| |
| |||||||
Log-Analyse und Auswertung: Probleme mit div. Trojanern, z.B. Sirefref.AG.35Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
24.06.2012, 22:23
| #1 |
| |  Probleme mit div. Trojanern, z.B. Sirefref.AG.35 Hallo, Avira hat auf meinem Notebook per Echtzeitscanner 2 Viren festgestellt. Ich habe auf "Entfernen" gedrückt, Avira hat "repariert", kurz drauf aber stellt Avira erneut 2 Viren fest usw usw. Avira ist also anscheinend machtlos. Dann habe ich per Malwarebytes-Scan weitere Viren/Trojaner entdeckt. Malwarebytes hat diese in die Quarantäne verschoben. Ob die nun beseitigt sind oder nicht, weiß ich nicht, Avira meldet auf jeden Fall laufend neue Viren. Ich habe den Malwarebyte-Bericht angehängt und danach nochmals Maleware scannen lassen. Auch den zweiten Bericht habe ich angehängt. Ich bin mir übrigens keiner "Schuld" bewusst, soll heißen, dass ich wissentlich keine Anhänge mir unbekannter Mails geöffnet habe etc. Mein Router fungiert gleichzeitig als Firewall, Avira läuft als Anti-Viren-Programm und die Windows-Firewall (Win7) ist aktiv. Bzw. hier liegt auch ein Problem: Sie war aktiv, ich jedenfalls habe sie nie deaktiviert, aktuell aber lässt sie sich nicht in die von Windows empfohlenen Einstellungen versetzen (vermutlich durch die Viren/Trojaner). Zu folgenden Viren/Trojanern habe ich Warn-Meldungen erhalten: - Sirefref.AG.35 - Atrapas.Gen2 - Small/Fl - Crypt.Gypikon.C.3 - Inject.EP - Crypted.Gen - Frame.apf.6 Im Nachgang habe ich mich dann bei Google und hier auf Trojaner-Board nach den Viren gesucht, bin auf diverse Beiträge gestoßen, jedoch habe ich leider nichts im Sinne einer Lösung gefunden - daher nun dieser Post meinerseits. Defogger hat keine Meldung ausgegeben, ich gehe also davon aus, dass diesbezüglich alles ok ist. OTL hat bei mir nur die otl.txt erzeugt, diese folgt ein Stückchen weiter unten (und angehängt). Die gmer.txt ist ebenfalls angehängt, ebenso wie der Report von Avira. So, nun hoffe ich, dass ich alles ausführlich genug und richtig beschrieben habe und noch mehr hoffe ich auf Hilfe! Ganz vielen Dank dafür schonmal im Voraus! Schönen Gruß, Euphorbio ab hier folgt die otl.txt ........................................... OTL logfile created on: 22.06.2012 20:43:15 - Run 1 OTL by OldTimer - Version 3.2.51.0 Folder = C:\Users\Mathias\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,98 Gb Total Physical Memory | 1,88 Gb Available Physical Memory | 63,02% Memory free 5,95 Gb Paging File | 4,58 Gb Available in Paging File | 76,90% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 195,21 Gb Total Space | 104,82 Gb Free Space | 53,70% Space Free | Partition Type: NTFS Drive D: | 89,78 Gb Total Space | 77,50 Gb Free Space | 86,33% Space Free | Partition Type: NTFS Computer Name: MATHIAS-SAM | User Name: Mathias | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.22 20:42:50 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Mathias\Downloads\OTL.exe PRC - [2012.06.20 18:16:31 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Programme\Mozilla Firefox\firefox.exe PRC - [2012.06.14 19:15:39 | 001,535,176 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\System32\Macromed\Flash\FlashPlayerPlugin_11_3_300_257.exe PRC - [2012.06.13 17:37:04 | 001,088,904 | ---- | M] (Spigot, Inc.) -- C:\Programme\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) -- C:\Programme\Application Updater\ApplicationUpdater.exe PRC - [2012.05.08 18:49:50 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:49:50 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.03.26 09:00:48 | 000,640,440 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe PRC - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe PRC - [2011.09.01 19:12:16 | 000,010,848 | ---- | M] (DATEV eG) -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.06.10 00:52:40 | 012,002,664 | ---- | M] (Adobe Systems, Inc.) -- C:\Programme\Adobe\Adobe Bridge CS5\Bridge.exe PRC - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe PRC - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) -- C:\Programme\LSI SoftModem\agrsmsvc.exe PRC - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe PRC - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe PRC - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe PRC - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2010.03.05 09:46:22 | 001,206,544 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\iFrmewrk.exe PRC - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe PRC - [2010.01.19 11:34:48 | 002,201,192 | ---- | M] (SEC) -- C:\Programme\Samsung\Samsung Recovery Solution 4\WCScheduler.exe PRC - [2009.10.13 19:03:04 | 000,716,800 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2009.09.12 21:26:50 | 000,834,560 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2009.09.07 19:42:04 | 000,093,184 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2009.07.14 03:14:29 | 000,017,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\PrintIsolationHost.exe PRC - [2009.06.24 09:22:00 | 002,518,528 | ---- | M] (Option) -- C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe PRC - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe PRC - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkCSrv.exe PRC - [2008.05.29 10:16:22 | 000,327,680 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy ALS Manager\EasyALSManager.exe PRC - [2007.10.29 12:14:07 | 001,593,344 | ---- | M] (AGFEO) -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\ctimon.exe PRC - [2007.10.29 12:07:48 | 001,626,112 | ---- | M] (AGFEO ) -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tksock.exe PRC - [2007.09.26 20:57:01 | 000,118,784 | ---- | M] (AGFEO ) -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia.exe ========== Modules (No Company Name) ========== MOD - [2012.06.20 18:16:30 | 002,042,848 | ---- | M] () -- C:\Programme\Mozilla Firefox\mozjs.dll MOD - [2012.06.14 19:15:39 | 009,459,912 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_11_3_300_257.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.06.10 00:52:42 | 002,748,416 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\libmysqld.dll MOD - [2011.06.10 00:52:42 | 000,073,728 | ---- | M] () -- C:\Programme\Adobe\Adobe Bridge CS5\Symlib.dll MOD - [2009.06.24 09:22:00 | 000,077,824 | ---- | M] () -- C:\Programme\Option\GlobeTrotter Connect\custom.dll MOD - [2009.02.27 16:39:29 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU MOD - [2009.02.27 16:32:27 | 000,020,480 | ---- | M] () -- C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.FRA MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll MOD - [2006.05.12 13:49:58 | 000,020,480 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_xport.dll MOD - [2006.05.12 13:49:55 | 000,020,480 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_serial.dll MOD - [2006.05.12 13:49:51 | 000,028,672 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tkserver\tkmedia_lib.dll MOD - [2005.04.26 09:10:51 | 000,061,440 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\styles\qwindowsxpstyle.dll MOD - [2005.04.26 09:10:18 | 004,005,888 | ---- | M] () -- C:\Programme\AGFEO\Tk-Suite-Basic\tools\qt-mt334.dll MOD - [2003.07.11 02:09:28 | 000,048,192 | ---- | M] () -- C:\Programme\Common Files\microsoft shared\Web Folders\1031\NSEXTINT.DLL ========== Win32 Services (SafeList) ========== SRV - File not found [On_Demand | Stopped] -- Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn -- (Datev.Unternehmen.SystemComponents.ServiceBus.V0200.PlugIn) SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices.Messaging.CentralMessagingService -- (Datev.Framework.RemoteServices.Messaging.CentralMessagingService) SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -- (Datev.Framework.RemoteServices) SRV - File not found [Auto | Running] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -- (Datev.Framework.RemoteServiceModel.EnablerService) SRV - File not found [On_Demand | Stopped] -- D:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 -- (Datev.Database.Conserve) SRV - [2012.06.20 18:16:30 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.06.14 19:15:39 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.13 17:27:26 | 000,792,512 | ---- | M] (Spigot, Inc.) [Auto | Running] -- C:\Programme\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.05.08 18:49:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.08 18:49:50 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.02.23 12:40:40 | 002,886,528 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.12.09 03:20:00 | 000,079,872 | ---- | M] (DATEV eG) [Auto | Running] -- D:\DATEV\PROGRAMM\B0001442\PSNTServ.exe -- (DatevPrintService) SRV - [2011.07.25 03:49:00 | 000,172,640 | ---- | M] (DATEV eG) [On_Demand | Stopped] -- D:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe -- (DATEV Update-Service) SRV - [2011.04.24 01:33:20 | 000,367,456 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE -- (SQLAgent$SQLEXPRESS) SQL Server-Agent (SQLEXPRESS) SRV - [2011.04.24 01:33:18 | 042,872,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\MSSQL10_50.SQLEXPRESS\MSSQL\Binn\sqlservr.exe -- (MSSQL$SQLEXPRESS) SQL Server (SQLEXPRESS) SRV - [2011.02.07 16:27:40 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.01.25 16:01:40 | 002,253,176 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Programme\TeamViewer\Version6\TeamViewer_Service.exe -- (TeamViewer6) SRV - [2010.12.10 19:29:30 | 029,293,408 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\sqlservr.exe -- (MSSQL$DATEV_CL_DE01) SQL Server (DATEV_CL_DE01) SRV - [2010.12.10 19:29:30 | 000,044,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqladhlp90.exe -- (MSSQLServerADHelper) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.07.25 21:04:12 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.04.26 19:10:19 | 000,014,336 | ---- | M] (LSI Corporation) [Auto | Running] -- C:\Programme\LSI SoftModem\agrsmsvc.exe -- (AgereModemAudio) SRV - [2010.04.03 11:56:08 | 000,267,616 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlbrowser.exe -- (SQLBrowser) SRV - [2010.04.03 11:56:08 | 000,097,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.04.03 11:56:08 | 000,044,896 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- c:\Programme\Microsoft SQL Server\100\Shared\sqladhlp.exe -- (MSSQLServerADHelper100) SRV - [2010.03.26 04:07:42 | 000,091,992 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft SQL Server\MSSQL.1\MSSQL\Binn\msftesql.exe -- (msftesql$DATEV_CL_DE01) SQL Server-Volltextsuche (DATEV_CL_DE01) SRV - [2010.03.05 10:01:46 | 000,862,480 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R) SRV - [2010.03.05 09:45:22 | 000,227,600 | ---- | M] () [On_Demand | Stopped] -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV - [2010.03.05 09:43:50 | 000,473,360 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.05.04 16:49:20 | 000,545,792 | ---- | M] (OptionNV) [Auto | Running] -- C:\Programme\Option\GlobeTrotter Connect\GtDetectSc.exe -- (GtDetectSc) SRV - [2009.05.03 15:05:04 | 000,031,248 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkCSrv.exe -- (StkSSrv) SRV - [2003.07.28 12:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\drivers\RTKVHDA.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM) DRV - [2012.05.08 18:49:50 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:49:50 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.11 15:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.08.13 21:48:16 | 009,824,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2010.08.13 19:27:41 | 000,221,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1y6232.sys -- (e1yexpress) Intel(R) DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2010.04.26 19:10:19 | 001,161,760 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2010.04.03 11:02:54 | 000,240,608 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\System32\drivers\RsFx0150.sys -- (RsFx0150) DRV - [2010.03.17 22:21:16 | 006,758,912 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw5s32.sys -- (NETw5s32) Intel(R) DRV - [2009.12.03 16:48:44 | 000,625,224 | ---- | M] (AuthenTec, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATSwpWDF.sys -- (ATSwpWDF) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 01:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM) DRV - [2009.07.14 00:02:51 | 004,231,168 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netw5v32.sys -- (netw5v32) Intel(R) DRV - [2009.07.03 11:29:10 | 001,436,560 | ---- | M] (Syntek) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini) DRV - [2009.06.27 06:55:12 | 000,066,080 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.06.25 16:58:10 | 000,048,128 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk) DRV - [2009.05.13 15:57:46 | 000,066,560 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsbus.sys -- (GTUHSBUS) DRV - [2009.05.13 15:56:46 | 000,008,064 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhsser.sys -- (GTUHSSER) DRV - [2009.05.13 15:56:24 | 000,107,520 | ---- | M] (Option N.V.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\gtuhs51.sys -- (GTUHSNDISIPXP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C3 71 EF 6D E4 FB CC 01 [binary data] IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{7D41AECD-AE0B-45A3-98A3-4BB32531D019}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=827316&ilc=12" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.49 FF - prefs.js..extensions.enabledItems: {c75a27d8-4529-449f-b67b-aba65d7a1c0a}:0.5 FF - prefs.js..extensions.enabledItems: {c45c406e-ab73-11d8-be73-000a95be3b12}:1.1.9 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://de.search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&ilc=12&type=827316&p=" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.20 18:16:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.13 09:25:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.17 20:07:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions [2010.07.26 20:41:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.06.19 11:39:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions [2011.01.11 18:37:22 | 000,000,000 | ---D | M] (Web Developer) -- C:\Users\Mathias\AppData\Roaming\mozilla\Firefox\Profiles\dna7torf.default\extensions\{c45c406e-ab73-11d8-be73-000a95be3b12} [2012.04.26 15:51:34 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.19 11:39:48 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES\COMMON FILES\SPIGOT\WTXPCOM [2012.01.23 10:11:19 | 000,138,614 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\{D40F5E7B-D2CF-4856-B441-CC613EEFFBE3}.XPI [2012.05.17 10:32:12 | 001,335,949 | ---- | M] () (No name found) -- C:\USERS\MATHIAS\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\DNA7TORF.DEFAULT\EXTENSIONS\FIREBUG@SOFTWARE.JOEHEWITT.COM.XPI [2012.06.20 18:16:31 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.04.13 17:25:14 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.02.14 09:48:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.14 09:48:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.02.14 09:48:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.02.14 09:48:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.14 09:48:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.14 09:48:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Programme\pdfforge Toolbar\IE\5.9\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Programme\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKCU..\Run: [AdobeBridge] C:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Mathias\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\GlobeTrotter Connect.lnk = C:\Programme\Option\GlobeTrotter Connect\GlobeTrotter Connect.exe (Option) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 1 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{27BFD403-7C17-461D-889C-F931E9BD8BBF}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AA65866-DE09-466E-9FB8-0499465A0EB6}: NameServer = 0.0.0.0 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - c:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.22 17:28:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Roaming\Malwarebytes [2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.22 17:27:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.22 17:27:53 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.22 17:27:53 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.19 12:55:43 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Wasserleitung-Schmidsfelden [2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Spigot [2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\pdfforge Toolbar [2012.06.19 11:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\Application Updater [2012.06.19 11:39:36 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.06.15 09:06:19 | 000,000,000 | ---D | C] -- C:\Users\Mathias\AppData\Local\Macromedia [2012.06.14 15:31:05 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Fontviewer [2012.05.24 00:46:44 | 000,000,000 | ---D | C] -- C:\Users\Mathias\Desktop\Seminar Rückschnitt 09+10+11 [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.22 20:41:37 | 000,000,000 | ---- | M] () -- C:\Users\Mathias\defogger_reenable [2012.06.22 20:37:58 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 20:37:58 | 000,015,184 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.22 20:29:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.22 20:29:06 | 2399,023,104 | -HS- | M] () -- C:\hiberfil.sys [2012.06.22 20:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.22 17:59:28 | 000,196,608 | ---- | M] () -- C:\Windows\System32\Ikeext.etl [2012.06.22 17:27:54 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.22 13:15:10 | 000,000,013 | ---- | M] () -- C:\AktProjektAdresse.csr [2012.06.21 16:41:14 | 000,001,456 | ---- | M] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs [2012.06.21 13:16:07 | 000,860,104 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.21 13:16:07 | 000,798,748 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.21 13:16:07 | 000,209,568 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.21 13:16:07 | 000,172,798 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.21 12:41:44 | 032,563,200 | ---- | M] () -- C:\Users\Mathias\Desktop\DatenPflege+Statistik.mdb [2012.06.20 13:44:44 | 006,389,005 | ---- | M] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf [2012.06.20 13:35:58 | 003,249,630 | ---- | M] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf [2012.06.15 11:35:41 | 000,002,093 | ---- | M] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk [2012.06.14 18:27:31 | 003,838,544 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 09:50:04 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI [2012.06.13 09:26:22 | 000,080,697 | ---- | M] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf [2012.06.12 13:35:38 | 002,611,047 | ---- | M] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf [2012.06.07 09:56:47 | 000,000,132 | ---- | M] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs [2012.06.06 22:21:40 | 000,267,406 | ---- | M] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments 5.3 DE.pdf [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.22 20:41:37 | 000,000,000 | ---- | C] () -- C:\Users\Mathias\defogger_reenable [2012.06.22 20:32:55 | 000,018,944 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\800000cb.@ [2012.06.22 20:32:54 | 000,012,288 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\80000000.@ [2012.06.22 20:32:52 | 000,001,648 | ---- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\U\00000001.@ [2012.06.22 17:27:54 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.20 13:42:30 | 006,389,005 | ---- | C] () -- C:\Users\Mathias\Desktop\landingpage-seo-1.1.1.pdf [2012.06.20 13:34:50 | 003,249,630 | ---- | C] () -- C:\Users\Mathias\Desktop\GooglePlus_Local_Guide2012.pdf [2012.06.15 11:35:21 | 000,002,093 | ---- | C] () -- C:\Users\Mathias\Desktop\Neue Fotos.lnk [2012.06.13 09:17:42 | 000,080,697 | ---- | C] () -- C:\Users\Mathias\Desktop\Christmann - Bosch Koch Röttgen UZ 320-Entw Stand 27.04.2012_Fragen_Röttgen.pdf [2012.06.12 13:35:37 | 002,611,047 | ---- | C] () -- C:\Users\Mathias\Desktop\pinterest_fuer_unternehmen_marketing_guide_v1.pdf [2012.06.06 22:21:31 | 000,267,406 | ---- | C] () -- C:\Users\Mathias\Desktop\Auftragsimport DD-Shipments 5.3 DE.pdf [2012.06.06 18:04:25 | 000,196,608 | ---- | C] () -- C:\Windows\System32\Ikeext.etl [2012.01.17 18:43:46 | 000,002,048 | -HS- | C] () -- C:\Windows\Installer\{61ca803e-5469-d304-2e83-941e5afd86ac}\@ [2012.01.17 18:43:46 | 000,002,048 | -HS- | C] () -- C:\Users\Mathias\AppData\Local\{61ca803e-5469-d304-2e83-941e5afd86ac}\@ [2011.11.22 22:47:27 | 000,000,028 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\PhonerLitesettings.ini [2011.10.30 17:57:56 | 000,004,705 | ---- | C] () -- C:\Users\Mathias\AppData\Local\EmptySettings.xml [2011.10.30 17:43:29 | 000,000,130 | ---- | C] () -- C:\ProgramData\Microsoft.SqlServer.Compact.351.32.bc [2011.10.30 13:50:58 | 000,014,680 | ---- | C] () -- C:\Windows\System32\skypdfmonpro.dll [2011.10.30 13:50:58 | 000,012,632 | ---- | C] () -- C:\Windows\System32\skypdfmonuipro.dll [2011.10.30 13:28:54 | 000,000,021 | ---- | C] () -- C:\Windows\DvInesKurusOleServer003.INI [2011.10.30 13:23:20 | 000,000,109 | ---- | C] () -- C:\Windows\dvinesinstalllocation001.INI [2011.10.30 13:18:50 | 000,000,110 | ---- | C] () -- C:\Windows\Startup.INI [2011.08.18 11:25:19 | 000,323,072 | ---- | C] () -- C:\Windows\System32\Rar.exe [2011.07.04 18:43:11 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.18 19:50:03 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe BMP Format CS5 Prefs [2011.05.18 19:46:06 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe GIF Format CS5 Prefs [2011.03.21 08:51:25 | 000,167,936 | ---- | C] () -- C:\Windows\System32\pyrobatchcontrol.dll [2011.03.21 08:51:25 | 000,090,112 | ---- | C] () -- C:\Windows\System32\StrStorage.dll [2011.03.21 08:51:25 | 000,086,016 | ---- | C] ( ) -- C:\Windows\System32\rmpHTML.dll [2011.03.21 08:51:25 | 000,015,872 | ---- | C] () -- C:\Windows\System32\CSRcryptRDP5.exe [2011.03.21 08:51:24 | 000,448,099 | ---- | C] () -- C:\Windows\System32\BINFO.DAT [2011.03.21 08:51:24 | 000,110,997 | ---- | C] () -- C:\Windows\System32\BNAME.DAT [2011.03.21 08:51:24 | 000,041,122 | ---- | C] () -- C:\Windows\System32\BLZ.DAT [2011.02.18 20:07:13 | 000,000,116 | ---- | C] () -- C:\Users\Mathias\SciTE.session [2010.10.07 20:26:07 | 000,000,132 | ---- | C] () -- C:\Users\Mathias\AppData\Roaming\Adobe PNG Format CS5 Prefs [2010.08.28 11:02:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2010.08.15 12:12:15 | 000,001,456 | ---- | C] () -- C:\Users\Mathias\AppData\Local\Adobe Für Web speichern 12.0 Prefs ========== LOP Check ========== [2010.11.20 22:21:16 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Canneverbe Limited [2010.11.07 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2011.10.30 19:32:23 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\DATEV [2011.10.07 10:34:00 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\elsterformular [2011.11.12 10:40:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\GetRightToGo [2010.08.15 14:52:46 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\GHISLER [2011.05.11 20:28:39 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\IrfanView [2010.12.30 12:41:19 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\LibreOffice [2010.10.11 18:35:14 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Opera [2012.03.26 23:11:53 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\pdfforge [2010.10.05 19:33:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Phoner [2011.11.22 22:47:27 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\PhonerLite [2010.08.15 11:37:33 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.03.06 16:17:52 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\TeamViewer [2011.06.29 12:39:28 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\Thunderbird [2012.06.01 14:08:35 | 000,000,000 | ---D | M] -- C:\Users\Mathias\AppData\Roaming\XnView [2012.02.24 22:55:47 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > |
| Themen zu Probleme mit div. Trojanern, z.B. Sirefref.AG.35 |
| antivir, bho, bonjour, datenpflege, desktop, echtzeitscanner, entfernen, excel, firefox, firefox 13.0.1, flash player, format, frage, google, hängen, langs, logfile, maleware, mozilla, object, pdfforge toolbar, plug-in, problem, realtek, registry, scan, searchscopes, server, software, trojaner, trojaner-board, version=1.0, viren, windows-firewall |
Baum-Darstellung