Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS

Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS


Log-Analyse und Auswertung: Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 09.11.2012, 18:26   #7
verne
 
Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS - Standard

Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS


Super. Danke

OTL FIX

Code:
ATTFilter
All processes killed
========== OTL ==========
C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\@ moved successfully.
C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\L folder moved successfully.
C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\U folder moved successfully.
File C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\L\00000004.@ not found.
C:\Users\H\AppData\Local\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\@ moved successfully.
C:\Users\H\AppData\Local\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\L folder moved successfully.
C:\Users\H\AppData\Local\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\U folder moved successfully.
C:\Windows\assembly\Desktop.ini moved successfully.
========== FILES ==========
C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1} folder moved successfully.
C:\Users\H\AppData\Local\{9acaeced-7aa0-4061-cb35-2b8eafec64c1} folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: H
->Temp folder emptied: 188102 bytes
->Temporary Internet Files folder emptied: 280103848 bytes
->Java cache emptied: 2654440 bytes
->FireFox cache emptied: 91479215 bytes
->Google Chrome cache emptied: 73065712 bytes
->Flash cache emptied: 8809 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 277932 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 2408448 bytes
 
Total Files Cleaned = 429.00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 11092012_181037

Files\Folders moved on Reboot...
File move failed. C:\Windows\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.
File move failed. C:\Windows\temp\asat0000.tmp scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
OTL Kontrollscan

Code:
ATTFilter
OTL logfile created on: 11/9/2012 6:18:44 PM - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\H\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1.87 Gb Total Physical Memory | 0.55 Gb Available Physical Memory | 29.52% Memory free
3.73 Gb Paging File | 1.58 Gb Available in Paging File | 42.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 288.02 Gb Total Space | 216.28 Gb Free Space | 75.09% Space Free | Partition Type: NTFS
Drive D: | 8.06 Gb Total Space | 0.94 Gb Free Space | 11.69% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: H-HP | User Name: H | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012/11/08 18:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\H\Desktop\OTL.exe
PRC - [2012/10/30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2012/09/29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012/07/25 03:08:10 | 026,909,544 | ---- | M] (Dropbox, Inc.) -- C:\Users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012/06/28 07:38:34 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2012/06/13 15:53:48 | 001,014,112 | ---- | M] (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) -- C:\Program Files\Evernote\Evernote\EvernoteClipper.exe
PRC - [2012/03/26 16:08:12 | 000,931,200 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2012/01/10 18:36:34 | 001,083,264 | ---- | M] (Nokia) -- C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012/01/04 13:32:18 | 000,173,096 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012/01/04 13:32:06 | 000,148,520 | ---- | M] (Nokia) -- C:\Program Files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
PRC - [2011/07/31 14:07:18 | 000,189,808 | ---- | M] (Haufe-Lexware GmbH & Co. KG) -- C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe
PRC - [2011/06/29 15:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) -- C:\Program Files\Sybase\SQL Anywhere 9\Win32\DbSrv9.exe
PRC - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) -- C:\Program Files\FileZilla Server\FileZilla Server.exe
PRC - [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2009/11/04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009/11/04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009/11/04 23:46:30 | 001,098,264 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PrivacyIconClient.exe
PRC - [2009/06/04 00:16:42 | 000,207,400 | ---- | M] (ActivIdentity) -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe
PRC - [2009/06/04 00:16:34 | 000,153,640 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\acevents.exe
PRC - [2009/06/04 00:13:28 | 000,400,936 | ---- | M] (ActivIdentity) -- C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe
PRC - [2009/03/26 06:53:14 | 000,524,288 | ---- | M] (Brother Industries Ltd.) -- C:\Program Files\Brother\Brmfl05b\FAXRX.exe
PRC - [2007/12/03 10:26:02 | 000,498,792 | ---- | M] () -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
PRC - [2007/12/03 10:09:42 | 000,911,184 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe
PRC - [2007/12/03 10:06:38 | 000,140,568 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2007/12/03 10:06:36 | 000,427,288 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2007/12/03 10:06:08 | 002,622,104 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe
PRC - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012/06/28 07:38:33 | 002,042,848 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2012/05/30 19:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/05/30 19:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012/03/16 14:42:58 | 000,315,392 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libtidy.dll
MOD - [2012/03/16 14:42:56 | 000,433,664 | ---- | M] () -- C:\Program Files\Evernote\Evernote\libxml2.dll
MOD - [2012/02/27 07:01:13 | 008,527,008 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32.dll
MOD - [2012/01/10 18:38:40 | 000,423,808 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012/01/10 18:38:38 | 000,058,240 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\securestorage.dll
MOD - [2012/01/10 18:38:34 | 000,095,104 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\qjson.dll
MOD - [2012/01/10 18:38:32 | 000,272,768 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\phonon4.dll
MOD - [2012/01/10 18:38:00 | 000,384,896 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtCore.dll
MOD - [2012/01/10 18:38:00 | 000,165,248 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QxtWeb.dll
MOD - [2012/01/10 18:37:58 | 002,557,312 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012/01/10 18:37:56 | 000,346,496 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012/01/10 18:37:54 | 010,843,520 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012/01/10 18:37:48 | 000,196,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012/01/10 18:37:46 | 001,294,208 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012/01/10 18:37:44 | 000,682,880 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012/01/10 18:37:42 | 000,919,936 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012/01/10 18:37:40 | 000,517,504 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012/01/10 18:37:38 | 008,172,928 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012/01/10 18:37:36 | 002,252,672 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012/01/10 18:37:34 | 002,288,512 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012/01/10 18:37:32 | 000,422,272 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012/01/10 18:37:22 | 000,202,624 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012/01/10 18:37:20 | 000,034,688 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012/01/10 18:37:18 | 000,032,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012/01/10 18:36:38 | 000,388,480 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\OviShareLib.dll
MOD - [2012/01/10 18:36:24 | 000,437,632 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\NService.dll
MOD - [2012/01/10 18:36:02 | 001,037,696 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\Maps Service API.dll
MOD - [2012/01/10 18:35:06 | 000,758,656 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012/01/05 16:00:24 | 000,112,640 | ---- | M] () -- C:\Program Files\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2009/02/27 15:38:20 | 000,139,264 | R--- | M] () -- C:\Program Files\Brother\BrUtilities\BrLogAPI.dll
MOD - [2007/12/03 09:58:28 | 001,336,600 | ---- | M] () -- C:\Program Files\Acronis\TrueImageHome\fox.dll
MOD - [2005/02/02 12:38:18 | 000,024,576 | ---- | M] () -- C:\Program Files\Brother\Brmfl05b\brrunpp.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe -- (HP Health Check Service)
SRV - [2012/10/30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012/09/29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/09/29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/06/28 07:38:33 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/03/26 16:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/01/04 13:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011/06/29 15:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Stopped] -- C:\Program Files\Sybase\SQL Anywhere 9\win32\dbsrv9.exe -- (Lexware_Professional_Datenbank)
SRV - [2011/06/29 15:16:30 | 000,083,248 | ---- | M] (iAnywhere Solutions, Inc.) [Auto | Running] -- C:\Program Files\Sybase\SQL Anywhere 9\Win32\DbSrv9.exe -- (ASANYs_LXDBSRV)
SRV - [2011/06/07 20:29:16 | 000,630,272 | ---- | M] (FileZilla Project) [Auto | Running] -- C:\Program Files\FileZilla Server\FileZilla Server.exe -- (FileZilla Server)
SRV - [2009/11/04 23:46:40 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009/11/04 23:46:38 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009/07/14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009/07/14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2009/07/14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2009/06/04 00:16:42 | 000,207,400 | ---- | M] (ActivIdentity) [Auto | Running] -- C:\Program Files\Common Files\ActivIdentity\ac.sharedstore.exe -- (ac.sharedstore)
SRV - [2007/12/03 10:26:02 | 000,498,792 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2007/12/03 10:06:36 | 000,427,288 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007/07/24 19:15:14 | 000,185,632 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2007/01/05 03:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Users\H\AppData\Local\Temp\catchme.sys -- (catchme)
DRV - [2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV - [2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr2.sys -- (aswRdr)
DRV - [2012/09/29 19:54:26 | 000,022,856 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/03/20 19:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/11/01 10:07:26 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2011/11/01 10:07:26 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2011/11/01 10:07:24 | 000,023,168 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2011/06/03 09:53:27 | 000,441,760 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\timntr.sys -- (timounter)
DRV - [2011/06/03 09:53:27 | 000,044,384 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\System32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2011/06/03 09:53:25 | 000,129,248 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\snapman.sys -- (snapman)
DRV - [2011/06/03 09:53:23 | 000,368,480 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\tdrpman.sys -- (tdrpman)
DRV - [2010/11/20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010/11/20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010/11/20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010/11/20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/11/20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010/11/20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2009/12/10 18:36:54 | 000,214,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1k6232.sys -- (e1kexpress)
DRV - [2009/10/30 15:55:30 | 000,209,920 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\IntcDAud.sys -- (IntcDAud)
DRV - [2009/10/26 21:39:04 | 000,125,696 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Impcd.sys -- (Impcd)
DRV - [2009/09/17 22:54:14 | 000,041,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\HECI.sys -- (HECI)
DRV - [2009/07/14 01:56:07 | 000,265,088 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrSerIb.sys -- (BrSerIb)
DRV - [2009/07/14 00:12:52 | 000,030,720 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tpm.sys -- (TPM)
DRV - [2009/07/13 23:53:33 | 000,011,904 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BrUsbSIb.sys -- (BrUsbSIb)
DRV - [2009/05/16 01:15:14 | 000,214,024 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2009/05/16 01:15:14 | 000,079,816 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (MfeAVFK)
DRV - [2009/05/16 01:15:14 | 000,055,336 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2009/05/16 01:15:14 | 000,035,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (MfeBOPK)
DRV - [2009/05/16 01:15:14 | 000,034,248 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (MfeRKDK)
DRV - [2008/08/26 09:26:12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2007/04/18 04:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\regi.sys -- (regi)
DRV - [2005/03/01 09:46:56 | 000,053,632 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Gigusb.sys -- (Gigusb)
DRV - [2005/03/01 09:36:02 | 000,008,448 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DectEnum.sys -- (DectEnum)
DRV - [2005/03/01 09:33:18 | 000,113,408 | ---- | M] (Siemens AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\siellif.sys -- (siellif)
DRV - [2004/09/08 14:22:04 | 000,050,759 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IUAPIWDM.sys -- (IUAPIWDM)
DRV - [2004/09/08 14:22:02 | 000,263,751 | ---- | M] (SIEMENS AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hrcmpa.sys -- (HRCMPA)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPCOM/10
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{DB5A2174-834D-4755-9DD5-090ECC0E845F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\..\SearchScopes\{4D10C6F1-DF38-4D4A-A2B0-44CE963C0A9A}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\..\SearchScopes\{BCBFCC6A-E5E1-4019-9C84-B3CEE711E723}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=549CA391-0331-4F00-AFFB-CDA9720B72E1&apn_sauid=DAAAA6A2-1E40-45B7-9927-34EAB503AB97
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\..\SearchScopes\{DB5A2174-834D-4755-9DD5-090ECC0E845F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=CMDTDF&pc=CMDTDF&src=IE-SearchBox
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Google"
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://email.kalsperger.de/"
FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.2
FF - prefs.js..extensions.enabledAddons: wrc@avast.com:7.0.1474
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_8.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_8.0 [2012/01/17 09:36:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/11/08 16:03:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/06/28 07:38:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012/01/17 09:36:18 | 000,000,000 | ---D | M]
 
[2011/07/14 17:41:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H\AppData\Roaming\mozilla\Extensions
[2012/11/08 15:55:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\H\AppData\Roaming\mozilla\Firefox\Profiles\icbawfjd.default\extensions
[2012/11/08 15:50:43 | 000,029,003 | ---- | M] () (No name found) -- C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\icbawfjd.default\extensions\groovesharkUnlocker@overlord1337.xpi
[2012/11/08 15:55:40 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\H\AppData\Roaming\mozilla\firefox\profiles\icbawfjd.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012/11/08 18:43:48 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2012/11/08 18:43:49 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/11/08 16:03:10 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/06/28 07:38:34 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/06/28 07:38:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/28 07:38:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/06/28 07:38:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/28 07:38:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/28 07:38:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/28 07:38:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\23.0.1271.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Google Drive = C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.2_0\
CHR - Extension: YouTube = C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: avast! WebRep = C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1474_0\
CHR - Extension: Google Mail = C:\Users\H\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2012/11/09 16:29:08 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [accrdsub] C:\Program Files\ActivIdentity\ActivClient\accrdsub.exe (ActivIdentity)
O4 - HKLM..\Run: [acevents] C:\Program Files\ActivIdentity\ActivClient\acevents.exe (ActivIdentity)
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [ControlCenter3] C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [IMSS] C:\Program Files\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe ()
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKU\S-1-5-21-363469510-3751646668-3835496572-1002..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\H\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O4 - Startup: C:\Users\H\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FAXRX.lnk = C:\Program Files\Brother\Brmfl05b\FAXRX.exe (Brother Industries Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-363469510-3751646668-3835496572-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Evernote 4.0 - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab (Java Plug-in 1.6.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11849FD9-A6A2-4AE5-BDD8-E6A04E7AE032}: DhcpNameServer = 192.168.2.1
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30 - LSA: Authentication Packages - (relog_ap) - C:\Windows\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012/11/09 18:10:37 | 000,000,000 | ---D | C] -- C:\_OTL
[2012/11/09 16:29:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012/11/09 16:14:54 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012/11/09 16:14:54 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012/11/09 16:14:54 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012/11/09 16:14:44 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012/11/09 16:14:16 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012/11/09 16:10:15 | 004,998,937 | R--- | C] (Swearware) -- C:\Users\H\Desktop\ComboFix.exe
[2012/11/08 18:52:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\H\Desktop\OTL.exe
[2012/11/08 18:45:30 | 000,000,000 | ---D | C] -- C:\Users\H\AppData\Roaming\Malwarebytes
[2012/11/08 18:45:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/08 18:45:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012/11/08 18:45:09 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012/11/08 18:45:09 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/08 16:05:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2012/11/08 16:03:40 | 000,361,032 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/11/08 16:03:40 | 000,021,256 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/11/08 16:03:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012/11/08 16:03:39 | 000,054,232 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/11/08 16:03:39 | 000,044,784 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
[2012/11/08 16:03:38 | 000,738,504 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/11/08 16:03:36 | 000,058,680 | ---- | C] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/11/08 16:02:58 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/11/08 16:02:58 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/11/08 16:02:48 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012/11/08 16:02:48 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/10/18 07:48:07 | 000,000,000 | ---D | C] -- C:\Users\H\Documents\Musterangebote SCM
 
========== Files - Modified Within 30 Days ==========
 
[2012/11/09 18:19:29 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 18:19:29 | 000,016,768 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/11/09 18:16:16 | 000,659,764 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/11/09 18:16:16 | 000,621,040 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/11/09 18:16:16 | 000,132,036 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/11/09 18:16:16 | 000,108,260 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/11/09 18:16:01 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/09 18:12:19 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/09 18:11:56 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/11/09 18:11:50 | 1503,100,928 | -HS- | M] () -- C:\hiberfil.sys
[2012/11/09 17:34:08 | 000,000,120 | ---- | M] () -- C:\Users\H\Desktop\R1AmSPDs.htm.part.htm
[2012/11/09 17:26:00 | 000,541,569 | ---- | M] () -- C:\Users\H\Desktop\adwcleaner.exe
[2012/11/09 16:29:43 | 000,000,785 | ---- | M] () -- C:\Windows\ODBC.INI
[2012/11/09 16:29:08 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts
[2012/11/09 16:10:43 | 004,998,937 | R--- | M] (Swearware) -- C:\Users\H\Desktop\ComboFix.exe
[2012/11/09 12:30:33 | 000,000,477 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012/11/08 18:53:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\H\Desktop\OTL.exe
[2012/11/08 18:51:42 | 000,733,638 | ---- | M] () -- C:\Users\H\Desktop\trj3.bmp
[2012/11/08 18:45:16 | 000,001,069 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/11/08 18:44:29 | 000,470,970 | ---- | M] () -- C:\Users\H\Desktop\trj2.bmp
[2012/11/08 18:42:53 | 000,470,678 | ---- | M] () -- C:\Users\H\Desktop\trj1.bmp
[2012/11/08 18:35:55 | 000,000,155 | ---- | M] () -- C:\Windows\Brfaxrx.ini
[2012/11/08 16:05:20 | 000,002,237 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/08 16:03:40 | 000,002,113 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/11/08 16:03:36 | 000,002,577 | ---- | M] () -- C:\Windows\System32\config.nt
[2012/10/30 23:51:58 | 000,738,504 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSnx.sys
[2012/10/30 23:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswSP.sys
[2012/10/30 23:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswTdi.sys
[2012/10/30 23:51:57 | 000,058,680 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswMonFlt.sys
[2012/10/30 23:51:56 | 000,021,256 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswFsBlk.sys
[2012/10/30 23:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\Windows\avastSS.scr
[2012/10/30 23:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\Windows\System32\aswBoot.exe
[2012/10/18 11:45:19 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2012/10/18 11:45:19 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2012/10/15 17:59:28 | 000,044,784 | ---- | M] (AVAST Software) -- C:\Windows\System32\drivers\aswRdr2.sys
 
========== Files Created - No Company Name ==========
 
[2012/11/09 17:34:06 | 000,000,120 | ---- | C] () -- C:\Users\H\Desktop\R1AmSPDs.htm.part.htm
[2012/11/09 17:25:58 | 000,541,569 | ---- | C] () -- C:\Users\H\Desktop\adwcleaner.exe
[2012/11/09 16:14:54 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012/11/09 16:14:54 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012/11/09 16:14:54 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012/11/09 16:14:54 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012/11/09 16:14:54 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012/11/08 18:51:42 | 000,733,638 | ---- | C] () -- C:\Users\H\Desktop\trj3.bmp
[2012/11/08 18:45:16 | 000,001,069 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/11/08 18:44:29 | 000,470,970 | ---- | C] () -- C:\Users\H\Desktop\trj2.bmp
[2012/11/08 18:42:53 | 000,470,678 | ---- | C] () -- C:\Users\H\Desktop\trj1.bmp
[2012/11/08 16:05:20 | 000,002,237 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2012/11/08 16:03:40 | 000,002,113 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012/10/18 11:45:19 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2012/10/18 11:45:19 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2012/08/06 07:24:03 | 000,038,409 | ---- | C] () -- C:\Users\H\AppData\Roaming\Kommagetrennte Werte (DOS).ADR
[2012/07/30 17:35:03 | 000,038,430 | ---- | C] () -- C:\Users\H\AppData\Roaming\Kommagetrennte Werte (Windows).ADR
[2012/07/27 09:16:47 | 000,038,419 | ---- | C] () -- C:\Users\H\AppData\Roaming\Microsoft Excel 97-2003.ADR
[2011/09/28 09:00:14 | 000,006,656 | ---- | C] () -- C:\Users\H\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\System32\LXPrnUtil10.dll
[2011/09/27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\System32\LxDNT100.dll
[2011/09/27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\System32\LxDNTvmc100.dll
[2011/09/27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\System32\LxDNTvm100.dll
[2011/07/14 17:40:51 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011/06/01 08:39:56 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/30 16:16:15 | 000,017,125 | ---- | C] () -- C:\Windows\LxFrame.ini
[2011/05/30 15:26:53 | 000,000,970 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011/05/30 15:26:53 | 000,000,785 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/05/30 15:01:07 | 000,000,821 | ---- | C] () -- C:\Windows\Brpfx04a.ini
[2011/05/30 15:01:07 | 000,000,153 | ---- | C] () -- C:\Windows\brpcfx.ini
[2011/05/30 15:00:46 | 000,000,477 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011/05/30 15:00:46 | 000,000,065 | ---- | C] () -- C:\Windows\System32\BD9420CN.DAT
[2011/05/30 15:00:46 | 000,000,026 | ---- | C] () -- C:\Windows\BRPP2KA.INI
[2011/05/30 15:00:23 | 000,106,496 | ---- | C] () -- C:\Windows\System32\BrMuSNMP.dll
[2011/05/30 15:00:22 | 000,000,155 | ---- | C] () -- C:\Windows\Brfaxrx.ini
[2011/05/30 15:00:22 | 000,000,000 | ---- | C] () -- C:\Windows\brdfxspd.dat
[2011/05/30 15:00:17 | 000,045,056 | ---- | C] () -- C:\Windows\System32\BRTCPCON.DLL
[2011/05/30 15:00:11 | 000,000,114 | ---- | C] () -- C:\Windows\System32\BRLMW03A.INI
[2011/02/11 18:10:52 | 000,127,868 | ---- | C] () -- C:\Windows\System32\igcompkrng575.bin
[2011/02/11 18:10:52 | 000,104,796 | ---- | C] () -- C:\Windows\System32\igfcg575m.bin
[2011/02/11 18:10:50 | 000,874,048 | ---- | C] () -- C:\Windows\System32\igkrng575.bin
[2011/02/11 17:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll
 
========== ZeroAccess Check ==========
 
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009/07/14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012/11/09 18:13:48 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\Dropbox
[2011/05/30 16:13:54 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\FileZilla
[2012/07/13 18:07:18 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\kock
[2012/05/04 17:16:24 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\Lexware
[2012/01/17 09:36:52 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\Nokia
[2011/09/28 08:54:29 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\Nokia Ovi Suite
[2012/01/31 17:24:42 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\Nokia Suite
[2012/01/31 17:43:02 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\PC Suite
[2011/07/21 10:43:17 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\PC-FAX TX
[2011/06/11 13:49:59 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\TeamViewer
[2012/07/16 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\UAs
[2012/07/16 18:52:06 | 000,000,000 | ---D | M] -- C:\Users\H\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 60 bytes -> C:\Users\H\Desktop\final 03.2012 Newsletter Kalsperger.pdf:AFP_AfpInfo

< End of report >

 

Themen zu Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS
administrator, anti-malware, appdata, autostart, avast, blockiert, dateien, desktop.ini, explorer, fehler, forum, gelöscht, gen, infizierte, log, löschen, malware, malwarebytes, programme, services.exe, software, speicher, system, system32, trojanisches pferd, windows


« "Hänger"/"Freezes" im System | C:\...\avgtray.exe\129784532353404568 (etc. Rest unleserlich) Schweregrad: Hoch Bedrohung: Win32:Regrun-HB[Trj] »


Ähnliche Themen: Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS


  1. Win32:Malware-gen und Win32:Downloader-PKU.C:\Windows\System32\services.exe.Weitere Meldungen
    Log-Analyse und Auswertung - 12.09.2012 (10)
  2. Win32: Sirefef-AHF [Trj] und Win32: Malware-gen in C:\Windows\System32\services.exe Windows 7 64bit
    Log-Analyse und Auswertung - 31.08.2012 (16)
  3. Probleme mit Windows 7 Service Pack 1
    Nachrichten - 11.03.2011 (0)
  4. Service Pack 1 zu Windows 7 und Windows Server 2008 R2 veröffentlicht
    Nachrichten - 25.02.2011 (0)
  5. SP1-Download: Windows 7 Service Pack 1 und Windows Server 2008 R2 Service Pack 1
    Nachrichten - 25.02.2011 (0)
  6. Service Pack 1 für Windows 7 und Windows Server 2008 R2 ist fertig
    Nachrichten - 25.02.2011 (0)
  7. Service Pack 1 für Windows 7 zum freien Download
    Nachrichten - 22.02.2011 (0)
  8. Support für Windows 2000 sowie das Service Pack 2 für Windows XP beendet
    Nachrichten - 13.07.2010 (0)
  9. Letzter Support-Monat für Windows 2000 sowie das Service Pack 2 für Windows XP
    Nachrichten - 13.06.2010 (0)
  10. Support-Zeiträume für Windows 2000 und für das Service Pack 2 für Windows XP laufen a
    Nachrichten - 12.01.2010 (0)
  11. Service Pack 3 Für Windows XP Bald Da!!!
    Alles rund um Windows - 15.08.2007 (6)
  12. Windows Service Pack und Patch
    Alles rund um Windows - 19.06.2007 (4)
  13. Windows XP Service Pack 2
    Alles rund um Windows - 03.10.2005 (5)
  14. Windows Service Pack
    Alles rund um Windows - 20.08.2005 (3)
  15. Windows XP service pack 2
    Plagegeister aller Art und deren Bekämpfung - 01.02.2005 (5)
  16. Windows XP, Service Pack 2
    Alles rund um Windows - 21.11.2004 (2)
  17. Windows XP Service Pack 2
    Antiviren-, Firewall- und andere Schutzprogramme - 24.07.2004 (6)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS - Super. Danke OTL FIX Code: Alles auswählen Aufklappen ATTFilter All processes killed ========== OTL ========== C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\@ moved successfully. C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\L folder moved successfully. C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\U folder moved successfully. File C:\Windows\Installer\{9acaeced-7aa0-4061-cb35-2b8eafec64c1}\L\00000004.@ not found. - Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS...
Archiv
Du betrachtest: Malware-gen in C:\Windows\System32\services.exe Windows 7 Service Pack 1 x86 NTFS auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131