|
Sparkassen Online Banking Umsätze laden nicht Hallo, seit ca 1er Woche, habe ich ein Problem mit dem Sparkassen Onlinebanking. Ich kann mich zwar ganz normal einloggen aber wenn es dann zum finanzstatus geht kommt erstmal ein Meldung in einem grauen Feld: "Warten Sie bitte, wärend wir Ihre Browser-Sicherheitseinstellungen bestätigen....." Wenn das dann nach einigen Sekunden verschwunden ist versuche ich auf meine Umsätze zu klicken doch die Seite wird nur weiß angezeigt, ohne error oder Sonstiges und untem im Browser steht "Fertig". Alle anderen Unterseiten, wie Überweisung funktionieren. Auf anderen Rechnern scheint dieses Problem nicht aufzutreten. Ich habe es bei Freunden versucht und da hat alles funktioniert. Nun bin ich mir nicht sicher ob es an Einstellungen meines Computers liegt oder an meinem Internetanbieter, da ich den erst seit ca 2 wochen habe. Ich habe bei der Sparkasse angerufen, doch die konten mir nicht weiterhelfen und waren etwas verblüfft. Dann habe ich meinen Internetprovider (Alice) angerufen, er hat mit mir einige Einstellungen überprüft aber am ende auch hier kein Glück. Ich bin inzwischen ein wenig ratlos... Wäre dankbar, wenn jemand Vorschläge für mich hätte! :) |
rufe sofort die bank an, dies klingt seeeeeeeeehr stark nach nem banking trojaner, lasse sofort!!! deinen online zugang sperren und dir neue zugangsdaten senden. außerdem solltest du dich auch mal über alternativen zum pin /than beraten lassen, diese verfahren kosten dann zwar was, also einmalig, sind aber viel sicherer. das sicherste wäre bei solch einem problem, dass system neu aufzusetzen, nur so bekommst du einen sicheren pc zurück und kannst wieder in ruhe online banking betreiben. danach natürlich sonstige passwörter endern. teile mir mit, wie du verfahren möchtest. ich möchte aber trotzdem einen blick auf deinen pc werfen, um evtl. unbekannte schädliche dateien einzusammeln, damit andere user geschützt sind. ootl: Systemscan mit OTL download otl: http://filepony.de/download-otl/ Doppelklick auf die OTL.exe (user von Windows 7 und Vista: Rechtsklick als Administrator ausführen) 1. Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output 2. Hake an "scan all users" 3. Unter "Extra Registry wähle: "Use Safelist" "LOP Check" "Purity Check" 4. Kopiere in die Textbox: netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll logevent.dll iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT 5. Klicke "Scan" 6. 2 reporte werden erstellt: OTL.Txt Extras.Txt poste beide logs. bitte erstelle und poste ein combofix log. Ein Leitfaden und Tutorium zur Nutzung von ComboFix |
Hey, also ich habe ja schon mehrmals mit der Bank gesprochen und die sagen, es sei kein Virus aber was los ist wissen sie auch nicht... Und nach Viren habe ich ja nun auch schon mehrmals gescannt. Die von der Bank meinen, es sei irgendwas mit meinen sicherheitseinstellungen am Computer oder im Browser falsch. |
nein, diese symtome, dieser "sicherheitscheck" klingt definitiv nach malware. mache mal die von mir genannten scans und wir sehen weiter. |
Hi, ich hab den OTL scanner jetzt mal benutzt. das hat mir aber so einige protokolle gegeben, das hier ist das letzte: OTL Logfile: Code: OTL logfile created on: 7/22/2010 8:49:09 PM - Run 1[2010/07/22 21:13:34 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:13:33 | 000,262,144 | -HS- | M] () -- C:\Users\Lisa\ntuser.dat.LOG1 [2010/07/22 21:05:57 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Temp [2010/07/22 21:03:24 | 000,020,330 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:03:24 | 000,000,000 | R--D | M] -- C:\Users\Lisa\My Documents [2010/07/22 21:01:30 | 000,000,162 | -H-- | M] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 19:28:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/22 09:26:41 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Desktop [2010/07/22 09:26:41 | 000,000,000 | ---D | M] -- C:\Program Files\CCleaner [2010/07/22 09:22:04 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/07/21 12:10:25 | 000,000,000 | ---D | M] -- C:\ProgramData\COMODO [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 12:06:48 | 000,000,000 | ---D | M] -- C:\Program Files\COMODO [2010/07/21 12:04:52 | 000,000,000 | ---D | M] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:59:31 | 000,000,000 | --SD | M] -- C:\ProgramData\Microsoft [2010/07/21 11:59:30 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Microsoft [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Program Files\AliceHilfe [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/07/17 00:02:49 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Thunderbird [2010/07/16 22:59:58 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Music [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/07/16 12:07:25 | 000,000,000 | R--- | M] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/14 13:21:40 | 000,000,000 | ---D | M] -- C:\ProgramData\Microsoft Help [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/09 00:54:08 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Pictures [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/07/06 16:09:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 23:49:38 | 000,000,000 | ---D | M] -- C:\Program Files\Microsoft.NET [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/06/26 19:32:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Local\Diagnostics [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/06/26 17:43:35 | 000,000,000 | R--D | M] -- C:\Users\Lisa\Downloads ========== Files - Modified Within 30 Days ========== [2010/07/22 21:13:44 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:03:24 | 000,020,330 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:01:30 | 000,000,162 | -H-- | M] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 19:28:03 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== |
und der zweite teil: ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009/08/03 16:07:42 | 000,322,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\OGAAddin.dll < End of report > DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 B8 7C EA 81 29 CB 01 [binary data] IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27 FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 21:24:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions [2010/02/16 22:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2010/07/22 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions [2010/07/04 21:21:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/06/17 12:19:47 | 000,000,000 | ---D | M] (RSE Tools) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430} [2010/02/17 00:11:17 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010/02/16 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/06/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\support@platinumhideip.com [2010/05/28 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 19:07:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/05/03 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/30 08:59:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/06/30 08:59:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/06/30 08:59:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/06/30 08:59:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/03/15 23:37:06 | 000,079,745 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 actionsplash.com O1 - Hosts: 127.0.0.1 ads.x10.com O1 - Hosts: 127.0.0.1 images.x10.com O1 - Hosts: 127.0.0.1 adserv.internetfuel.com O1 - Hosts: 127.0.0.1 popme.163.com O1 - Hosts: 127.0.0.1 servedby.advertising.com O1 - Hosts: 127.0.0.1 specialoffers.aol.com O1 - Hosts: 127.0.0.1 whenushop.whenu.com O1 - Hosts: 127.0.0.1 www.popupnation.com O1 - Hosts: 127.0.0.1 www.popuptraffic.com O1 - Hosts: 127.0.0.1 view.popupsponsor.com O1 - Hosts: 127.0.0.1 popups.infostart.com O1 - Hosts: 127.0.0.1 ads.ad-flow.com O1 - Hosts: 127.0.0.1 www.popupmoney.com O1 - Hosts: 127.0.0.1 ad0.popupad.net O1 - Hosts: 127.0.0.1 ad00.popupad.net O1 - Hosts: 127.0.0.1 ad01.popupad.net O1 - Hosts: 127.0.0.1 ad03.popupad.net O1 - Hosts: 127.0.0.1 ad04.popupad.net O1 - Hosts: 127.0.0.1 ad05.popupad.net O1 - Hosts: 127.0.0.1 ad06.popupad.net O1 - Hosts: 127.0.0.1 ad07.popupad.net O1 - Hosts: 127.0.0.1 ad08.popupad.net O1 - Hosts: 127.0.0.1 ad09.popupad.net O1 - Hosts: 127.0.0.1 contest.x10.com O1 - Hosts: 2700 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [{3DC0EA0D-0450-367E-AB25-642CC3D76234}] C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe () O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [fsm] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/07/21 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010/07/21 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010/07/21 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AliceHilfe [2010/07/06 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/27 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Croatia-Montenegro [2010/06/24 00:42:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/24 00:42:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/24 00:42:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 16:52:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 16:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 16:52:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/23 16:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/22 21:34:19 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:34:14 | 000,020,582 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== Files Created - No Company Name ========== [2010/07/22 21:33:06 | 000,000,162 | -H-- | C] () -- C:\Users\Lisa\Documents\~$am Bill.docx [2010/07/22 09:26:41 | 000,000,970 | ---- | C] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 21:14:06 | 000,020,496 | ---- | C] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | C] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 11:57:59 | 001,595,392 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:16 | 000,010,948 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/18 22:14:41 | 000,033,280 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:13 | 000,012,163 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:27 | 000,451,668 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/16 12:07:25 | 000,000,000 | R--- | C] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:48:26 | 000,045,532 | ---- | C] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | C] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | C] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:40 | 000,349,857 | ---- | C] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:36 | 000,028,551 | ---- | C] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:08 | 000,286,550 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:55 | 000,244,607 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:43 | 000,359,447 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:27 | 000,309,122 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:26:59 | 000,232,910 | ---- | C] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:05:53 | 001,460,278 | ---- | C] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 22:52:57 | 000,093,184 | ---- | C] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:52 | 000,065,368 | ---- | C] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:23 | 002,657,376 | ---- | C] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/26 17:44:12 | 000,222,380 | ---- | C] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/02/17 00:10:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > DRV - (cmdGuard) -- C:\Windows\System32\drivers\cmdGuard.sys (COMODO) DRV - (inspect) -- C:\Windows\System32\drivers\inspect.sys (COMODO) DRV - (cmdHlp) -- C:\Windows\System32\drivers\cmdhlp.sys (COMODO) DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (KSecPkg) -- C:\Windows\System32\Drivers\ksecpkg.sys (Microsoft Corporation) DRV - (SCDEmu) -- C:\Windows\System32\drivers\scdemu.sys (PowerISO Computing, Inc.) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (cmdide) -- C:\Windows\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.) DRV - (adpahci) -- C:\Windows\system32\DRIVERS\adpahci.sys (Adaptec, Inc.) DRV - (adp94xx) -- C:\Windows\system32\DRIVERS\adp94xx.sys (Adaptec, Inc.) DRV - (amdsbs) -- C:\Windows\system32\DRIVERS\amdsbs.sys (AMD Technologies Inc.) DRV - (adpu320) -- C:\Windows\system32\DRIVERS\adpu320.sys (Adaptec, Inc.) DRV - (arcsas) -- C:\Windows\system32\DRIVERS\arcsas.sys (Adaptec, Inc.) DRV - (amdsata) -- C:\Windows\system32\DRIVERS\amdsata.sys (Advanced Micro Devices) DRV - (arc) -- C:\Windows\system32\DRIVERS\arc.sys (Adaptec, Inc.) DRV - (amdxata) -- C:\Windows\system32\DRIVERS\amdxata.sys (Advanced Micro Devices) DRV - (aliide) -- C:\Windows\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.) DRV - (nvstor) -- C:\Windows\system32\DRIVERS\nvstor.sys (NVIDIA Corporation) DRV - (nvraid) -- C:\Windows\system32\DRIVERS\nvraid.sys (NVIDIA Corporation) DRV - (nfrd960) -- C:\Windows\system32\DRIVERS\nfrd960.sys (IBM Corporation) DRV - (LSI_SAS) -- C:\Windows\system32\DRIVERS\lsi_sas.sys (LSI Corporation) DRV - (iaStorV) -- C:\Windows\system32\DRIVERS\iaStorV.sys (Intel Corporation) DRV - (MegaSR) -- C:\Windows\system32\DRIVERS\MegaSR.sys (LSI Corporation, Inc.) DRV - (LSI_SCSI) -- C:\Windows\system32\DRIVERS\lsi_scsi.sys (LSI Corporation) DRV - (LSI_FC) -- C:\Windows\system32\DRIVERS\lsi_fc.sys (LSI Corporation) DRV - (LSI_SAS2) -- C:\Windows\system32\DRIVERS\lsi_sas2.sys (LSI Corporation) DRV - (iirsp) -- C:\Windows\system32\DRIVERS\iirsp.sys (Intel Corp./ICP vortex GmbH) DRV - (megasas) -- C:\Windows\system32\DRIVERS\megasas.sys (LSI Corporation) DRV - (hwpolicy) -- C:\Windows\System32\drivers\hwpolicy.sys (Microsoft Corporation) DRV - (elxstor) -- C:\Windows\system32\DRIVERS\elxstor.sys (Emulex) DRV - (aic78xx) -- C:\Windows\system32\DRIVERS\djsvs.sys (Adaptec, Inc.) DRV - (HpSAMD) -- C:\Windows\system32\DRIVERS\HpSAMD.sys (Hewlett-Packard Company) DRV - (FsDepends) -- C:\Windows\System32\drivers\fsdepends.sys (Microsoft Corporation) DRV - (vsmraid) -- C:\Windows\system32\DRIVERS\vsmraid.sys (VIA Technologies Inc.,Ltd) DRV - (vmbus) -- C:\Windows\system32\DRIVERS\vmbus.sys (Microsoft Corporation) DRV - (vhdmp) -- C:\Windows\system32\DRIVERS\vhdmp.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\DRIVERS\vmstorfl.sys (Microsoft Corporation) DRV - (vdrvroot) -- C:\Windows\system32\DRIVERS\vdrvroot.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\DRIVERS\storvsc.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\System32\drivers\wimmount.sys (Microsoft Corporation) DRV - (viaide) -- C:\Windows\system32\DRIVERS\viaide.sys (VIA Technologies, Inc.) DRV - (ql2300) -- C:\Windows\system32\DRIVERS\ql2300.sys (QLogic Corporation) DRV - (rdyboost) -- C:\Windows\System32\drivers\rdyboost.sys (Microsoft Corporation) DRV - (ql40xx) -- C:\Windows\system32\DRIVERS\ql40xx.sys (QLogic Corporation) DRV - (SiSRaid4) -- C:\Windows\system32\DRIVERS\sisraid4.sys (Silicon Integrated Systems) DRV - (pcw) -- C:\Windows\System32\drivers\pcw.sys (Microsoft Corporation) DRV - (SiSRaid2) -- C:\Windows\system32\DRIVERS\SiSRaid2.sys (Silicon Integrated Systems Corp.) DRV - (stexstor) -- C:\Windows\system32\DRIVERS\stexstor.sys (Promise Technology) DRV - (CNG) -- C:\Windows\System32\Drivers\cng.sys (Microsoft Corporation) DRV - (Brserid) Brother MFC Serial Port Interface Driver (WDM) -- C:\Windows\System32\Drivers\Brserid.sys (Brother Industries Ltd.) DRV - (rdpbus) -- C:\Windows\System32\drivers\rdpbus.sys (Microsoft Corporation) DRV - (RDPREFMP) -- C:\Windows\System32\drivers\RDPREFMP.sys (Microsoft Corporation) DRV - (RasAgileVpn) WAN Miniport (IKEv2) -- C:\Windows\System32\drivers\agilevpn.sys (Microsoft Corporation) DRV - (WfpLwf) -- C:\Windows\System32\drivers\wfplwf.sys (Microsoft Corporation) DRV - (NdisCap) -- C:\Windows\System32\drivers\ndiscap.sys (Microsoft Corporation) DRV - (vwififlt) -- C:\Windows\System32\drivers\vwififlt.sys (Microsoft Corporation) DRV - (vwifibus) -- C:\Windows\System32\drivers\vwifibus.sys (Microsoft Corporation) DRV - (1394ohci) -- C:\Windows\System32\drivers\1394ohci.sys (Microsoft Corporation) DRV - (UmPass) -- C:\Windows\system32\DRIVERS\umpass.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (mshidkmdf) -- C:\Windows\System32\drivers\mshidkmdf.sys (Microsoft Corporation) DRV - (MTConfig) -- C:\Windows\system32\DRIVERS\MTConfig.sys (Microsoft Corporation) DRV - (CompositeBus) -- C:\Windows\System32\drivers\CompositeBus.sys (Microsoft Corporation) DRV - (AppID) -- C:\Windows\system32\drivers\appid.sys (Microsoft Corporation) DRV - (scfilter) -- C:\Windows\System32\drivers\scfilter.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\DRIVERS\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\DRIVERS\VMBusHID.sys (Microsoft Corporation) DRV - (discache) -- C:\Windows\System32\drivers\discache.sys (Microsoft Corporation) DRV - (HidBatt) -- C:\Windows\system32\DRIVERS\HidBatt.sys (Microsoft Corporation) DRV - (AcpiPmi) -- C:\Windows\system32\DRIVERS\acpipmi.sys (Microsoft Corporation) DRV - (AmdPPM) -- C:\Windows\system32\DRIVERS\amdppm.sys (Microsoft Corporation) DRV - (hcw85cir) -- C:\Windows\system32\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (BrUsbMdm) -- C:\Windows\System32\Drivers\BrUsbMdm.sys (Brother Industries Ltd.) DRV - (BrUsbSer) -- C:\Windows\System32\Drivers\BrUsbSer.sys (Brother Industries Ltd.) DRV - (BrSerWdm) -- C:\Windows\System32\Drivers\BrSerWdm.sys (Brother Industries Ltd.) DRV - (BrFiltLo) -- C:\Windows\system32\DRIVERS\BrFiltLo.sys (Brother Industries, Ltd.) DRV - (BrFiltUp) -- C:\Windows\system32\DRIVERS\BrFiltUp.sys (Brother Industries, Ltd.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (LSI Corp) DRV - (netr73) -- C:\Windows\System32\drivers\netr73.sys (Ralink Technology, Corp.) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (b57nd60x) -- C:\Windows\System32\drivers\b57nd60x.sys (Broadcom Corporation) DRV - (ebdrv) -- C:\Windows\system32\DRIVERS\evbdx.sys (Broadcom Corporation) DRV - (b06bdrv) -- C:\Windows\system32\DRIVERS\bxvbdx.sys (Broadcom Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (RTL8167) -- C:\Windows\System32\drivers\Rt86win7.sys (Realtek Corporation ) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (TVALZ) -- C:\Windows\system32\DRIVERS\TVALZ_O.SYS (TOSHIBA Corporation) DRV - (PAC207) -- C:\Windows\System32\drivers\PFC027.SYS (PixArt Imaging Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ie.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-ie IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 93 B8 7C EA 81 29 CB 01 [binary data] IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=;ftp=;https=; ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "www.yahoo.de" FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: {DB9127A2-3381-41ec-82B3-1B6ED4C6F29A}:1.0 FF - prefs.js..extensions.enabledItems: {19503e42-ca3c-4c27-b1e2-9cdb2170ee34}:1.2.1.27 FF - prefs.js..extensions.enabledItems: {65fe69f6-b9d0-4efa-bb93-064f9b126430}:0.30 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5 FF - prefs.js..extensions.enabledItems: support@platinumhideip.com:1.0 FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.gopher: "" FF - prefs.js..network.proxy.backup.gopher_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.share_proxy_settings: true FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Firefox 3.6.7\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/22 09:22:04 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2010/07/22 21:24:08 | 000,000,000 | ---D | M] FF - HKLM\software\mozilla\Mozilla Thunderbird 3.0.6\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions [2010/02/16 22:36:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Extensions\home2@tomtom.com [2010/07/22 13:38:12 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions [2010/07/04 21:21:11 | 000,000,000 | ---D | M] (FlashGot) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34} [2010/06/17 12:19:47 | 000,000,000 | ---D | M] (RSE Tools) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{65fe69f6-b9d0-4efa-bb93-064f9b126430} [2010/02/17 00:11:17 | 000,000,000 | ---D | M] (flashget3 Extension) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{DB9127A2-3381-41ec-82B3-1B6ED4C6F29A} [2010/02/16 20:16:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\{E9A1DEE0-C623-4439-8932-001E7D17607D} [2010/06/09 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\extensions\support@platinumhideip.com [2010/05/28 18:19:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions [2010/02/16 19:07:19 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010/05/03 16:56:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} [2010/04/12 17:29:19 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll [2010/06/30 08:59:20 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml [2010/06/30 08:59:20 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml [2010/06/30 08:59:20 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml [2010/06/30 08:59:20 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2010/03/15 23:37:06 | 000,079,745 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 actionsplash.com O1 - Hosts: 127.0.0.1 ads.x10.com O1 - Hosts: 127.0.0.1 images.x10.com O1 - Hosts: 127.0.0.1 adserv.internetfuel.com O1 - Hosts: 127.0.0.1 popme.163.com O1 - Hosts: 127.0.0.1 servedby.advertising.com O1 - Hosts: 127.0.0.1 specialoffers.aol.com O1 - Hosts: 127.0.0.1 whenushop.whenu.com O1 - Hosts: 127.0.0.1 www.popupnation.com O1 - Hosts: 127.0.0.1 www.popuptraffic.com O1 - Hosts: 127.0.0.1 view.popupsponsor.com O1 - Hosts: 127.0.0.1 popups.infostart.com O1 - Hosts: 127.0.0.1 ads.ad-flow.com O1 - Hosts: 127.0.0.1 www.popupmoney.com O1 - Hosts: 127.0.0.1 ad0.popupad.net O1 - Hosts: 127.0.0.1 ad00.popupad.net O1 - Hosts: 127.0.0.1 ad01.popupad.net O1 - Hosts: 127.0.0.1 ad03.popupad.net O1 - Hosts: 127.0.0.1 ad04.popupad.net O1 - Hosts: 127.0.0.1 ad05.popupad.net O1 - Hosts: 127.0.0.1 ad06.popupad.net O1 - Hosts: 127.0.0.1 ad07.popupad.net O1 - Hosts: 127.0.0.1 ad08.popupad.net O1 - Hosts: 127.0.0.1 ad09.popupad.net O1 - Hosts: 127.0.0.1 contest.x10.com O1 - Hosts: 2700 more lines... O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com) O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (FlashGetBHO) - {b070d3e3-fec0-47d9-8e8a-99d4eeb3d3b0} - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\FlashGetBHO3.dll (Trend Media Group) O3 - HKLM\..\Toolbar: (Foxit Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Foxit Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Program Files\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll () O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [COMODO Internet Security] C:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO) O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) O4 - HKLM..\Run: [Monitor] C:\Windows\PixArt\Pac207\Monitor.exe (PixArt Imaging Incorporation) O4 - HKLM..\Run: [PWRISOVM.EXE] C:\Program Files\PowerISO\PWRISOVM.EXE (PowerISO Computing, Inc.) O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [{3DC0EA0D-0450-367E-AB25-642CC3D76234}] C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe () O4 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001..\Run: [fsm] File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com) O8 - Extra context menu item: Download all by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetAllUrl.htm () O8 - Extra context menu item: Download by FlashGet3 - C:\Users\Lisa\AppData\Roaming\FlashGetBHO\GetUrl.htm () O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2517073398-466440660-4107572244-1001\..Trusted Domains: kuaiche.com ([software] http in Trusted sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\Windows\system32\guard32.dll) - C:\Windows\System32\guard32.dll (COMODO) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O30 - LSA: Security Packages - (pku2u) - C:\Windows\System32\pku2u.dll (Microsoft Corporation) O30 - LSA: Security Packages - (livessp) - C:\Windows\System32\livessp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900692-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2b900698-2914-11df-8667-001eec385b77}\Shell\AutoRun\command - "" = G:\AutoRun.exe -- File not found O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{2cf1c712-80a2-11df-9715-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7b9ca66f-1b63-11df-9fe9-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Einstiegsseite.exe -- File not found O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell - "" = AutoRun O33 - MountPoints2\{9b67edbb-2770-11df-8f7c-001eec385b77}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O33 - MountPoints2\D\Shell - "" = AutoRun O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\configure\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\D\Shell\install\command - "" = D:\SETUP.EXE -- File not found O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/07/22 09:26:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2010/07/21 12:09:53 | 000,000,000 | ---D | C] -- C:\ProgramData\COMODO [2010/07/21 12:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\COMODO [2010/07/21 12:03:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Comodo Downloader [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Documents\AliceHilfe [2010/07/21 11:55:36 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/21 11:55:32 | 000,000,000 | ---D | C] -- C:\Program Files\AliceHilfe [2010/07/06 16:08:34 | 000,000,000 | ---D | C] -- C:\Users\Lisa\AppData\Local\MigWiz [2010/06/27 20:49:37 | 000,000,000 | ---D | C] -- C:\Users\Lisa\Desktop\Croatia-Montenegro [2010/06/24 00:42:48 | 000,295,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHost.exe [2010/06/24 00:42:48 | 000,099,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\PresentationHostProxy.dll [2010/06/24 00:42:48 | 000,049,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\netfxperf.dll [2010/06/23 16:52:11 | 000,641,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\CPFilters.dll [2010/06/23 16:52:10 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2010/06/23 16:52:10 | 000,204,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSNP.ax [2010/06/23 16:52:10 | 000,199,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mpg2splt.ax ========== Files - Modified Within 30 Days ========== [2010/07/22 21:51:55 | 003,407,872 | -HS- | M] () -- C:\Users\Lisa\NTUSER.DAT [2010/07/22 21:34:14 | 000,020,582 | ---- | M] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/22 21:28:00 | 000,000,882 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2010/07/22 20:41:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:44:45 | 000,014,224 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2010/07/22 13:37:25 | 000,000,878 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2010/07/22 13:37:17 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT [2010/07/22 13:37:04 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys [2010/07/22 13:36:07 | 004,333,889 | -H-- | M] () -- C:\Users\Lisa\AppData\Local\IconCache.db [2010/07/22 09:26:41 | 000,000,970 | ---- | M] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 12:07:05 | 000,001,846 | ---- | M] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | M] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 14:20:58 | 001,595,392 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:17 | 000,010,948 | ---- | M] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/19 23:14:10 | 001,486,084 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI [2010/07/19 23:14:10 | 000,650,826 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2010/07/19 23:14:10 | 000,623,784 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2010/07/19 23:14:10 | 000,132,688 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2010/07/19 23:14:10 | 000,109,736 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2010/07/18 22:14:42 | 000,033,280 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:14 | 000,012,163 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:34 | 000,451,668 | ---- | M] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/15 15:51:01 | 000,045,532 | ---- | M] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | M] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | M] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:41 | 000,349,857 | ---- | M] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:38 | 000,028,551 | ---- | M] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:10 | 000,286,550 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:58 | 000,244,607 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:46 | 000,359,447 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:30 | 000,309,122 | ---- | M] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:27:06 | 000,232,910 | ---- | M] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:06:25 | 001,460,278 | ---- | M] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 23:01:28 | 000,093,184 | ---- | M] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:53 | 000,065,368 | ---- | M] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:32 | 002,657,376 | ---- | M] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/30 21:59:35 | 000,001,989 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2010/06/26 17:44:13 | 000,222,380 | ---- | M] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf ========== Files Created - No Company Name ========== [2010/07/22 09:26:41 | 000,000,970 | ---- | C] () -- C:\Users\Lisa\Desktop\CCleaner.lnk [2010/07/21 21:14:06 | 000,020,582 | ---- | C] () -- C:\Users\Lisa\Documents\Liam Bill.docx [2010/07/21 12:07:05 | 000,001,846 | ---- | C] () -- C:\Users\Public\Desktop\COMODO Firewall.lnk [2010/07/21 11:55:36 | 000,001,037 | ---- | C] () -- C:\Users\Lisa\Desktop\AliceHilfe.lnk [2010/07/20 11:57:59 | 001,595,392 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.doc [2010/07/20 11:57:16 | 000,010,948 | ---- | C] () -- C:\Users\Lisa\Documents\bewerbung.docx [2010/07/18 22:14:41 | 000,033,280 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung alt.doc [2010/07/18 19:21:13 | 000,012,163 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults_übersetzung.docx [2010/07/18 19:01:27 | 000,451,668 | ---- | C] () -- C:\Users\Lisa\Documents\Filmresults.pdf [2010/07/16 12:07:25 | 000,000,000 | R--- | C] () -- C:\Users\Lisa\AppData\Roaming\l8HN7.txt [2010/07/15 15:48:26 | 000,045,532 | ---- | C] () -- C:\Users\Lisa\Documents\Peter übersetzung.docx [2010/07/11 22:15:15 | 000,077,369 | ---- | C] () -- C:\Users\Lisa\Documents\Info_Kostmbild_BA_07_2010_ger.pdf [2010/07/11 12:39:42 | 000,001,210 | ---- | C] () -- C:\Users\Lisa\Documents\Part 1.4 [2010/07/11 12:39:40 | 000,349,857 | ---- | C] () -- C:\Users\Lisa\Documents\KurzInfo_1Wort2.pdf [2010/07/11 12:39:36 | 000,028,551 | ---- | C] () -- C:\Users\Lisa\Documents\EinWortZwei.pdf [2010/07/09 19:28:08 | 000,286,550 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 1.pdf [2010/07/09 19:27:55 | 000,244,607 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 2.pdf [2010/07/09 19:27:43 | 000,359,447 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 3.pdf [2010/07/09 19:27:27 | 000,309,122 | ---- | C] () -- C:\Users\Lisa\Desktop\abi zeugnis teil 4.pdf [2010/07/09 19:26:59 | 000,232,910 | ---- | C] () -- C:\Users\Lisa\Desktop\textiles zeugnis.pdf [2010/07/09 19:05:53 | 001,460,278 | ---- | C] () -- C:\Users\Lisa\Desktop\DSC00777.JPG [2010/07/08 22:52:57 | 000,093,184 | ---- | C] () -- C:\Users\Lisa\Desktop\Personalangaben.doc [2010/07/08 22:52:52 | 000,065,368 | ---- | C] () -- C:\Users\Lisa\Desktop\Arbeitsformular.pdf [2010/07/08 22:52:23 | 002,657,376 | ---- | C] () -- C:\Users\Lisa\Desktop\lohnsteuerkarte.pdf [2010/07/07 19:27:21 | 000,000,004 | ---- | C] () -- C:\Users\Lisa\AppData\Roaming\dhxiuw.dat [2010/06/26 17:44:12 | 000,222,380 | ---- | C] () -- C:\Users\Lisa\Desktop\V99S7T-BoardingPass.pdf [2010/02/17 00:10:42 | 000,000,025 | ---- | C] () -- C:\Windows\libem.INI [2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\Windows\System32\OGACheckControl.dll [2009/07/14 01:51:43 | 000,073,728 | ---- | C] () -- C:\Windows\System32\BthpanContextHandler.dll [2009/07/14 01:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\System32\BWContextHandler.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelTraditionalChinese.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSwedish.dll [2007/07/23 09:03:32 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSpanish.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelSimplifiedChinese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelPortugese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelKorean.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelJapanese.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelGerman.dll [2007/07/23 09:03:30 | 000,053,248 | ---- | C] () -- C:\Windows\System32\AgCPanelFrench.dll [2006/11/02 10:27:46 | 000,000,518 | ---- | C] () -- C:\Windows\System32\SP207.INI ========== LOP Check ========== [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV [2010/03/15 23:37:01 | 000,000,398 | ---- | M] () -- C:\Windows\Tasks\AdsGone.job [2010/05/16 08:24:44 | 000,032,612 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010/06/07 23:08:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Adobe [2010/07/21 11:55:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\AliceHilfe [2010/07/12 23:00:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Apmysi [2010/05/03 18:56:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\BITS [2010/07/18 10:52:44 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\dvdcss [2010/02/17 00:10:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGet [2010/02/17 00:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\FlashGetBHO [2010/02/16 20:16:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit [2010/03/08 18:42:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Foxit Software [2010/07/12 20:36:02 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Goem [2010/02/16 20:10:51 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\GrabPro [2010/06/11 00:23:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\HideIPEasy [2010/02/16 18:51:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Identities [2010/02/16 20:13:50 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Macromedia [2010/06/06 16:28:07 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Malwarebytes [2009/07/14 09:48:45 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Media Center Programs [2010/04/30 00:43:16 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Metaversum [2010/07/21 11:55:52 | 000,000,000 | --SD | M] -- C:\Users\Lisa\AppData\Roaming\Microsoft [2010/02/16 19:01:53 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Mozilla [2010/07/22 20:47:36 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Orbit [2010/06/09 19:05:26 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\PlatinumHideIP [2010/03/25 08:36:35 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Qaqo [2010/06/26 19:39:33 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Skype [2010/06/26 19:39:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\skypePM [2010/07/22 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Software Informer [2010/02/18 20:28:52 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thinstall [2010/02/16 22:36:14 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Thunderbird [2010/06/14 23:19:08 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\TomTom [2010/07/18 10:59:28 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\vlc [2010/02/18 20:28:34 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\WinRAR [2010/07/16 13:54:42 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\Wupuuw [2010/04/29 17:25:43 | 000,000,000 | ---D | M] -- C:\Users\Lisa\AppData\Roaming\ZiggyTV < %APPDATA%\*.exe /s > [2010/07/22 12:11:07 | 000,188,152 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Mozilla\Firefox\Profiles\86wnm5ta.default\FlashGot.exe [2010/03/25 08:36:35 | 000,171,522 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Qaqo\pialf.exe [2010/02/18 20:28:58 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\1000000800002i\svchost.exe [2010/02/22 22:11:00 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\30000000e300002i\DW20.EXE [2010/02/18 20:29:13 | 000,033,792 | ---- | M] () -- C:\Users\Lisa\AppData\Roaming\Thinstall\Office 2003\4000003900002i\MultiKill.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_65848c2d7375a720\AGP440.sys [2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_f64b9c35a3a5be81\atapi.sys [2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2007/02/12 14:37:22 | 000,537,368 | ---- | M] (Intel Corporation) MD5=2EE127D5407DA3957EE54711C9AED6EC -- C:\Toshiba\Drivers\Robson\Winall\Driver64\IaStor.sys [2007/02/12 14:36:54 | 000,277,784 | ---- | M] (Intel Corporation) MD5=FD7F9D74C2B35DBDA400804A3F5ED5D8 -- C:\Toshiba\Drivers\Robson\Winall\Driver\iaStor.sys < MD5 for: IASTORV.SYS > [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\drivers\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_18cccb83b34e1453\iaStorV.sys [2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys < MD5 for: KR10N.SYS > [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10i\KR10N.sys [2007/01/18 16:47:18 | 000,211,072 | ---- | M] (TOSHIBA CORPORATION) MD5=6E9922332386C2A49936B30B2B6FD298 -- C:\Toshiba\Drivers\Raid\Kr10n\KR10N.sys < MD5 for: NETLOGON.DLL > [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\System32\netlogon.dll [2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\drivers\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_5bde3fe2945bce9e\nvstor.sys [2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\System32\scecli.dll [2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll < MD5 for: USERINIT.EXE > [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\System32\userinit.exe [2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
also ich sehe den trojaner schon. machst du bitte mal das combofix log. ich möchte alles an infizierten dateien einsammeln. wie gesagt würde ich dir dann zum formatieren raten und du solltest dich von der bank über sicherere alternativen beraten lassen. die trojaner werden immer ausgeklügelter und man muss mit der zeit gehen denke ich. lieber ne einmalige investition als dann evtl. mal seinem geld hinterher rennen zu müssen. und es gilt, bank anrufen, online banking sperren lassen |
Hey, danke für deine hilfe bisher! Sag mal, wie mach ich denn den combofix log? Is das nochmal in dem OTL scanner? Ich habs nich so mit Computern... ;) Werd die Bank gleich anrufen.. Ich hatte vor ca nem Monat schonmal einen fishing Angriff auf mein online banking und musste es da schonmal sperren lassen... Das ist vielleicht ne sch***e!! Ich werd mich mal nach alternativen erkundigen. |
Hi, also ich hab jetzt mal "Run Fix" gemacht mit dem OTL scanner mit den daten im Textfeld, die du mir am Anfang gegeben hast... Weiß nich ob das jetzt das war was du meintest Hier is das Log: Error: Unable to interpret <Error: Unable to interpret <activex> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <drivers32> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%ALLUSERSPROFILE%\Application Data\*.exe /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%APPDATA%\*.> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%APPDATA%\*.exe /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%SYSTEMDRIVE%\*.exe> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret </md5start> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <userinit.exe> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <eventlog.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <scecli.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <netlogon.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <cngaudit.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ws2ifsl.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <sceclt.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ntelogon.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <logevent.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <iaStor.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvstor.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <atapi.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <IdeChnDr.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <viasraid.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <AGP440.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <vaxscsi.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvatabus.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <viamraid.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvata.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvgts.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <iastorv.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ViPrt.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <eNetHook.dll> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ahcix86.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <KR10N.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <nvstor32.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <ahcix86s.sys> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret </md5stop> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\system32\drivers\*.sys /lockedfiles> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\System32\config\*.sav> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\*. /mp /s> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <%systemroot%\system32\*.dll /lockedfiles> in the current context!> in the current context! Error: Unable to interpret <Error: Unable to interpret <CREATERESTOREPOINT> in the current context!> in the current context! Error: Unable to interpret < > in the current context! Error: Unable to interpret <OTL by OldTimer - Version 3.2.9.1 log created on 07232010_115935> in the current context! OTL by OldTimer - Version 3.2.9.1 log created on 07232010_120009 |
hey sorry, jetzt hab ich das doch kapiert mit dem combofix log... ;) Also habs laufen lassen und das is das log: Combofix Logfile: Code: ComboFix 10-07-22.01 - Lisa 23/07/2010 12:37:00.1.2 - x86 |
Start, ausführen, zubehör, editor, kopiere rein: Killall:: Folder:: c:\users\Lisa\AppData\Roaming\Wupuuw c:\users\Lisa\AppData\Roaming\Apmysi c:\users\Lisa\AppData\Roaming\Goem c:\users\Lisa\AppData\Roaming\dhxiuw.dat datei speichern unter, tüp, alle dateien, name cfscript.txt speichere es dort wo sich combofix.exe befindet, ziehe cfscript auf combofix, programm startet, log posten. |
Combofix Logfile: Code: ComboFix 10-07-22.01 - Lisa 23/07/2010 21:55:09.2.2 - x86 |
rechtsklick auf den avira schirm, guard deaktivieren.ok, öffne den arbeitsplatz (mein computer) dort c: rechts klick auf den ordner qoobox, und zu qoobox.zip oder rar hinzufügen. wie unter punkt2 beschrieben, zu uns hochladen. http://www.trojaner-board.de/54791-a...ner-board.html |
Hi, wenn ich das hinzufügen versuche kommt nur eine box die mir sagt: ! Cannot create Qoobox.rar ! Access is denied. Was soll ich da machen? |
starte mal in den abgesicherten modus, normalerweise sollte es bei pc start die f8-taste sein, dann abgesicherter modus wählen,dort erstelle das archiv. starte neu, lad es hoch |
| Alle Zeitangaben in WEZ +1. Es ist jetzt 08:37 Uhr. |
Copyright ©2000-2025, Trojaner-Board