14:27 -------- d-----w- c:\programdata\Malwarebytes
2010-06-04 09:55 . 2010-06-04 09:55 224240 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2010-06-04 09:05 . 2010-04-07 16:08 -------- d-----w- c:\program files\Microsoft Silverlight
2010-06-01 17:00 . 2010-06-01 17:00 278288 ----a-w- c:\windows\system32\guard32.dll
2010-06-01 17:00 . 2010-06-01 17:00 75944 ----a-w- c:\windows\system32\drivers\inspect.sys
2010-06-01 17:00 . 2010-06-01 17:00 30112 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2010-06-01 17:00 . 2010-06-01 17:00 16744 ----a-w- c:\windows\system32\drivers\cmderd.sys
2010-05-29 15:01 . 2010-05-29 15:01 -------- d-----w- c:\program files\Software Informer
2010-05-28 16:19 . 2010-02-16 17:05 -------- d-----w- c:\program files\Orbitdownloader
2010-05-27 07:24 . 2010-06-08 22:17 34304 ----a-w- c:\windows\system32\atmlib.dll
2010-05-27 03:49 . 2010-06-08 22:17 293888 ----a-w- c:\windows\system32\atmfd.dll
2010-05-26 08:43 . 2010-02-16 17:46 -------- d-----w- c:\program files\Microsoft
2010-05-21 12:14 . 2010-02-16 17:08 221568 ------w- c:\windows\system32\MpSigStub.exe
2010-05-21 05:18 . 2010-06-08 22:18 977920 ----a-w- c:\windows\system32\wininet.dll
2010-05-20 10:58 . 2010-05-20 10:58 2594584 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2010-05-09 09:14 . 2010-06-23 14:52 641536 ----a-w- c:\windows\system32\CPFilters.dll
2010-05-09 09:14 . 2010-06-23 14:52 417792 ----a-w- c:\windows\system32\msdri.dll
2010-05-01 14:49 . 2010-06-08 22:19 2326528 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 13:39 . 2010-06-06 14:28 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 13:39 . 2010-06-06 14:27 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-10 21:26 . 2009-07-14 02:04 9633792 --sha-r- c:\windows\Fonts\StaticCache.dat
2009-07-14 01:14 . 2009-07-13 23:42 396800 --sha-w- c:\windows\winsxs\x86_microsoft-windows-mail-app_31bf3856ad364e35_6.1.7600.16385_none_f12e83abb108c86c\WinMail.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2008-11-18 11:58 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2008-11-18 333192]
[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{3DC0EA0D-0450-367E-AB25-642CC3D76234}"="c:\users\Lisa\AppData\Roaming\Qaqo\pialf.exe" [BU]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"Monitor"="c:\windows\PixArt\PAC207\Monitor.exe" [2006-11-03 319488]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2009-11-09 180224]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
" Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2010-04-29 1090952]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2010-06-01 2039240]
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\System32\guard32.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2010-06-09 08:06 976832 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2010-06-20 02:04 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-02-15 17:50 417792 ----a-w- c:\program files\QuickTime\QTTask.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Software Informer]
2010-05-27 02:13 2285637 ----a-w- c:\program files\Software Informer\softinfo.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TomTomHOME.exe]
2010-06-24 14:41 247144 ----a-w- c:\program files\TomTom HOME 2\TomTomHOMERunner.exe
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 136176]
R3 netr73;RT73 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr73.sys [2009-07-13 545792]
R3 PAC207;SoC PC-Camera;c:\windows\system32\DRIVERS\PFC027.SYS [2006-12-05 507136]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe [2010-05-21 1343400]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2010-06-04 224240]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2010-06-01 30112]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-18 176128]
S2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [2009-05-13 108289]
S2 TomTomHOMEService;TomTomHOMEService;c:\program files\TomTom HOME 2\TomTomHOMEService.exe [2010-06-24 92008]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [2009-07-13 4231168]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-03-01 139776]
.
Contents of the 'Scheduled Tasks' folder
2010-03-15 c:\windows\Tasks\AdsGone.job
- c:\program files\AdsGone\AdsGone.exe [2010-03-15 13:26]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 23:10]
2010-07-23 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2010-04-26 23:10]
.
.
------- Supplementary Scan -------
.
uInternet Settings,ProxyServer = http=;ftp=;https=;
IE: &Download by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/201
IE: &Grab video by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/204
IE: Do&wnload selected by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/203
IE: Down&load all by Orbit - c:\program files\Orbitdownloader\orbitmxt.dll/202
IE: Download all by FlashGet3 - c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm
IE: Download by FlashGet3 - c:\users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
Trusted Zone: kuaiche.com\software
TCP: {A05B96A2-39E7-41D1-9959-EA9F77A8362F} = 213.191.74.18,217.237.149.161
TCP: 14C4943454D275C414E46353 = 213.191.74.18,217.237.149.161
FF - ProfilePath - c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\
FF - prefs.js: browser.startup.homepage - www.yahoo.de
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - component: c:\program files\Orbitdownloader\addons\OneClickYouTubeDownloader\components\GrabXpcom.dll
FF - component: c:\users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}\components\FlashgetXpi.dll
FF - plugin: c:\program files\Google\Google Earth\plugin\npgeplugin.dll
FF - plugin: c:\program files\Google\Update\1.2.183.29\npGoogleOneClick8.dll
FF - plugin: c:\program files\Microsoft\Office Live\npOLW.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdeployJava1.dll
FF - plugin: c:\program files\Veetle\Player\npvlc.dll
FF - plugin: c:\program files\Veetle\plugins\npVeetle.dll
FF - plugin: c:\program files\Veetle\VLCBroadcast\npvbp.dll
FF - plugin: c:\program files\Virtual Earth 3D\npVE3D.dll
---- FIREFOX POLICIES ----
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.lu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nu", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.nz", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--p1ai", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbayh7gpa", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.tel", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.proxy.type", 5);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.count", 24);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.buffer.cache.size", 4096);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.ipc.plugins.timeoutSecs", 45);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("accelerometer.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.nptest.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npswf32.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npctrl.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled.npqtplugin.dll", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\atieclxx.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\windows\system32\taskhost.exe
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
c:\program files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
c:\windows\system32\conhost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\DllHost.exe
c:\windows\system32\sppsvc.exe
.
**************************************************************************
.
Completion time: 2010-07-23 22:10:52 - machine was rebooted
ComboFix-quarantined-files.txt 2010-07-23 20:10
ComboFix2.txt 2010-07-23 10:49
Pre-Run: 51,737,825,280 bytes free
Post-Run: 51,691,347,968 bytes free
- - End Of File - - B03F0DAC447DAEE986C438E4A1124E6B
|
|
24.07.2010, 15:00
| #13 |
| /// Malware-holic | Sparkassen Online Banking Umsätze laden nicht rechtsklick auf den avira schirm, guard deaktivieren.ok, öffne den arbeitsplatz (mein computer) dort c: rechts klick auf den ordner qoobox, und zu qoobox.zip oder rar hinzufügen. wie unter punkt2 beschrieben, zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
|
24.07.2010, 20:27
| #14 |
| | Sparkassen Online Banking Umsätze laden nicht Hi, wenn ich das hinzufügen versuche kommt nur eine box die mir sagt: ! Cannot create Qoobox.rar ! Access is denied. Was soll ich da machen? |
|
24.07.2010, 20:31
| #15 |
| /// Malware-holic | Sparkassen Online Banking Umsätze laden nicht starte mal in den abgesicherten modus, normalerweise sollte es bei pc start die f8-taste sein, dann abgesicherter modus wählen,dort erstelle das archiv. starte neu, lad es hoch |
|
| Themen zu Sparkassen Online Banking Umsätze laden nicht |
| anbieter, anderen, angezeigt, einloggen, error, fertig, freunde, interne, klicke, klicken, konten, laden, meldung, nicht sicher, online, online banking, problem, rechner, seite, sekunden, sparkasse, verschwunden, vorschläge, woche, wochen, wärend, Überweisung |
Linear-Darstellung
