| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Backdoor Trojan Generic und laut malwarebyte noch einiges anderesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
11.11.2012, 04:25
| #1 |
 |  Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Hallo, ich bin Betreuer in einer WG für Kinder und Jugendliche, habe mein Bestes versucht den „Kinder-Rechner“ viren- und kindersicher zu machen, aber mein Wissen hat offenbar nicht gereicht bzw. bei Jugendlichen kann man nur beschränkt kontrollieren, was sie tun. AVG hat einiges gefunden und entfernt, beim neuerlichen Scan kamen noch zwei Meldungen "Backdoor Trojaner Generic". Das Generic-Problem mit verschlüsselten Dateien, von dem ich gelesen habe, besteht meines Wissens nicht. Auch sonst konnte ich bis jetzt keine Probleme wahrnehmen. Bitte trotzdem um Eure Hilfe, malwarebytes hat ja einiges gefunden…! Lg Clemens Malwarebytes: (das mit dem „nichts löschen“ aus der Anleitung ging nicht!? Es gab nur die Option „Entfernen“, es stand aber, dass es in Quarantäne verschoben wurde – ich hoffe ich hab das richtig gemacht, falls nicht sorry, war nach bestem Wissen) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.10.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: KI-PC [Administrator] Schutz: Aktiviert 11.11.2012 03:42:09 mbam-log-2012-11-11 (03-42-09).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 396139 Laufzeit: 1 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\Users\***\AppData\Roaming\dclogs (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 77 C:\Users\***\AppData\Roaming\rundll32.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\svchost.exe (Trojan.MSIL) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\fk1xxx.e2ts (Malware.Trace) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Local\Temp\csrss.exe (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-08-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-09-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-10-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-14-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-15-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-16-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-17-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-25-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-28-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-29-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-30-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-08-31-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-01-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-02-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-03-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-04-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-07-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-08-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-09-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-10-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-12-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-13-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-14-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-15-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-16-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-17-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-18-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-19-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-20-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-21-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-22-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-23-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-25-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-26-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-27-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-28-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-09-29-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-01-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-04-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-05-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-06-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-07-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-08-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-10-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-11-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-12-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-13-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-15-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-16-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-17-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-18-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-20-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-21-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-22-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-23-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-24-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-25-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-26-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-27-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-28-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-30-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-10-31-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-01-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-02-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-03-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-04-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-05-2.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-06-3.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-07-4.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-08-5.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-09-6.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-10-7.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\***\AppData\Roaming\dclogs\2012-11-11-1.dc (Stolen.Data) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) OTL.txt: Code:
ATTFilter OTL logfile created on: 11.11.2012 03:55:54 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads\Sicherheit 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 49,11% Memory free 6,99 Gb Paging File | 4,95 Gb Available in Paging File | 70,80% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 37,06 Gb Free Space | 37,99% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: KI-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.11 03:24:24 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Admin\Downloads\Sicherheit\OTL.exe PRC - [2012.11.11 02:13:31 | 000,388,576 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.10.09 09:53:36 | 004,441,920 | ---- | M] (Akamai Technologies, Inc.) -- C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe PRC - [2012.09.29 19:54:26 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe PRC - [2012.07.31 02:37:02 | 002,596,984 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgtray.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe PRC - [2011.06.17 18:33:04 | 000,272,528 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe PRC - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2011.03.24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe PRC - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe PRC - [2010.11.21 04:24:27 | 000,257,536 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWOW64\wbem\WmiPrvSE.exe PRC - [2010.11.15 12:21:56 | 000,841,544 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe PRC - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe PRC - [2009.07.14 00:15:34 | 002,222,528 | ---- | M] (Salfeld Computer) -- C:\Windows\SysWOW64\cchservice.exe ========== Modules (No Company Name) ========== MOD - [2012.11.11 02:13:32 | 002,111,456 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.11.11 02:13:32 | 000,157,664 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.11.11 02:13:32 | 000,021,984 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.06.07 14:54:56 | 000,204,288 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.04.06 16:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv) SRV - [2012.11.11 02:13:32 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.30 19:45:47 | 004,539,200 | ---- | M] () [Auto | Running] -- c:\program files (x86)\common files\akamai/netsession_win_b5e8a4c.dll -- (Akamai) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.13 02:24:48 | 005,167,736 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe -- (AVGIDSAgent) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.02.14 03:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd) SRV - [2011.06.17 18:33:04 | 000,237,008 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe -- (McComponentHostService) SRV - [2011.05.24 10:33:30 | 001,840,128 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2011.04.26 13:54:12 | 002,702,848 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2011.03.24 05:37:18 | 000,493,384 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe -- (WCUService_STC_FF) SRV - [2011.03.22 09:37:16 | 000,497,480 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe -- (WCUService_STC_IE) SRV - [2010.11.15 12:21:54 | 000,477,000 | ---- | M] (Splashtop Inc.) [Auto | Running] -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe -- (SCBackService) SRV - [2010.08.25 08:56:38 | 000,765,592 | ---- | M] (Salfeld Computer) [Auto | Stopped] -- C:\Windows\SysWOW64\ksupmgr.exe -- (ksupmgr) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.19 09:02:08 | 000,102,368 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.08.24 14:43:16 | 000,384,352 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.07.30 12:32:08 | 000,203,104 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.07.26 02:21:28 | 000,291,680 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.04.19 03:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.04.01 15:57:34 | 000,147,456 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv06.sys -- (acedrv06) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.31 03:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2011.12.23 12:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2011.12.23 12:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsfiltera.sys -- (AVGIDSFilter) DRV:64bit: - [2011.12.23 12:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2011.08.01 15:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64) DRV:64bit: - [2011.06.07 15:42:26 | 009,360,896 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2011.06.07 14:16:14 | 000,309,760 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2011.06.01 04:16:50 | 000,535,656 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.04.15 07:37:50 | 000,079,488 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_sata.sys -- (amd_sata) DRV:64bit: - [2011.04.15 07:37:50 | 000,040,064 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amd_xata.sys -- (amd_xata) DRV:64bit: - [2011.03.17 13:04:20 | 000,188,544 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdxhc.sys -- (amdxhc) DRV:64bit: - [2011.03.17 13:04:18 | 000,087,168 | ---- | M] (Advanced Micro Devices, INC.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\amdhub30.sys -- (amdhub30) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.10 18:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger) DRV:64bit: - [2010.12.15 16:06:46 | 000,047,232 | R--- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.06.29 22:01:04 | 000,011,832 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdide64.sys -- (amdide64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.11.02 12:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm) DRV:64bit: - [2007.11.02 12:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic) DRV:64bit: - [2007.11.02 12:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex) DRV:64bit: - [2007.11.02 12:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5) DRV:64bit: - [2007.11.02 12:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus) DRV:64bit: - [2007.11.02 12:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl) DRV - [2012.03.07 12:10:18 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64) DRV - [2012.03.07 12:10:06 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 5D EE F1 00 98 CD 01 [binary data] IE - HKCU\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKCU\..\SearchScopes\{8B726408-FC51-41b0-9B58-34063A0B29EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={7F469578-85E8-4E24-8D78-97BEF2A9A6D4}&mid=e0c969345e4247d1bc8822b543fa9a09-52926ac3aa91da349849f33e9482894a21cfc1af&lang=en&ds=AVG&pr=fr&d=&v=&sap=dsp&q={searchTerms} IE - HKCU\..\SearchScopes\{D7C7313E-E586-40c8-832F-294E6A63100F}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..CT2269050.browser.search.defaultthis.engineName: true FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Ixquick HTTPS" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "orf.at" FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.4 FF - prefs.js..extensions.enabledAddons: foxfilter@inspiredeffect.net:7.6.4 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6 FF - prefs.js..extensions.enabledAddons: {872b5b88-9db5-4310-bdd0-ac189557e5f5}:10.13.1.106 FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=NT01&ctid=CT2269050&SearchSource=2&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.10 18:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 20:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.05 20:52:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M] [2012.03.07 11:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.11.02 22:45:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions [2012.11.02 22:45:29 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2012.10.07 21:22:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.10 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.06.22 22:57:03 | 000,109,964 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.07.08 21:57:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.03.10 02:02:39 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\foxfilter@inspiredeffect.net.xpi [2012.11.02 18:59:54 | 000,530,388 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.26 22:34:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.07 13:22:16 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.09.29 21:07:52 | 000,001,028 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.03.10 00:32:09 | 000,001,632 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\firefox-add-ons.xml [2012.03.10 00:31:27 | 000,002,492 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\ixquick-https.xml [2012.03.10 00:31:58 | 000,001,283 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\wiktionary-de.xml [2012.11.02 18:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 18:53:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.12 22:00:17 | 000,003,739 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.05 12:45:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Splashtop Connect VisualBookmark) - {0E5680D1-BF44-4929-94AF-FD30D784AD1D} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STC.dll (Splashtop Inc.) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKCU..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB878B31-CE46-451B-9D38-69B23B7EED40}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5887D6D-E25D-4FD1-AA60-EE7834223B66}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.11 03:19:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.11.11 03:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.11 03:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.11 03:19:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.11 03:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.02 22:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoftTB [2012.11.02 19:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2012.11.02 19:02:32 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll [2012.11.02 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2012.11.02 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xploder [2012.11.02 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xploder [2012.11.02 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.02 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SAdK [2012.11.02 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\SAdK [2012.11.02 18:34:02 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.02 18:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.11.02 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.11.02 18:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.02 18:31:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.02 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.09.05 13:21:24 | 2715,238,741 | ---- | C] (ProSiebenSat1Games) -- C:\Program Files (x86)\SetupAudition.exe ========== Files - Modified Within 30 Days ========== [2012.11.11 03:53:34 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.11.11 03:42:31 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2012.11.11 03:30:16 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 03:30:16 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.11 03:03:26 | 000,003,382 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.11.11 03:02:06 | 000,000,680 | RHS- | M] () -- C:\Users\Admin\ntuser.pol [2012.11.11 03:00:57 | 000,000,810 | ---- | M] () -- C:\NET.INI [2012.11.11 02:54:58 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.11 02:54:58 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.11 02:54:58 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.11 02:54:58 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.11 02:54:58 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.11 02:48:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.11 02:48:13 | 2816,491,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.11 02:14:16 | 099,894,448 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.11.02 22:45:31 | 000,000,009 | ---- | M] () -- C:\END [2012.11.02 18:56:27 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\Wii Xploder.lnk [2012.11.02 18:34:02 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.02 18:31:11 | 000,002,336 | ---- | M] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk ========== Files Created - No Company Name ========== [2012.11.11 03:53:34 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.11.09 21:25:03 | 000,003,382 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err [2012.11.02 19:02:33 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.11.02 18:56:27 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\Wii Xploder.lnk [2012.11.02 18:31:11 | 000,002,336 | ---- | C] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk [2012.04.23 22:11:54 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2012.04.23 22:10:25 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2012.04.23 22:10:25 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2012.04.23 22:10:23 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2012.04.23 22:10:23 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2012.04.23 22:10:22 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2012.04.01 15:57:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll [2012.04.01 15:55:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.04.01 15:55:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.04.01 15:55:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.04.01 15:55:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.04.01 15:55:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.04.01 15:55:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.04.01 15:55:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.04.01 15:55:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.04.01 15:55:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.04.01 15:55:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.04.01 15:55:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.04.01 15:55:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.04.01 15:55:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.04.01 15:55:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.04.01 15:55:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.04.01 15:44:50 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.03.10 02:10:44 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.07 12:10:18 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.03.07 11:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.07 11:54:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.03.07 11:47:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.03.07 09:05:21 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol [2011.06.07 22:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.01 23:05:19 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\.contentlauncher [2012.03.07 15:10:59 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\AVG2012 [2012.09.29 19:38:45 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoft [2012.09.29 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\DVDVideoSoftIEHelpers [2012.03.10 00:37:28 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\IrfanView [2012.04.01 23:05:52 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\juv [2012.04.01 22:58:38 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Klett [2012.03.10 00:40:00 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\MAGIX [2012.04.01 15:35:05 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\pdfforge [2012.04.23 22:10:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Salfeld [2012.03.07 11:53:14 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Splashtop [2012.03.07 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\Thunderbird [2012.03.10 01:04:13 | 000,000,000 | ---D | M] -- C:\Users\Admin\AppData\Roaming\TIPP10 ========== Purity Check ========== < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.11.2012 03:55:54 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads\Sicherheit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,72 Gb Available Physical Memory | 49,11% Memory free
6,99 Gb Paging File | 4,95 Gb Available in Paging File | 70,80% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 37,06 Gb Free Space | 37,99% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
Computer Name: KI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21AB96E3-37E6-4106-B60E-1EE8F44A420A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B58DF1B-AFF5-45AA-842D-48B35067D4EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39B06442-D575-47F1-B126-D4B5B973EBAA}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E3C2A6A-3B67-4B9C-B4B3-FE577A795BB3}" = rport=137 | protocol=17 | dir=out | app=system |
"{4ED8A1FB-49DA-44FD-8236-2E0A81578CF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{535CC1FC-1283-4130-B0E4-4E6A7D02D32E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65DBE268-7730-4483-9CC8-B8D720283541}" = lport=10243 | protocol=6 | dir=in | app=system |
"{677264A9-64A6-4AE2-AE00-475D40709170}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BA4096B-4055-426C-B3E3-CECDE6911AC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CD82A1D-7339-4D18-A70F-78969CE578C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{840533CC-B61C-4A5E-883A-83AECBA6E105}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B225E04-B6F1-40E6-934F-F4E5ED07C7AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0BEAE1C-4BF4-4A28-B768-325AE52C66D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{A372594A-5243-4A3F-9C7D-912FA4D7B21B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5482350-4953-44C1-93CA-CF7BCCCB4178}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA28CCA9-5A30-4F1F-B696-34420B7EDF43}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1A8A867-5D26-49F8-B33E-48130475C8D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D406D45D-6ECC-4E43-9537-38E52CD77E9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DF5E5FD7-A3D3-4327-9EC1-02C1C333826A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFC5DEA4-9F26-4552-886D-4F61960DC0B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FBDD2D65-BCF3-43A6-80E9-A081B916191C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A0A939-B245-433A-8AF2-778AD8D775F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{096F05EA-395F-4ED6-933D-63E4706B2B62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10B75F77-CAB5-4392-A62D-22BEA16DF6B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11DCC6DE-624A-49B8-BD4B-A5ED1FB98589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13918B8F-E7B6-4570-838A-D9FCFF74687B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{159AB4C0-5E95-4F1A-BFAD-AE1120E3E5C7}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe |
"{192F19B9-1FA6-47F6-9E32-37FF3FAE2950}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{1AF259DD-8D07-4103-B165-CE201D346F1F}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{2453877C-7F4F-4005-BA23-56F8525D8436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A37AA77-3941-463F-B390-5FBCAAF2AC47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E9A8615-E74D-4315-835D-F2A5C281D187}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{40EE46FE-293A-4F7B-8224-44A5B5889284}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{464A6748-1CED-4713-9C3D-A649CC3905B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49FC6970-1FBF-497C-B533-1C6E65EAC58C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{54CAFEB5-F575-4762-B18F-FF067960B266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57BEBF2F-0EB2-4B51-912E-7E2F1404499B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E4A12D8-2ADF-44D9-90AC-3236AAC6C2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7E378568-E0BF-477B-9D4A-8D9E86815BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8285E526-56F5-4232-94BD-0387D51BF790}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{8CFEA159-1B07-4144-A889-081B34696299}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F69A275-5D83-4607-8F1B-6150DA652C13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D24028C-B356-4AEB-8B6F-20234313107C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A18BFF0F-75EA-4F97-B521-BE58A92D8283}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A56614BF-5776-4700-A031-B50013E4E900}" = protocol=6 | dir=out | app=system |
"{B4C766C7-2C70-4009-AD50-EAC98C5ABA30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C21940E8-08BC-4A8A-B7C0-E42238ECB993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB04BEF5-B34C-437A-974B-1C0FD570DACA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0E99404-354B-497E-AA93-CC1D0B9F7D03}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe |
"{D18CD604-346C-4F92-A561-D6969FAB0184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F6868D94-77BA-47ED-B08D-5FE577873624}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{FA3A9B4D-3B23-40A4-8B79-BB4F9A1CFA94}" = protocol=58 | dir=in | app=system |
"TCP Query User{C3E441AA-596E-4739-8498-A7A4C1A76FAD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{C87426E4-B9C5-4BF2-A26D-B1890FAAAAE9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{344C0D46-2EF4-4BC8-AE03-3DACDA9B9485}" = AVG 2012
"{4E09871F-1285-CE5A-F1E1-74EE9537D1F3}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{822D0F14-D815-8540-3264-839DB958DE66}" = AMD Media Foundation Decoders
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDD72DB8-BB69-1AE3-9E21-BFD1CB87AEDF}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0F6199F2-A00F-E0D3-9AA8-A8C77CBA71E5}" = CCC Help Korean
"{15D2ABC9-D0E1-8FED-0124-22B3D631B65E}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{242B2601-AF61-42B7-B6DB-B1C34FE5830F}" = Wii Xploder Cheat Saves and Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A23E37B-DE77-98FB-8538-AD4B0D6EE632}" = CCC Help Swedish
"{2BA3C106-F8CE-9381-6D8E-AACA006386A1}" = CCC Help Norwegian
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E560D11-B767-46CF-47EC-CEACD190BE40}" = Catalyst Control Center Graphics Previews Common
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5347A5BA-9390-E244-5529-636DFEB5A869}" = CCC Help French
"{5E7626D4-61D6-05F9-5ED1-E633DCECC618}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B5FC28-2C93-C7CC-91C3-805AC5EEE795}" = CCC Help Spanish
"{62AF1819-74A4-6260-0702-783ADF29C21F}" = AMD VISION Engine Control Center
"{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare
"{6A85A2E4-C06D-0021-1627-1B35BDBCB480}" = CCC Help Greek
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{768CA608-CBDB-D1F1-FB8E-4D5DBF2117B4}" = CCC Help Russian
"{8109378D-FF10-7794-F864-DE78FD082164}" = CCC Help Turkish
"{82465076-8328-2F93-E01D-88ADFEA62ABC}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A96FB74-09A1-8157-4FBF-89A1AFC9D0D8}" = CCC Help Thai
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC9C809-6A85-8CED-1153-95B1FB4B4D73}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11255.1
"{A4FBF47A-178D-11C0-CF85-174AB58E854A}" = CCC Help Finnish
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A670706C-6792-16E7-409E-0BA8964DEB16}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0674260-49DC-5A89-63F3-18F7B7CF0105}" = CCC Help Dutch
"{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10
"{B836D1A0-3FD2-CCE4-E55B-73F78D83C3CB}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C6317628-C85F-4CEE-A2A7-8D4477EC7C24}" = Red Line 2 Sprachtrainer
"{C6DD7119-47BD-2049-C198-CDA0C62406D4}" = CCC Help Polish
"{CDA34A2D-8E04-39EC-A1AC-F05E57A32A26}" = CCC Help Danish
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA55C3AE-41D7-D163-62B1-C0D6B0D6C3C2}" = Catalyst Control Center InstallProxy
"{DEC2B592-A6C8-81C3-32AA-179A8EE15DA8}" = CCC Help German
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46210DE-11E9-F0FD-3D25-3AC39066A2FE}" = CCC Help English
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54C0A3F-D78F-BF70-C4BD-12A4A983B866}" = CCC Help Italian
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FC9ADE57-C19B-AE0F-7EFD-03B7D76CFD46}" = CCC Help Chinese Traditional
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Audition Online1.2.6064" = Audition Online
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"DVDVideoSoftTB Toolbar" = DVDVideoSoftTB Toolbar
"ffdshow_is1" = ffdshow [rev 1953] [2008-05-04]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2012
"Lernerfolg Grundschule Mathematik 1" = Lernerfolg Grundschule Mathematik 1
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SADK" = Die Siedler - Aufbruch der Kulturen
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wizard101(DE)_is1" = Wizard101(DE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 10.11.2012 21:48:42 | Computer Name = Ki-PC | Source = ESENT | ID = 455
Description = Windows (3776) Windows: Fehler -1811 beim Öffnen von Protokolldatei
C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS0014F.log.
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 9000
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7040
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7042
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 9002
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3029
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3028
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 3058
Description =
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Windows Search Service | ID = 7010
Description =
[ System Events ]
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7024
Description = Der Dienst "Windows Search" wurde mit folgendem dienstspezifischem
Fehler beendet: %%-1073473535.
Error - 10.11.2012 21:48:43 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7031
Description = Der Dienst "Windows Search" wurde unerwartet beendet. Dies ist bereits
1 Mal vorgekommen. Folgende Korrekturmaßnahmen werden in 30000 Millisekunden durchgeführt:
Neustart des Diensts.
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = DCOM | ID = 10005
Description =
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = DCOM | ID = 10005
Description =
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Windows Search erreicht.
Error - 10.11.2012 21:49:06 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Search" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
< End of report >
|
|
12.11.2012, 14:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
 Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
12.11.2012, 23:43
| #3 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Danke fürs Übernehmen des Problems! Ich war so auf die Anleitung fürs richtige Posten konzentriert, dass ich das vergessen habe :-/
__________________Das einzige, was ich noch in Historie, Ereignisprotokoll, Virenquarantäne finde, ist der letzte Scan. Warum das so ist, weiß ich leider nicht!? Ich glaube es waren 7 oder 9 Trojaner mit Bezeichnung "Generic" + Buchstaben/Zahlen tlw. idente Dateien an verschiedenen Orten, zwei als Virus ausgewiesene Dateien und Tracking Cookies. Das meiste in dem eingeschränkten Benutzeraccount von einem Jugendlichen, zwei Sachen bei einem anderen Account und die Tracking Cookies waren ohne Nutzerzuordnung. Hier das Log, das ich noch gefunden habe: Code:
ATTFilter Scan "Gesamten Computer scannen" wurde beendet.
Infektionen;"2";"0";"2"
Informationen;"1"
Ausgewählte Ordner:;"Gesamten Computer scannen"
Start des Scans:;"Sonntag, 11. November 2012, 03:10:29"
Ende des Scans:;"Sonntag, 11. November 2012, 03:15:41 (5 Minute(n) 11 Sekunde(n))"
Gescannter Objekte:;"1241924"
Infektionen
;"Datei";"Infektion";"Ergebnis"
;"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (4356):\memory_00400000";"Trojaner: BackDoor.Generic15.AJXU";"Infiziert"
;"C:\Windows\Microsoft.NET\Framework\v2.0.50727\vbc.exe (4356)";"Trojaner: BackDoor.Generic15.AJXU";"Infiziert"
Informationen
;"Datei";"Informationen";"Ergebnis"
;"C:\Program Files (x86)\Common Files\DVDVideoSoft\FreeStudioManager.exe";"Die Datei wurde von einer beschädigten digitalen Signatur signiert, die von DVDVideoSoft Ltd./emailAddress=question@dvdvideosoft.com ausgestellt wurde.";""
lg Clemens |
|
12.11.2012, 23:44
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.11.2012, 13:13
| #5 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes here are the results: aswMBR-Log Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-17 12:57:36
-----------------------------
12:57:36.439 OS Version: Windows x64 6.1.7601 Service Pack 1
12:57:36.439 Number of processors: 4 586 0x100
12:57:36.439 ComputerName: KI-PC UserName: Admin
12:57:36.891 Initialize success
12:58:32.350 AVAST engine defs: 12111700
12:58:37.982 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000005e
12:58:37.982 Disk 0 Vendor: WDC_WD10 15.0 Size: 953869MB BusType: 11
12:58:37.997 Disk 0 MBR read successfully
12:58:37.997 Disk 0 MBR scan
12:58:37.997 Disk 0 Windows 7 default MBR code
12:58:38.013 Disk 0 Partition 1 00 42 SFS 0 MB offset 63
12:58:38.028 Disk 0 Partition 2 80 (A) 42 SFS NTFS 100 MB offset 2048
12:58:38.044 Disk 0 Partition 3 00 42 SFS NTFS 99900 MB offset 206848
12:58:38.075 Disk 0 Partition 4 00 42 SFS NTFS 853867 MB offset 204802048
12:58:38.075 Disk 0 scanning C:\Windows\system32\drivers
12:58:38.091 Service scanning
12:58:57.560 Modules scanning
12:58:57.575 Disk 0 trace - called modules:
12:58:57.591 ntoskrnl.exe CLASSPNP.SYS disk.sys amd_xata.sys ACPI.sys storport.sys hal.dll amd_sata.sys
12:58:57.607 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004422060]
12:58:57.607 3 CLASSPNP.SYS[fffff880019b343f] -> nt!IofCallDriver -> [0xfffffa80041bdac0]
12:58:57.622 5 amd_xata.sys[fffff8800109ea1d] -> nt!IofCallDriver -> [0xfffffa80041bd040]
12:58:57.622 7 ACPI.sys[fffff88000f427a1] -> nt!IofCallDriver -> \Device\0000005e[0xfffffa80041c5890]
12:59:00.477 AVAST engine scan C:\Windows
12:59:00.477 AVAST engine scan C:\Windows\system32
12:59:00.493 AVAST engine scan C:\Windows\system32\drivers
12:59:00.508 AVAST engine scan C:\Users\Admin
12:59:00.508 AVAST engine scan C:\ProgramData
12:59:00.508 Scan finished successfully
12:59:09.119 Disk 0 MBR has been saved successfully to "C:\Users\Admin\Desktop\MBR.dat"
12:59:09.119 The log file has been saved successfully to "C:\Users\Admin\Desktop\aswMBR.txt"
Code:
ATTFilter 13:03:16.0579 4932 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
13:03:16.0703 4932 ============================================================
13:03:16.0703 4932 Current date / time: 2012/11/17 13:03:16.0703
13:03:16.0703 4932 SystemInfo:
13:03:16.0703 4932
13:03:16.0703 4932 OS Version: 6.1.7601 ServicePack: 1.0
13:03:16.0703 4932 Product type: Workstation
13:03:16.0703 4932 ComputerName: KI-PC
13:03:16.0703 4932 UserName: Admin
13:03:16.0703 4932 Windows directory: C:\Windows
13:03:16.0703 4932 System windows directory: C:\Windows
13:03:16.0703 4932 Running under WOW64
13:03:16.0703 4932 Processor architecture: Intel x64
13:03:16.0703 4932 Number of processors: 4
13:03:16.0703 4932 Page size: 0x1000
13:03:16.0703 4932 Boot type: Normal boot
13:03:16.0703 4932 ============================================================
13:03:17.0062 4932 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
13:03:17.0078 4932 ============================================================
13:03:17.0078 4932 \Device\Harddisk0\DR0:
13:03:17.0078 4932 MBR partitions:
13:03:17.0078 4932 Initialize success
13:03:17.0078 4932 ============================================================
13:03:21.0727 4716 ============================================================
13:03:21.0727 4716 Scan started
13:03:21.0727 4716 Mode: Manual; SigCheck; TDLFS;
13:03:21.0727 4716 ============================================================
13:03:21.0742 4716 ================ Scan system memory ========================
13:03:21.0742 4716 System memory - ok
13:03:21.0742 4716 ================ Scan services =============================
13:03:21.0789 4716 1394ohci - ok
13:03:21.0805 4716 acedrv06 - ok
13:03:21.0805 4716 ACPI - ok
13:03:21.0805 4716 AcpiPmi - ok
13:03:21.0820 4716 AdobeARMservice - ok
13:03:21.0836 4716 adp94xx - ok
13:03:21.0836 4716 adpahci - ok
13:03:21.0851 4716 adpu320 - ok
13:03:21.0851 4716 AeLookupSvc - ok
13:03:21.0867 4716 AFD - ok
13:03:21.0867 4716 agp440 - ok
13:03:21.0883 4716 Akamai - ok
13:03:21.0898 4716 ALG - ok
13:03:21.0898 4716 aliide - ok
13:03:21.0898 4716 AMD External Events Utility - ok
13:03:21.0898 4716 amdhub30 - ok
13:03:21.0914 4716 amdide - ok
13:03:21.0929 4716 amdide64 - ok
13:03:21.0929 4716 AmdK8 - ok
13:03:21.0929 4716 amdkmdag - ok
13:03:21.0945 4716 amdkmdap - ok
13:03:21.0945 4716 AmdPPM - ok
13:03:21.0945 4716 amdsata - ok
13:03:21.0961 4716 amdsbs - ok
13:03:21.0961 4716 amdxata - ok
13:03:21.0961 4716 amdxhc - ok
13:03:21.0961 4716 amd_sata - ok
13:03:21.0976 4716 amd_xata - ok
13:03:21.0976 4716 AppID - ok
13:03:21.0976 4716 AppIDSvc - ok
13:03:21.0976 4716 Appinfo - ok
13:03:21.0976 4716 AppleCharger - ok
13:03:21.0992 4716 AppleChargerSrv - ok
13:03:21.0992 4716 arc - ok
13:03:21.0992 4716 arcsas - ok
13:03:22.0023 4716 aspnet_state - ok
13:03:22.0023 4716 AsyncMac - ok
13:03:22.0039 4716 atapi - ok
13:03:22.0039 4716 AudioEndpointBuilder - ok
13:03:22.0039 4716 AudioSrv - ok
13:03:22.0054 4716 AVGIDSAgent - ok
13:03:22.0054 4716 AVGIDSDriver - ok
13:03:22.0054 4716 AVGIDSFilter - ok
13:03:22.0070 4716 AVGIDSHA - ok
13:03:22.0070 4716 Avgldx64 - ok
13:03:22.0070 4716 Avgmfx64 - ok
13:03:22.0070 4716 Avgrkx64 - ok
13:03:22.0085 4716 Avgtdia - ok
13:03:22.0085 4716 avgwd - ok
13:03:22.0085 4716 AxInstSV - ok
13:03:22.0085 4716 b06bdrv - ok
13:03:22.0101 4716 b57nd60a - ok
13:03:22.0101 4716 BDESVC - ok
13:03:22.0101 4716 Beep - ok
13:03:22.0117 4716 BFE - ok
13:03:22.0117 4716 BITS - ok
13:03:22.0117 4716 blbdrive - ok
13:03:22.0132 4716 bowser - ok
13:03:22.0132 4716 BrFiltLo - ok
13:03:22.0132 4716 BrFiltUp - ok
13:03:22.0132 4716 Browser - ok
13:03:22.0148 4716 Brserid - ok
13:03:22.0148 4716 BrSerWdm - ok
13:03:22.0148 4716 BrUsbMdm - ok
13:03:22.0163 4716 BrUsbSer - ok
13:03:22.0163 4716 BTHMODEM - ok
13:03:22.0163 4716 bthserv - ok
13:03:22.0179 4716 cdfs - ok
13:03:22.0179 4716 cdrom - ok
13:03:22.0179 4716 CertPropSvc - ok
13:03:22.0195 4716 circlass - ok
13:03:22.0195 4716 CLFS - ok
13:03:22.0195 4716 clr_optimization_v2.0.50727_32 - ok
13:03:22.0210 4716 clr_optimization_v2.0.50727_64 - ok
13:03:22.0210 4716 clr_optimization_v4.0.30319_32 - ok
13:03:22.0210 4716 clr_optimization_v4.0.30319_64 - ok
13:03:22.0210 4716 CmBatt - ok
13:03:22.0226 4716 cmdide - ok
13:03:22.0226 4716 CNG - ok
13:03:22.0226 4716 Compbatt - ok
13:03:22.0241 4716 CompositeBus - ok
13:03:22.0241 4716 COMSysApp - ok
13:03:22.0241 4716 crcdisk - ok
13:03:22.0241 4716 CryptSvc - ok
13:03:22.0257 4716 DcomLaunch - ok
13:03:22.0257 4716 defragsvc - ok
13:03:22.0257 4716 DfsC - ok
13:03:22.0273 4716 dg_ssudbus - ok
13:03:22.0273 4716 Dhcp - ok
13:03:22.0273 4716 discache - ok
13:03:22.0288 4716 Disk - ok
13:03:22.0288 4716 Dnscache - ok
13:03:22.0288 4716 dot3svc - ok
13:03:22.0288 4716 DPS - ok
13:03:22.0304 4716 drmkaud - ok
13:03:22.0304 4716 DXGKrnl - ok
13:03:22.0304 4716 EapHost - ok
13:03:22.0319 4716 ebdrv - ok
13:03:22.0319 4716 EFS - ok
13:03:22.0319 4716 ehRecvr - ok
13:03:22.0319 4716 ehSched - ok
13:03:22.0335 4716 elxstor - ok
13:03:22.0335 4716 ErrDev - ok
13:03:22.0351 4716 EventSystem - ok
13:03:22.0351 4716 exfat - ok
13:03:22.0351 4716 Fabs - ok
13:03:22.0351 4716 fastfat - ok
13:03:22.0366 4716 Fax - ok
13:03:22.0366 4716 fdc - ok
13:03:22.0366 4716 fdPHost - ok
13:03:22.0382 4716 FDResPub - ok
13:03:22.0382 4716 FileInfo - ok
13:03:22.0382 4716 Filetrace - ok
13:03:22.0397 4716 FirebirdServerMAGIXInstance - ok
13:03:22.0397 4716 flpydisk - ok
13:03:22.0397 4716 FltMgr - ok
13:03:22.0397 4716 FontCache - ok
13:03:22.0413 4716 FontCache3.0.0.0 - ok
13:03:22.0413 4716 FsDepends - ok
13:03:22.0413 4716 Fs_Rec - ok
13:03:22.0429 4716 fvevol - ok
13:03:22.0429 4716 gagp30kx - ok
13:03:22.0429 4716 gdrv - ok
13:03:22.0429 4716 gpsvc - ok
13:03:22.0444 4716 GVTDrv64 - ok
13:03:22.0444 4716 hcw85cir - ok
13:03:22.0444 4716 HdAudAddService - ok
13:03:22.0460 4716 HDAudBus - ok
13:03:22.0460 4716 HidBatt - ok
13:03:22.0460 4716 HidBth - ok
13:03:22.0475 4716 HidIr - ok
13:03:22.0475 4716 hidserv - ok
13:03:22.0475 4716 HidUsb - ok
13:03:22.0475 4716 hkmsvc - ok
13:03:22.0491 4716 HomeGroupListener - ok
13:03:22.0491 4716 HomeGroupProvider - ok
13:03:22.0491 4716 HpSAMD - ok
13:03:22.0507 4716 HTTP - ok
13:03:22.0507 4716 hwpolicy - ok
13:03:22.0507 4716 i8042prt - ok
13:03:22.0507 4716 iaStorV - ok
13:03:22.0522 4716 IDriverT - ok
13:03:22.0522 4716 idsvc - ok
13:03:22.0522 4716 iirsp - ok
13:03:22.0538 4716 IKEEXT - ok
13:03:22.0538 4716 IntcAzAudAddService - ok
13:03:22.0538 4716 intelide - ok
13:03:22.0538 4716 intelppm - ok
13:03:22.0553 4716 IPBusEnum - ok
13:03:22.0553 4716 IpFilterDriver - ok
13:03:22.0553 4716 iphlpsvc - ok
13:03:22.0569 4716 IPMIDRV - ok
13:03:22.0569 4716 IPNAT - ok
13:03:22.0569 4716 IRENUM - ok
13:03:22.0569 4716 isapnp - ok
13:03:22.0585 4716 iScsiPrt - ok
13:03:22.0585 4716 kbdclass - ok
13:03:22.0585 4716 kbdhid - ok
13:03:22.0600 4716 KeyIso - ok
13:03:22.0600 4716 KSecDD - ok
13:03:22.0600 4716 KSecPkg - ok
13:03:22.0616 4716 ksthunk - ok
13:03:22.0616 4716 ksupmgr - ok
13:03:22.0616 4716 KtmRm - ok
13:03:22.0616 4716 LanmanServer - ok
13:03:22.0631 4716 LanmanWorkstation - ok
13:03:22.0631 4716 lltdio - ok
13:03:22.0631 4716 lltdsvc - ok
13:03:22.0647 4716 lmhosts - ok
13:03:22.0647 4716 LSI_FC - ok
13:03:22.0647 4716 LSI_SAS - ok
13:03:22.0663 4716 LSI_SAS2 - ok
13:03:22.0663 4716 LSI_SCSI - ok
13:03:22.0663 4716 luafv - ok
13:03:22.0678 4716 MBAMProtector - ok
13:03:22.0678 4716 MBAMScheduler - ok
13:03:22.0678 4716 MBAMService - ok
13:03:22.0694 4716 McComponentHostService - ok
13:03:22.0694 4716 Mcx2Svc - ok
13:03:22.0694 4716 megasas - ok
13:03:22.0709 4716 MegaSR - ok
13:03:22.0709 4716 MMCSS - ok
13:03:22.0709 4716 Modem - ok
13:03:22.0725 4716 monitor - ok
13:03:22.0725 4716 mouclass - ok
13:03:22.0725 4716 mouhid - ok
13:03:22.0725 4716 mountmgr - ok
13:03:22.0741 4716 MozillaMaintenance - ok
13:03:22.0741 4716 mpio - ok
13:03:22.0741 4716 mpsdrv - ok
13:03:22.0756 4716 MpsSvc - ok
13:03:22.0756 4716 MRxDAV - ok
13:03:22.0756 4716 mrxsmb - ok
13:03:22.0756 4716 mrxsmb10 - ok
13:03:22.0772 4716 mrxsmb20 - ok
13:03:22.0772 4716 msahci - ok
13:03:22.0772 4716 msdsm - ok
13:03:22.0787 4716 MSDTC - ok
13:03:22.0787 4716 Msfs - ok
13:03:22.0787 4716 mshidkmdf - ok
13:03:22.0803 4716 msisadrv - ok
13:03:22.0803 4716 MSiSCSI - ok
13:03:22.0803 4716 msiserver - ok
13:03:22.0819 4716 MSKSSRV - ok
13:03:22.0819 4716 MSPCLOCK - ok
13:03:22.0819 4716 MSPQM - ok
13:03:22.0819 4716 MsRPC - ok
13:03:22.0834 4716 mssmbios - ok
13:03:22.0834 4716 MSTEE - ok
13:03:22.0834 4716 MTConfig - ok
13:03:22.0850 4716 Mup - ok
13:03:22.0850 4716 napagent - ok
13:03:22.0850 4716 NativeWifiP - ok
13:03:22.0865 4716 NDIS - ok
13:03:22.0865 4716 NdisCap - ok
13:03:22.0865 4716 NdisTapi - ok
13:03:22.0865 4716 Ndisuio - ok
13:03:22.0881 4716 NdisWan - ok
13:03:22.0881 4716 NDProxy - ok
13:03:22.0881 4716 NetBIOS - ok
13:03:22.0897 4716 NetBT - ok
13:03:22.0897 4716 Netlogon - ok
13:03:22.0897 4716 Netman - ok
13:03:22.0897 4716 NetMsmqActivator - ok
13:03:22.0912 4716 NetPipeActivator - ok
13:03:22.0912 4716 netprofm - ok
13:03:22.0912 4716 NetTcpActivator - ok
13:03:22.0928 4716 NetTcpPortSharing - ok
13:03:22.0928 4716 nfrd960 - ok
13:03:22.0928 4716 NlaSvc - ok
13:03:22.0928 4716 Npfs - ok
13:03:22.0943 4716 nsi - ok
13:03:22.0943 4716 nsiproxy - ok
13:03:22.0943 4716 Ntfs - ok
13:03:22.0959 4716 Null - ok
13:03:22.0959 4716 nvraid - ok
13:03:22.0959 4716 nvstor - ok
13:03:22.0975 4716 nv_agp - ok
13:03:22.0975 4716 ohci1394 - ok
13:03:22.0975 4716 ose - ok
13:03:22.0990 4716 osppsvc - ok
13:03:22.0990 4716 p2pimsvc - ok
13:03:22.0990 4716 p2psvc - ok
13:03:22.0990 4716 Parport - ok
13:03:23.0006 4716 partmgr - ok
13:03:23.0006 4716 PcaSvc - ok
13:03:23.0006 4716 pci - ok
13:03:23.0006 4716 pciide - ok
13:03:23.0021 4716 pcmcia - ok
13:03:23.0021 4716 pcw - ok
13:03:23.0021 4716 PEAUTH - ok
13:03:23.0037 4716 PerfHost - ok
13:03:23.0037 4716 pla - ok
13:03:23.0053 4716 PlugPlay - ok
13:03:23.0053 4716 PNRPAutoReg - ok
13:03:23.0053 4716 PNRPsvc - ok
13:03:23.0068 4716 Point64 - ok
13:03:23.0068 4716 PolicyAgent - ok
13:03:23.0068 4716 Power - ok
13:03:23.0084 4716 PptpMiniport - ok
13:03:23.0084 4716 Processor - ok
13:03:23.0084 4716 ProfSvc - ok
13:03:23.0084 4716 ProtectedStorage - ok
13:03:23.0099 4716 Psched - ok
13:03:23.0099 4716 ql2300 - ok
13:03:23.0099 4716 ql40xx - ok
13:03:23.0115 4716 QWAVE - ok
13:03:23.0115 4716 QWAVEdrv - ok
13:03:23.0115 4716 RasAcd - ok
13:03:23.0115 4716 RasAgileVpn - ok
13:03:23.0131 4716 RasAuto - ok
13:03:23.0131 4716 Rasl2tp - ok
13:03:23.0131 4716 RasMan - ok
13:03:23.0146 4716 RasPppoe - ok
13:03:23.0146 4716 RasSstp - ok
13:03:23.0146 4716 rdbss - ok
13:03:23.0146 4716 rdpbus - ok
13:03:23.0162 4716 RDPCDD - ok
13:03:23.0162 4716 RDPENCDD - ok
13:03:23.0177 4716 RDPREFMP - ok
13:03:23.0177 4716 RDPWD - ok
13:03:23.0177 4716 rdyboost - ok
13:03:23.0177 4716 RemoteAccess - ok
13:03:23.0193 4716 RemoteRegistry - ok
13:03:23.0193 4716 RpcEptMapper - ok
13:03:23.0193 4716 RpcLocator - ok
13:03:23.0209 4716 RpcSs - ok
13:03:23.0209 4716 rspndr - ok
13:03:23.0209 4716 RTL8167 - ok
13:03:23.0209 4716 s217bus - ok
13:03:23.0224 4716 s217mdfl - ok
13:03:23.0224 4716 s217mdm - ok
13:03:23.0240 4716 s217nd5 - ok
13:03:23.0240 4716 s217obex - ok
13:03:23.0240 4716 s217unic - ok
13:03:23.0255 4716 SamSs - ok
13:03:23.0255 4716 sbp2port - ok
13:03:23.0255 4716 SCardSvr - ok
13:03:23.0255 4716 SCBackService - ok
13:03:23.0271 4716 scfilter - ok
13:03:23.0271 4716 Schedule - ok
13:03:23.0271 4716 SCPolicySvc - ok
13:03:23.0287 4716 SDRSVC - ok
13:03:23.0287 4716 secdrv - ok
13:03:23.0287 4716 seclogon - ok
13:03:23.0287 4716 SENS - ok
13:03:23.0302 4716 SensrSvc - ok
13:03:23.0302 4716 Serenum - ok
13:03:23.0302 4716 Serial - ok
13:03:23.0318 4716 sermouse - ok
13:03:23.0318 4716 SessionEnv - ok
13:03:23.0333 4716 sffdisk - ok
13:03:23.0333 4716 sffp_mmc - ok
13:03:23.0333 4716 sffp_sd - ok
13:03:23.0333 4716 sfloppy - ok
13:03:23.0349 4716 SharedAccess - ok
13:03:23.0349 4716 ShellHWDetection - ok
13:03:23.0349 4716 SiSRaid2 - ok
13:03:23.0365 4716 SiSRaid4 - ok
13:03:23.0365 4716 Smb - ok
13:03:23.0365 4716 SNMPTRAP - ok
13:03:23.0380 4716 spldr - ok
13:03:23.0380 4716 Spooler - ok
13:03:23.0380 4716 sppsvc - ok
13:03:23.0396 4716 sppuinotify - ok
13:03:23.0396 4716 srv - ok
13:03:23.0396 4716 srv2 - ok
13:03:23.0396 4716 srvnet - ok
13:03:23.0411 4716 SSDPSRV - ok
13:03:23.0411 4716 SstpSvc - ok
13:03:23.0411 4716 ssudmdm - ok
13:03:23.0427 4716 stexstor - ok
13:03:23.0427 4716 stisvc - ok
13:03:23.0427 4716 swenum - ok
13:03:23.0427 4716 swprv - ok
13:03:23.0443 4716 SysMain - ok
13:03:23.0443 4716 TabletInputService - ok
13:03:23.0443 4716 TapiSrv - ok
13:03:23.0443 4716 TBS - ok
13:03:23.0458 4716 Tcpip - ok
13:03:23.0458 4716 TCPIP6 - ok
13:03:23.0458 4716 tcpipreg - ok
13:03:23.0474 4716 TDPIPE - ok
13:03:23.0474 4716 TDTCP - ok
13:03:23.0474 4716 tdx - ok
13:03:23.0489 4716 TermDD - ok
13:03:23.0489 4716 TermService - ok
13:03:23.0489 4716 Themes - ok
13:03:23.0505 4716 THREADORDER - ok
13:03:23.0505 4716 TrkWks - ok
13:03:23.0505 4716 TrustedInstaller - ok
13:03:23.0521 4716 tssecsrv - ok
13:03:23.0521 4716 TsUsbFlt - ok
13:03:23.0521 4716 TsUsbGD - ok
13:03:23.0521 4716 tunnel - ok
13:03:23.0536 4716 uagp35 - ok
13:03:23.0536 4716 udfs - ok
13:03:23.0552 4716 UI0Detect - ok
13:03:23.0552 4716 uliagpkx - ok
13:03:23.0552 4716 umbus - ok
13:03:23.0552 4716 UmPass - ok
13:03:23.0567 4716 upnphost - ok
13:03:23.0567 4716 usbccgp - ok
13:03:23.0567 4716 usbcir - ok
13:03:23.0583 4716 usbehci - ok
13:03:23.0583 4716 usbfilter - ok
13:03:23.0583 4716 usbhub - ok
13:03:23.0599 4716 usbohci - ok
13:03:23.0599 4716 usbprint - ok
13:03:23.0599 4716 usbscan - ok
13:03:23.0599 4716 USBSTOR - ok
13:03:23.0614 4716 usbuhci - ok
13:03:23.0614 4716 usb_rndisx - ok
13:03:23.0614 4716 UxSms - ok
13:03:23.0630 4716 VaultSvc - ok
13:03:23.0630 4716 vdrvroot - ok
13:03:23.0630 4716 vds - ok
13:03:23.0645 4716 vga - ok
13:03:23.0645 4716 VgaSave - ok
13:03:23.0645 4716 vhdmp - ok
13:03:23.0645 4716 viaide - ok
13:03:23.0661 4716 volmgr - ok
13:03:23.0661 4716 volmgrx - ok
13:03:23.0661 4716 volsnap - ok
13:03:23.0677 4716 vsmraid - ok
13:03:23.0677 4716 VSS - ok
13:03:23.0677 4716 vwifibus - ok
13:03:23.0677 4716 W32Time - ok
13:03:23.0692 4716 WacomPen - ok
13:03:23.0692 4716 WANARP - ok
13:03:23.0692 4716 Wanarpv6 - ok
13:03:23.0708 4716 WatAdminSvc - ok
13:03:23.0708 4716 wbengine - ok
13:03:23.0708 4716 WbioSrvc - ok
13:03:23.0723 4716 wcncsvc - ok
13:03:23.0723 4716 WcsPlugInService - ok
13:03:23.0723 4716 WCUService_STC_FF - ok
13:03:23.0739 4716 WCUService_STC_IE - ok
13:03:23.0739 4716 Wd - ok
13:03:23.0739 4716 Wdf01000 - ok
13:03:23.0755 4716 WdiServiceHost - ok
13:03:23.0755 4716 WdiSystemHost - ok
13:03:23.0755 4716 WebClient - ok
13:03:23.0755 4716 Wecsvc - ok
13:03:23.0770 4716 wercplsupport - ok
13:03:23.0770 4716 WerSvc - ok
13:03:23.0770 4716 WfpLwf - ok
13:03:23.0770 4716 WIMMount - ok
13:03:23.0786 4716 WinDefend - ok
13:03:23.0786 4716 WinHttpAutoProxySvc - ok
13:03:23.0801 4716 Winmgmt - ok
13:03:23.0801 4716 WinRM - ok
13:03:23.0801 4716 WinUsb - ok
13:03:23.0817 4716 Wlansvc - ok
13:03:23.0817 4716 WmiAcpi - ok
13:03:23.0817 4716 wmiApSrv - ok
13:03:23.0833 4716 WMPNetworkSvc - ok
13:03:23.0833 4716 WPCSvc - ok
13:03:23.0833 4716 WPDBusEnum - ok
13:03:23.0848 4716 ws2ifsl - ok
13:03:23.0848 4716 wscsvc - ok
13:03:23.0848 4716 WSearch - ok
13:03:23.0864 4716 wuauserv - ok
13:03:23.0864 4716 WudfPf - ok
13:03:23.0864 4716 WUDFRd - ok
13:03:23.0864 4716 wudfsvc - ok
13:03:23.0879 4716 WwanSvc - ok
13:03:23.0879 4716 X6va008 - ok
13:03:23.0879 4716 [verify-U]_System - ok
13:03:23.0895 4716 ================ Scan global ===============================
13:03:23.0895 4716 [Global] - ok
13:03:23.0895 4716 ================ Scan MBR ==================================
13:03:23.0911 4716 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
13:03:24.0191 4716 \Device\Harddisk0\DR0 - ok
13:03:24.0191 4716 ================ Scan VBR ==================================
13:03:24.0191 4716 ============================================================
13:03:24.0191 4716 Scan finished
13:03:24.0191 4716 ============================================================
13:03:24.0223 0712 Detected object count: 0
13:03:24.0223 0712 Actual detected object count: 0
|
|
17.11.2012, 20:45
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Keine Rootkits zu sehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Backdoor Trojan Generic und laut malwarebyte noch einiges anderes |
|
17.11.2012, 22:37
| #7 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Ich weiß nicht, ob es relevant ist, aber Malwarebytes hat heute zwischendurch angeschlagen. (im Lob bei 18:41 Uhr) Code:
ATTFilter 2012/11/17 12:55:12 +0100 KI-PC Admin MESSAGE Starting protection
2012/11/17 12:55:12 +0100 KI-PC Admin MESSAGE Protection started successfully
2012/11/17 12:55:12 +0100 KI-PC Admin MESSAGE Starting IP protection
2012/11/17 12:55:15 +0100 KI-PC Admin MESSAGE IP Protection started successfully
2012/11/17 13:16:17 +0100 KI-PC Admin MESSAGE Starting protection
2012/11/17 13:16:18 +0100 KI-PC Admin MESSAGE Protection started successfully
2012/11/17 13:16:18 +0100 KI-PC Admin MESSAGE Starting IP protection
2012/11/17 13:16:21 +0100 KI-PC Admin MESSAGE IP Protection started successfully
2012/11/17 16:44:47 +0100 KI-PC Admin MESSAGE Starting protection
2012/11/17 16:44:47 +0100 KI-PC Admin MESSAGE Protection started successfully
2012/11/17 16:44:47 +0100 KI-PC Admin MESSAGE Starting IP protection
2012/11/17 16:44:50 +0100 KI-PC Admin MESSAGE IP Protection started successfully
2012/11/17 18:41:18 +0100 KI-PC Admin DETECTION C:\Program Files (x86)\Audition Online\uninstall.exe Adware.Agent QUARANTINE
2012/11/17 20:22:24 +0100 KI-PC Admin IP-BLOCK 91.217.178.21 (Type: outgoing, Port: 50106, Process: firefox.exe)
2012/11/17 20:22:24 +0100 KI-PC Admin IP-BLOCK 91.217.178.21 (Type: outgoing, Port: 50107, Process: firefox.exe)
2012/11/17 20:22:48 +0100 KI-PC Admin IP-BLOCK 91.217.178.21 (Type: outgoing, Port: 50110, Process: firefox.exe)
2012/11/17 20:22:48 +0100 KI-PC Admin IP-BLOCK 91.217.178.21 (Type: outgoing, Port: 50111, Process: firefox.exe)
2012/11/17 21:08:21 +0100 KI-PC Admin MESSAGE Executing scheduled update: Daily
2012/11/17 21:08:29 +0100 KI-PC Admin MESSAGE Scheduled update executed successfully: database updated from version v2012.11.16.09 to version v2012.11.17.05
2012/11/17 21:08:29 +0100 KI-PC Admin MESSAGE Starting database refresh
2012/11/17 21:08:29 +0100 KI-PC Admin MESSAGE Stopping IP protection
2012/11/17 21:08:29 +0100 KI-PC Admin MESSAGE IP Protection stopped successfully
2012/11/17 21:08:32 +0100 KI-PC Admin MESSAGE Database refreshed successfully
2012/11/17 21:08:32 +0100 KI-PC Admin MESSAGE Starting IP protection
2012/11/17 21:08:36 +0100 KI-PC Admin MESSAGE IP Protection started successfully
hier das Log von adwcleaner: Code:
ATTFilter # AdwCleaner v2.007 - Datei am 17/11/2012 um 22:30:27 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - KI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Admin\AppData\Local\Conduit
Ordner Gefunden : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Admin\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\CT2269050
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\Smartbar
Ordner Gefunden : C:\Users\Admin\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Dominik\AppData\LocalLow\DVDVideoSoftTB
Ordner Gefunden : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\gdos09o0.default\extensions\staged
Ordner Gefunden : C:\Users\Duy\AppData\LocalLow\DVDVideoSoftTB
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\IGearSettings
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DVDVideoSoftTB
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A6CA90A-8CD2-4E97-AB62-CFF53D458E51}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A4BFFE1-16E6-4472-A2DD-2DE5C50FD4E0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Schlüssel Gefunden : HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\prefs.js
Gefunden : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Gefunden : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gefunden : user_pref("CT2269050.1000234.TWC_TMP_city", "VIENNA");
Gefunden : user_pref("CT2269050.1000234.TWC_TMP_country", "AT");
Gefunden : user_pref("CT2269050.1000234.TWC_locId", "AUXX0025");
Gefunden : user_pref("CT2269050.1000234.TWC_location", "Vienna, Austria");
Gefunden : user_pref("CT2269050.1000234.TWC_region", "OT");
Gefunden : user_pref("CT2269050.1000234.TWC_temp_dis", "c");
Gefunden : user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");
Gefunden : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"8°C\",\"temperat[...]
Gefunden : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gefunden : user_pref("CT2269050.FirstTime", "true");
Gefunden : user_pref("CT2269050.FirstTimeFF3", "true");
Gefunden : user_pref("CT2269050.LoginRevertSettingsEnabled", false);
Gefunden : user_pref("CT2269050.RevertSettingsEnabled", true);
Gefunden : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gefunden : user_pref("CT2269050.UserID", "UN47512166973821135");
Gefunden : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gefunden : user_pref("CT2269050.autoDisableScopes", -1);
Gefunden : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Gefunden : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gefunden : user_pref("CT2269050.enableAlerts", "always");
Gefunden : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gefunden : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gefunden : user_pref("CT2269050.fixUrls", true);
Gefunden : user_pref("CT2269050.installType", "Unknown");
Gefunden : user_pref("CT2269050.isCheckedStartAsHidden", true);
Gefunden : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Gefunden : user_pref("CT2269050.isNewTabEnabled", true);
Gefunden : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gefunden : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gefunden : user_pref("CT2269050.keyword", true);
Gefunden : user_pref("CT2269050.migrateAppsAndComponents", true);
Gefunden : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"\",\"EB_MAIN_FRAME_TITLE\":\"[...]
Gefunden : user_pref("CT2269050.openThankYouPage", "FALSE");
Gefunden : user_pref("CT2269050.openUninstallPage", "FALSE");
Gefunden : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gefunden : user_pref("CT2269050.search.searchCount", "0");
Gefunden : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gefunden : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gefunden : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gefunden : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gefunden : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351897448166");
Gefunden : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1352543851168");
Gefunden : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351897328196");
Gefunden : user_pref("CT2269050.serviceLayer_services_login_10.13.1.106_lastUpdate", "1352759304392");
Gefunden : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1349554584667");
Gefunden : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353178960094");
Gefunden : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1352603860773");
Gefunden : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351897328121");
Gefunden : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1352543851351");
Gefunden : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1353153470891");
Gefunden : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351897328091");
Gefunden : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1353178959869");
Gefunden : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1353153471060");
Gefunden : user_pref("CT2269050.settingsINI", true);
Gefunden : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gefunden : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gefunden : user_pref("CT2269050.smartbar.Uninstall", "0");
Gefunden : user_pref("CT2269050.smartbar.homepage", true);
Gefunden : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gefunden : user_pref("CT2269050.startPage", "userChanged");
Gefunden : user_pref("CT2269050.toolbarBornServerTime", "29-9-2012");
Gefunden : user_pref("CT2269050.toolbarCurrentServerTime", "17-11-2012");
Gefunden : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gefunden : user_pref("Smartbar.ConduitHomepagesList", "");
Gefunden : user_pref("Smartbar.ConduitSearchEngineList", "");
Gefunden : user_pref("Smartbar.ConduitSearchUrlList", "");
Gefunden : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]
Gefunden : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gefunden : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=NT01&[...]
Profilname : default
Datei : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\88huu0xd.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\tqpj6kri.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\qs80tq6u.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Duy\AppData\Roaming\Mozilla\Firefox\Profiles\gqjk72qz.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\utqhcms8.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Mariel\AppData\Roaming\Mozilla\Firefox\Profiles\vrz1h9kg.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\gdos09o0.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\SozPäd\AppData\Roaming\Mozilla\Firefox\Profiles\9m022urb.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [12897 octets] - [17/11/2012 22:30:27]
########## EOF - C:\AdwCleaner[R1].txt - [12958 octets] ##########
|
|
17.11.2012, 23:11
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
18.11.2012, 10:41
| #9 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Nach Lesen der ADW-Info: Toolbars könnten die Ursache gewesen sein... ich klicke sie zwar immer weg und hab die Jugendlichen auch darüber aufgeklärt, aber ich habe noch keinen Weg gefunden, wie ich einige updates (bspw. youtube-mp3-Converter wo immer eine Toolbar kommt, Java, ...) für die eingeschränkten Nutzeraccounts sperre. Bei manchen Installationen brauchts die Adminfreigabe, bei anderen nicht!? Es fällt mir schwer, in der Fülle an Infos aus dem Internet (chip.de, Artikel mit Tipps aus Fachzeitschriften...) das richtige zu finden. Tendenziell naive Frage: gibt es irgendwo die "ultimative" Anleitung zum (viren- und) kindersicheren PC? (ad Viren: den Thread mit Maßnahmen zur Sicherung habe ich bereits gesehen und werde ich nach Lösung anwenden) ADW-Log Code:
ATTFilter # AdwCleaner v2.007 - Datei am 18/11/2012 um 10:18:02 erstellt
# Aktualisiert am 06/11/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Admin - KI-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Admin\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Admin\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Admin\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\CT2269050
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5}
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\Smartbar
Ordner Gelöscht : C:\Users\Admin\AppData\Roaming\pdfforge
Ordner Gelöscht : C:\Users\Dominik\AppData\LocalLow\DVDVideoSoftTB
Ordner Gelöscht : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\gdos09o0.default\extensions\staged
Ordner Gelöscht : C:\Users\Duy\AppData\LocalLow\DVDVideoSoftTB
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\ConduitSearchScopes
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\AVG Secure Search
Schlüssel Gelöscht : HKCU\Software\IGearSettings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gelöscht : HKLM\Software\AVG Secure Search
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2269050
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DVDVideoSoftTB
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D3F69D07-0AEE-47AF-87D0-1A67D4F70C68}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5A6CA90A-8CD2-4E97-AB62-CFF53D458E51}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{6A4BFFE1-16E6-4472-A2DD-2DE5C50FD4E0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{0E5680D1-BF44-4929-94AF-FD30D784AD1D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{872B5B88-9DB5-4310-BDD0-AC189557E5F5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\DVDVideoSoftTB Toolbar
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{872B5B88-9DB5-4310-BDD0-AC189557E5F5}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://search.conduit.com?SearchSource=10&ctid=CT2269050 --> hxxp://www.google.com
-\\ Mozilla Firefox v16.0.2 (de)
Profilname : default
Datei : C:\Users\Admin\AppData\Roaming\Mozilla\Firefox\Profiles\rtz8v991.default\prefs.js
Gelöscht : user_pref("CT2269050.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT2269050.1000082.state", "{\"state\":\"stopped\",\"text\":\"Hotmix 108\",\"description\"[...]
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_city", "VIENNA");
Gelöscht : user_pref("CT2269050.1000234.TWC_TMP_country", "AT");
Gelöscht : user_pref("CT2269050.1000234.TWC_locId", "AUXX0025");
Gelöscht : user_pref("CT2269050.1000234.TWC_location", "Vienna, Austria");
Gelöscht : user_pref("CT2269050.1000234.TWC_region", "OT");
Gelöscht : user_pref("CT2269050.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT2269050.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT2269050.1000234.weatherData", "{\"icon\":\"26.png\",\"temperature\":\"8°C\",\"temperat[...]
Gelöscht : user_pref("CT2269050.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT2269050.FirstTime", "true");
Gelöscht : user_pref("CT2269050.FirstTimeFF3", "true");
Gelöscht : user_pref("CT2269050.LoginRevertSettingsEnabled", false);
Gelöscht : user_pref("CT2269050.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT2269050.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT226[...]
Gelöscht : user_pref("CT2269050.UserID", "UN47512166973821135");
Gelöscht : user_pref("CT2269050.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.autoDisableScopes", -1);
Gelöscht : user_pref("CT2269050.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT2269050.embeddedsData", "[{\"appId\":\"128834881989343895\",\"apiPermissions\":{\"cross[...]
Gelöscht : user_pref("CT2269050.enableAlerts", "always");
Gelöscht : user_pref("CT2269050.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT2269050.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT2269050.fixUrls", true);
Gelöscht : user_pref("CT2269050.installType", "Unknown");
Gelöscht : user_pref("CT2269050.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT2269050.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT2269050.isNewTabEnabled", true);
Gelöscht : user_pref("CT2269050.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT2269050.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT2269050.keyword", true);
Gelöscht : user_pref("CT2269050.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT2269050.navigationAliasesJson", "{\"EB_MAIN_FRAME_URL\":\"hxxp%3A%2F%2Fwww.trojaner-boa[...]
Gelöscht : user_pref("CT2269050.openThankYouPage", "FALSE");
Gelöscht : user_pref("CT2269050.openUninstallPage", "FALSE");
Gelöscht : user_pref("CT2269050.search.searchAppId", "128834881989343895");
Gelöscht : user_pref("CT2269050.search.searchCount", "0");
Gelöscht : user_pref("CT2269050.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT2269050.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT2269050.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT2269050.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1351897448166");
Gelöscht : user_pref("CT2269050.serviceLayer_services_appsMetadata_lastUpdate", "1352543851168");
Gelöscht : user_pref("CT2269050.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1351897328196");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.1.106_lastUpdate", "1352759304392");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.1.89_lastUpdate", "1349554584667");
Gelöscht : user_pref("CT2269050.serviceLayer_services_login_10.13.40.15_lastUpdate", "1353178960094");
Gelöscht : user_pref("CT2269050.serviceLayer_services_optimizer_lastUpdate", "1352603860773");
Gelöscht : user_pref("CT2269050.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1351897328121");
Gelöscht : user_pref("CT2269050.serviceLayer_services_searchAPI_lastUpdate", "1352543851351");
Gelöscht : user_pref("CT2269050.serviceLayer_services_serviceMap_lastUpdate", "1353153470891");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarContextMenu_lastUpdate", "1351897328091");
Gelöscht : user_pref("CT2269050.serviceLayer_services_toolbarSettings_lastUpdate", "1353187842314");
Gelöscht : user_pref("CT2269050.serviceLayer_services_translation_lastUpdate", "1353153471060");
Gelöscht : user_pref("CT2269050.settingsINI", true);
Gelöscht : user_pref("CT2269050.shouldFirstTimeDialog", "FALSE");
Gelöscht : user_pref("CT2269050.smartbar.CTID", "CT2269050");
Gelöscht : user_pref("CT2269050.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT2269050.smartbar.homepage", true);
Gelöscht : user_pref("CT2269050.smartbar.toolbarName", "DVDVideoSoftTB ");
Gelöscht : user_pref("CT2269050.startPage", "userChanged");
Gelöscht : user_pref("CT2269050.toolbarBornServerTime", "29-9-2012");
Gelöscht : user_pref("CT2269050.toolbarCurrentServerTime", "17-11-2012");
Gelöscht : user_pref("CT2269050_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitHomepagesList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT2269050");
Gelöscht : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=2&q=[...]
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://search.conduit.com/ResultsExt.aspx?SSPV=NT01&[...]
Profilname : default
Datei : C:\Users\Natalie\AppData\Roaming\Mozilla\Firefox\Profiles\88huu0xd.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Melanie\AppData\Roaming\Mozilla\Firefox\Profiles\tqpj6kri.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Marco\AppData\Roaming\Mozilla\Firefox\Profiles\qs80tq6u.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Duy\AppData\Roaming\Mozilla\Firefox\Profiles\gqjk72qz.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Bianca\AppData\Roaming\Mozilla\Firefox\Profiles\utqhcms8.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Mariel\AppData\Roaming\Mozilla\Firefox\Profiles\vrz1h9kg.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\Dominik\AppData\Roaming\Mozilla\Firefox\Profiles\gdos09o0.default\prefs.js
[OK] Die Datei ist sauber.
Profilname : default
Datei : C:\Users\SozPäd\AppData\Roaming\Mozilla\Firefox\Profiles\9m022urb.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [13026 octets] - [17/11/2012 22:30:27]
AdwCleaner[R2].txt - [13087 octets] - [18/11/2012 10:17:42]
AdwCleaner[S1].txt - [12670 octets] - [18/11/2012 10:18:02]
########## EOF - C:\AdwCleaner[S1].txt - [12731 octets] ##########
OTL Code:
ATTFilter OTL logfile created on: 18.11.2012 10:36:20 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads\Sicherheit 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,50 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 55,87% Memory free 6,99 Gb Paging File | 5,09 Gb Available in Paging File | 72,74% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 97,56 Gb Total Space | 36,31 Gb Free Space | 37,22% Space Free | Partition Type: NTFS Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS Computer Name: KI-PC | User Name: Admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Admin\Downloads\Sicherheit\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.207\SSScheduler.exe (McAfee, Inc.) PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) PRC - C:\Windows\SysWOW64\wbem\WmiPrvSE.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) PRC - C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) PRC - C:\Windows\SysWOW64\cchservice.exe (Salfeld Computer) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV - (Akamai) -- c:\program files (x86)\common files\akamai/netsession_win_ce5ba24.dll () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2012\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.207\McCHSvc.exe (McAfee, Inc.) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (WCUService_STC_FF) -- C:\Program Files (x86)\Splashtop\Splashtop Connect Firefox Software Updater\WCUService.exe (Splashtop Inc.) SRV - (WCUService_STC_IE) -- C:\Program Files (x86)\Splashtop\Splashtop Connect IE Software Updater\WCUService.exe (Splashtop Inc.) SRV - (SCBackService) -- C:\Program Files (x86)\Splashtop\Splashtop Connect\BackService.exe (Splashtop Inc.) SRV - (ksupmgr) -- C:\Windows\SysWOW64\ksupmgr.exe (Salfeld Computer) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (acedrv06) -- C:\Windows\SysNative\drivers\acedrv06.sys () DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\avgidsfiltera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices) DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices) DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (amdide64) -- C:\Windows\SysNative\drivers\amdide64.sys (Advanced Micro Devices Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (s217mdm) -- C:\Windows\SysNative\drivers\s217mdm.sys (MCCI Corporation) DRV:64bit: - (s217unic) -- C:\Windows\SysNative\drivers\s217unic.sys (MCCI) DRV:64bit: - (s217obex) -- C:\Windows\SysNative\drivers\s217obex.sys (MCCI Corporation) DRV:64bit: - (s217nd5) -- C:\Windows\SysNative\drivers\s217nd5.sys (MCCI Corporation) DRV:64bit: - (s217bus) -- C:\Windows\SysNative\drivers\s217bus.sys (MCCI Corporation) DRV:64bit: - (s217mdfl) -- C:\Windows\SysNative\drivers\s217mdfl.sys (MCCI Corporation) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 46 5D EE F1 00 98 CD 01 [binary data] IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\..\URLSearchHook: {0F3DC9E0-C459-4a40-BCF8-747BD9322E10} - C:\Program Files (x86)\Splashtop\Splashtop Connect IE\AddressBarSearch.dll (Splashtop Inc.) IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\..\SearchScopes\{8B726408-FC51-41b0-9B58-34063A0B29EA}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\..\SearchScopes\{D7C7313E-E586-40c8-832F-294E6A63100F}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Wikipedia (de)" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "orf.at" FF - prefs.js..extensions.enabledAddons: foxfilter@inspiredeffect.net:7.6.4 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120926 FF - prefs.js..extensions.enabledAddons: adblockpopups@jessehakanen.net:0.5 FF - prefs.js..extensions.enabledAddons: {73a6fe31-595d-460b-a920-fcc0f8843232}:2.6.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a1} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{91c612bf-2a7a-48b8-8c8c-6de28589b7a0} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{d9284e50-81fc-11da-a72b-0800200c9a66}: C:\Program Files (x86)\Splashtop\Splashtop Connect for Firefox\{d9284e50-81fc-11da-a72b-0800200c9a66} [2012.03.07 11:53:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.09.10 18:58:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.02 20:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.05.05 20:52:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.11.02 18:53:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.11.02 18:53:01 | 000,000,000 | ---D | M] [2012.03.07 11:14:41 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Extensions [2012.11.18 10:18:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions [2012.10.07 21:22:57 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.03.10 00:41:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Admin\AppData\Roaming\mozilla\Firefox\Profiles\rtz8v991.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.11.17 13:14:31 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\adblockpopups@jessehakanen.net.xpi [2012.07.08 21:57:16 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\elemhidehelper@adblockplus.org.xpi [2012.03.10 02:02:39 | 000,092,840 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\foxfilter@inspiredeffect.net.xpi [2012.11.17 13:14:31 | 000,530,679 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.07.26 22:34:35 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.03.07 13:22:16 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012.09.29 21:07:52 | 000,001,028 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\dvdvideosofttb-customized-web-search.xml [2012.03.10 00:32:09 | 000,001,632 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\firefox-add-ons.xml [2012.03.10 00:31:27 | 000,002,492 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\ixquick-https.xml [2012.03.10 00:31:58 | 000,001,283 | ---- | M] () -- C:\Users\Admin\AppData\Roaming\mozilla\firefox\profiles\rtz8v991.default\searchplugins\wiktionary-de.xml [2012.11.02 18:53:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.11.02 18:53:04 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.12.09 18:23:32 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll [2012.02.16 12:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 12:45:20 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 12:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 12:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 12:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 12:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ChicoSys] C:\Windows\SysWOW64\cc32\webtmr.exe (Salfeld Computer) O4 - HKLM..\Run: [STCAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect IE\STCAgent.exe (Splashtop Inc.) O4 - HKLM..\Run: [ZyngaGamesAgent] C:\Program Files (x86)\Splashtop\Splashtop Connect\ZyngaGamesAgent.exe (Splashtop Inc.) O4 - HKU\.DEFAULT..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-18..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000..\Run: [Akamai NetSession Interface] C:\Users\Admin\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000..\Run: [CCWinTray] C:\Windows\tray\wintmr.exe (Salfeld Computer) O4 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000..\Run: [EA Core] "C:\Program Files (x86)\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Privacy present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideFastUserSwitching = 1 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFind = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableClock = 0 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 195.34.133.21 212.186.211.21 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DB878B31-CE46-451B-9D38-69B23B7EED40}: DhcpNameServer = 192.168.42.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F5887D6D-E25D-4FD1-AA60-EE7834223B66}: DhcpNameServer = 195.34.133.21 212.186.211.21 O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.17 13:01:15 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe [2012.11.17 12:56:09 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe [2012.11.16 12:24:05 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdfLdr.sys [2012.11.16 12:24:05 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wdfres.dll [2012.11.16 12:19:27 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.11.16 12:19:26 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.11.16 12:19:26 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.11.16 12:19:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.11.16 12:19:25 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.11.16 12:19:25 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.11.16 12:19:25 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.11.16 12:19:25 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.11.16 12:19:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.11.16 12:19:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.11.16 12:19:24 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.11.16 12:19:24 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.11.16 12:19:23 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.11.16 12:19:23 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.11.16 12:19:23 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.11.16 12:17:11 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFx.dll [2012.11.16 12:17:11 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFHost.exe [2012.11.16 12:17:11 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFPlatform.dll [2012.11.16 12:17:11 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUDFCoinstaller.dll [2012.11.16 11:17:27 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll [2012.11.16 11:17:27 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll [2012.11.16 11:17:27 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll [2012.11.16 11:17:22 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll [2012.11.16 11:17:22 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2012.11.16 11:17:22 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll [2012.11.16 11:17:22 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll [2012.11.16 11:17:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll [2012.11.16 11:17:22 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll [2012.11.16 11:17:08 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\synceng.dll [2012.11.16 11:17:08 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\synceng.dll [2012.11.11 03:19:22 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Malwarebytes [2012.11.11 03:19:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.11 03:19:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.11 03:19:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.11.11 03:19:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.11.02 19:02:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ffdshow [2012.11.02 19:02:32 | 000,060,273 | ---- | C] (Open Source Software community project) -- C:\Windows\SysWow64\pthreadGC2.dll [2012.11.02 19:02:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ffdshow [2012.11.02 18:56:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xploder [2012.11.02 18:56:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Xploder [2012.11.02 18:53:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.11.02 18:34:49 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Local\SAdK [2012.11.02 18:34:19 | 000,000,000 | ---D | C] -- C:\Users\Admin\Documents\SAdK [2012.11.02 18:34:02 | 000,178,800 | ---- | C] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.02 18:33:32 | 000,511,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_1.dll [2012.11.02 18:33:32 | 000,507,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_1.dll [2012.11.02 18:33:32 | 000,068,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAPOFX1_0.dll [2012.11.02 18:33:32 | 000,065,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAPOFX1_0.dll [2012.11.02 18:33:31 | 001,941,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_38.dll [2012.11.02 18:33:31 | 001,491,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_38.dll [2012.11.02 18:33:31 | 000,540,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_38.dll [2012.11.02 18:33:31 | 000,467,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_38.dll [2012.11.02 18:33:31 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_1.dll [2012.11.02 18:33:31 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_1.dll [2012.11.02 18:33:31 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_4.dll [2012.11.02 18:33:31 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_4.dll [2012.11.02 18:33:30 | 004,991,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_38.dll [2012.11.02 18:33:30 | 003,850,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_38.dll [2012.11.02 18:33:29 | 000,489,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XAudio2_0.dll [2012.11.02 18:33:29 | 000,479,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XAudio2_0.dll [2012.11.02 18:33:29 | 000,238,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine3_0.dll [2012.11.02 18:33:29 | 000,177,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine3_0.dll [2012.11.02 18:33:29 | 000,028,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_3.dll [2012.11.02 18:33:29 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_3.dll [2012.11.02 18:33:28 | 001,860,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_37.dll [2012.11.02 18:33:28 | 001,420,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_37.dll [2012.11.02 18:33:28 | 000,529,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_37.dll [2012.11.02 18:33:28 | 000,462,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_37.dll [2012.11.02 18:33:27 | 004,910,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DX9_37.dll [2012.11.02 18:33:27 | 003,786,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_37.dll [2012.11.02 18:33:27 | 000,411,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_10.dll [2012.11.02 18:33:27 | 000,267,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_10.dll [2012.11.02 18:33:26 | 005,081,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_36.dll [2012.11.02 18:33:26 | 003,734,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_36.dll [2012.11.02 18:33:26 | 002,006,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_36.dll [2012.11.02 18:33:26 | 001,374,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_36.dll [2012.11.02 18:33:26 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_36.dll [2012.11.02 18:33:26 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_36.dll [2012.11.02 18:33:25 | 000,411,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_9.dll [2012.11.02 18:33:25 | 000,267,112 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_9.dll [2012.11.02 18:33:24 | 005,073,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_35.dll [2012.11.02 18:33:24 | 003,727,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_35.dll [2012.11.02 18:33:24 | 001,985,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_35.dll [2012.11.02 18:33:24 | 001,358,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_35.dll [2012.11.02 18:33:24 | 000,508,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_35.dll [2012.11.02 18:33:24 | 000,444,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_35.dll [2012.11.02 18:33:23 | 000,409,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_8.dll [2012.11.02 18:33:23 | 000,266,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_8.dll [2012.11.02 18:33:23 | 000,021,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\X3DAudio1_2.dll [2012.11.02 18:33:23 | 000,017,928 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\X3DAudio1_2.dll [2012.11.02 18:33:22 | 004,496,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_34.dll [2012.11.02 18:33:22 | 003,497,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_34.dll [2012.11.02 18:33:22 | 001,401,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_34.dll [2012.11.02 18:33:22 | 001,124,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_34.dll [2012.11.02 18:33:22 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_34.dll [2012.11.02 18:33:22 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_34.dll [2012.11.02 18:33:21 | 000,403,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_7.dll [2012.11.02 18:33:21 | 000,261,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_7.dll [2012.11.02 18:33:21 | 000,107,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_3.dll [2012.11.02 18:33:21 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_3.dll [2012.11.02 18:33:20 | 004,494,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_33.dll [2012.11.02 18:33:20 | 003,495,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_33.dll [2012.11.02 18:33:20 | 001,400,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\D3DCompiler_33.dll [2012.11.02 18:33:20 | 001,123,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DCompiler_33.dll [2012.11.02 18:33:20 | 000,506,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10_33.dll [2012.11.02 18:33:20 | 000,443,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10_33.dll [2012.11.02 18:33:19 | 000,393,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_6.dll [2012.11.02 18:33:19 | 000,255,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_6.dll [2012.11.02 18:33:18 | 000,469,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx10.dll [2012.11.02 18:33:18 | 000,440,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx10.dll [2012.11.02 18:33:18 | 000,390,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_5.dll [2012.11.02 18:33:18 | 000,251,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_5.dll [2012.11.02 18:33:17 | 004,398,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_32.dll [2012.11.02 18:33:17 | 003,426,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_32.dll [2012.11.02 18:33:16 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_31.dll [2012.11.02 18:33:16 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012.11.02 18:33:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_4.dll [2012.11.02 18:33:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_4.dll [2012.11.02 18:33:16 | 000,017,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_1.dll [2012.11.02 18:33:16 | 000,015,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_1.dll [2012.11.02 18:33:15 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_3.dll [2012.11.02 18:33:15 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_3.dll [2012.11.02 18:33:15 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_2.dll [2012.11.02 18:33:15 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_2.dll [2012.11.02 18:33:14 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_2.dll [2012.11.02 18:33:14 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_2.dll [2012.11.02 18:33:14 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xinput1_1.dll [2012.11.02 18:33:14 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xinput1_1.dll [2012.11.02 18:33:13 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_1.dll [2012.11.02 18:33:13 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_1.dll [2012.11.02 18:33:07 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_30.dll [2012.11.02 18:33:07 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_30.dll [2012.11.02 18:33:06 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\xactengine2_0.dll [2012.11.02 18:33:06 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\xactengine2_0.dll [2012.11.02 18:33:06 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\x3daudio1_0.dll [2012.11.02 18:33:06 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\x3daudio1_0.dll [2012.11.02 18:33:05 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_29.dll [2012.11.02 18:33:05 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_29.dll [2012.11.02 18:33:04 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_28.dll [2012.11.02 18:33:04 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_28.dll [2012.11.02 18:33:03 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_27.dll [2012.11.02 18:33:03 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_27.dll [2012.11.02 18:33:02 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_26.dll [2012.11.02 18:33:02 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_26.dll [2012.11.02 18:33:01 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_25.dll [2012.11.02 18:33:01 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_25.dll [2012.11.02 18:33:00 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3dx9_24.dll [2012.11.02 18:33:00 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_24.dll [2012.11.02 18:32:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.11.02 18:32:03 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\AGEIA [2012.11.02 18:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2012.11.02 18:31:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.02 18:31:09 | 000,000,000 | ---D | C] -- C:\Users\Admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.02 18:29:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ubisoft [2012.09.05 13:21:24 | 2715,238,741 | ---- | C] (ProSiebenSat1Games) -- C:\Program Files (x86)\SetupAudition.exe ========== Files - Modified Within 30 Days ========== [2012.11.18 10:28:51 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 10:28:51 | 000,022,064 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.18 10:21:58 | 000,001,226 | ---- | M] () -- C:\Windows\SysWow64\excltmp~.dat [2012.11.18 10:21:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.18 10:21:32 | 2816,491,520 | -HS- | M] () -- C:\hiberfil.sys [2012.11.18 10:19:50 | 000,061,187 | ---- | M] () -- C:\Users\Admin\Desktop\ADW Sicherheitstipps.jpg [2012.11.18 10:19:33 | 100,479,296 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm [2012.11.17 22:29:41 | 000,541,569 | ---- | M] () -- C:\Users\Admin\Desktop\adwcleaner.exe [2012.11.17 21:11:08 | 000,016,585 | ---- | M] () -- C:\Windows\SysWow64\cchservice.err [2012.11.17 17:29:02 | 000,185,134 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm [2012.11.17 13:01:15 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Admin\Desktop\tdsskiller.exe [2012.11.17 12:59:09 | 000,000,512 | ---- | M] () -- C:\Users\Admin\Desktop\MBR.dat [2012.11.17 12:56:31 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Admin\Desktop\aswMBR.exe [2012.11.16 21:19:40 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.11.16 21:19:40 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.11.16 21:19:40 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.11.16 21:19:40 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.11.16 21:19:40 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.11.16 15:03:43 | 000,350,536 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.11.12 23:25:54 | 000,001,882 | ---- | M] () -- C:\Users\Admin\Desktop\AVG-Scan.csv [2012.11.11 04:26:38 | 000,000,810 | ---- | M] () -- C:\NET.INI [2012.11.11 03:53:34 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable [2012.11.11 03:02:06 | 000,000,680 | RHS- | M] () -- C:\Users\Admin\ntuser.pol [2012.11.02 23:59:24 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.11.02 23:59:24 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.02 22:45:31 | 000,000,009 | ---- | M] () -- C:\END [2012.11.02 18:56:27 | 000,002,541 | ---- | M] () -- C:\Users\Public\Desktop\Wii Xploder.lnk [2012.11.02 18:34:02 | 000,178,800 | ---- | M] (Sony DADC Austria AG.) -- C:\Windows\SysWow64\CmdLineExt_x64.dll [2012.11.02 18:31:11 | 000,002,336 | ---- | M] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk ========== Files Created - No Company Name ========== [2012.11.18 10:19:50 | 000,061,187 | ---- | C] () -- C:\Users\Admin\Desktop\ADW Sicherheitstipps.jpg [2012.11.17 22:29:41 | 000,541,569 | ---- | C] () -- C:\Users\Admin\Desktop\adwcleaner.exe [2012.11.17 12:59:09 | 000,000,512 | ---- | C] () -- C:\Users\Admin\Desktop\MBR.dat [2012.11.16 12:24:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.16 12:17:11 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.12 23:25:54 | 000,001,882 | ---- | C] () -- C:\Users\Admin\Desktop\AVG-Scan.csv [2012.11.11 03:53:34 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable [2012.11.09 21:25:03 | 000,016,585 | ---- | C] () -- C:\Windows\SysWow64\cchservice.err [2012.11.02 19:02:33 | 000,007,680 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.11.02 18:56:27 | 000,002,541 | ---- | C] () -- C:\Users\Public\Desktop\Wii Xploder.lnk [2012.11.02 18:31:11 | 000,002,336 | ---- | C] () -- C:\Users\Admin\Desktop\Die Siedler - Aufbruch der Kulturen.lnk [2012.04.23 22:11:54 | 000,001,226 | ---- | C] () -- C:\Windows\SysWow64\excltmp~.dat [2012.04.23 22:10:25 | 000,000,124 | ---- | C] () -- C:\Windows\SysWow64\ctlsw.ini [2012.04.23 22:10:25 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SWCTL.DLL [2012.04.23 22:10:23 | 000,155,536 | ---- | C] () -- C:\Windows\SysWow64\dllcinx.exe [2012.04.23 22:10:23 | 000,009,368 | ---- | C] () -- C:\Windows\SysWow64\drivers\mchccinj.sys [2012.04.23 22:10:22 | 000,000,626 | ---- | C] () -- C:\Windows\SysWow64\nochook.ini [2012.04.01 15:57:34 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv06.dll [2012.04.01 15:55:02 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat [2012.04.01 15:55:02 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat [2012.04.01 15:55:02 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat [2012.04.01 15:55:02 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat [2012.04.01 15:55:02 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat [2012.04.01 15:55:02 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat [2012.04.01 15:55:02 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat [2012.04.01 15:55:02 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat [2012.04.01 15:55:02 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat [2012.04.01 15:55:02 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat [2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat [2012.04.01 15:55:02 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat [2012.04.01 15:55:02 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat [2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat [2012.04.01 15:55:02 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat [2012.04.01 15:55:02 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat [2012.04.01 15:55:02 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat [2012.04.01 15:55:02 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat [2012.04.01 15:55:02 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini [2012.04.01 15:44:50 | 000,000,529 | ---- | C] () -- C:\Windows\eReg.dat [2012.03.10 02:10:44 | 001,588,762 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.07 12:10:18 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.03.07 11:57:05 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.03.07 11:54:54 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2012.03.07 11:47:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2012.03.07 09:05:21 | 000,000,680 | RHS- | C] () -- C:\Users\Admin\ntuser.pol [2011.06.07 22:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.11.2012 10:36:20 - Run 3
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Admin\Downloads\Sicherheit
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,50 Gb Total Physical Memory | 1,95 Gb Available Physical Memory | 55,87% Memory free
6,99 Gb Paging File | 5,09 Gb Available in Paging File | 72,74% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 36,31 Gb Free Space | 37,22% Space Free | Partition Type: NTFS
Drive D: | 390,62 Gb Total Space | 385,00 Gb Free Space | 98,56% Space Free | Partition Type: NTFS
Drive E: | 48,83 Gb Total Space | 48,69 Gb Free Space | 99,71% Space Free | Partition Type: NTFS
Drive G: | 394,40 Gb Total Space | 392,55 Gb Free Space | 99,53% Space Free | Partition Type: NTFS
Computer Name: KI-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]
"DisableSR" = 0
"DisableConfig" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{21AB96E3-37E6-4106-B60E-1EE8F44A420A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{2B58DF1B-AFF5-45AA-842D-48B35067D4EC}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{39B06442-D575-47F1-B126-D4B5B973EBAA}" = lport=137 | protocol=17 | dir=in | app=system |
"{4E3C2A6A-3B67-4B9C-B4B3-FE577A795BB3}" = rport=137 | protocol=17 | dir=out | app=system |
"{4ED8A1FB-49DA-44FD-8236-2E0A81578CF2}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{535CC1FC-1283-4130-B0E4-4E6A7D02D32E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{65DBE268-7730-4483-9CC8-B8D720283541}" = lport=10243 | protocol=6 | dir=in | app=system |
"{677264A9-64A6-4AE2-AE00-475D40709170}" = rport=139 | protocol=6 | dir=out | app=system |
"{6BA4096B-4055-426C-B3E3-CECDE6911AC7}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{6CD82A1D-7339-4D18-A70F-78969CE578C8}" = lport=139 | protocol=6 | dir=in | app=system |
"{840533CC-B61C-4A5E-883A-83AECBA6E105}" = rport=138 | protocol=17 | dir=out | app=system |
"{9B225E04-B6F1-40E6-934F-F4E5ED07C7AC}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{A0BEAE1C-4BF4-4A28-B768-325AE52C66D1}" = lport=138 | protocol=17 | dir=in | app=system |
"{A372594A-5243-4A3F-9C7D-912FA4D7B21B}" = lport=445 | protocol=6 | dir=in | app=system |
"{A5482350-4953-44C1-93CA-CF7BCCCB4178}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BA28CCA9-5A30-4F1F-B696-34420B7EDF43}" = rport=445 | protocol=6 | dir=out | app=system |
"{C1A8A867-5D26-49F8-B33E-48130475C8D9}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{D406D45D-6ECC-4E43-9537-38E52CD77E9A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{DF5E5FD7-A3D3-4327-9EC1-02C1C333826A}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DFC5DEA4-9F26-4552-886D-4F61960DC0B8}" = rport=10243 | protocol=6 | dir=out | app=system |
"{FBDD2D65-BCF3-43A6-80E9-A081B916191C}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03A0A939-B245-433A-8AF2-778AD8D775F5}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{096F05EA-395F-4ED6-933D-63E4706B2B62}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{10B75F77-CAB5-4392-A62D-22BEA16DF6B9}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{11DCC6DE-624A-49B8-BD4B-A5ED1FB98589}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{13918B8F-E7B6-4570-838A-D9FCFF74687B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{159AB4C0-5E95-4F1A-BFAD-AE1120E3E5C7}" = protocol=17 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe |
"{192F19B9-1FA6-47F6-9E32-37FF3FAE2950}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{2453877C-7F4F-4005-BA23-56F8525D8436}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2A37AA77-3941-463F-B390-5FBCAAF2AC47}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{3E9A8615-E74D-4315-835D-F2A5C281D187}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{40EE46FE-293A-4F7B-8224-44A5B5889284}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{464A6748-1CED-4713-9C3D-A649CC3905B6}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{49FC6970-1FBF-497C-B533-1C6E65EAC58C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4B45B3A5-A01A-44FE-92D1-FD56B8B7D653}" = protocol=58 | dir=out | name=@iphlpsvc.dll,-503 |
"{54CAFEB5-F575-4762-B18F-FF067960B266}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{57BEBF2F-0EB2-4B51-912E-7E2F1404499B}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6E4A12D8-2ADF-44D9-90AC-3236AAC6C2DE}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"{7E378568-E0BF-477B-9D4A-8D9E86815BB9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{8285E526-56F5-4232-94BD-0387D51BF790}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{86A6DF31-8C76-465E-ADE7-EFF60CC6B99E}" = protocol=58 | dir=in | app=system |
"{8CFEA159-1B07-4144-A889-081B34696299}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8F69A275-5D83-4607-8F1B-6150DA652C13}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9D24028C-B356-4AEB-8B6F-20234313107C}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{A18BFF0F-75EA-4F97-B521-BE58A92D8283}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A56614BF-5776-4700-A031-B50013E4E900}" = protocol=6 | dir=out | app=system |
"{B4C766C7-2C70-4009-AD50-EAC98C5ABA30}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{C21940E8-08BC-4A8A-B7C0-E42238ECB993}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CB04BEF5-B34C-437A-974B-1C0FD570DACA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{D0E99404-354B-497E-AA93-CC1D0B9F7D03}" = protocol=6 | dir=in | app=c:\users\admin\appdata\local\akamai\netsession_win.exe |
"{D18CD604-346C-4F92-A561-D6969FAB0184}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{F6868D94-77BA-47ED-B08D-5FE577873624}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgnsa.exe |
"TCP Query User{C3E441AA-596E-4739-8498-A7A4C1A76FAD}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=6 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
"UDP Query User{C87426E4-B9C5-4BF2-A26D-B1890FAAAAE9}C:\program files (x86)\electronic arts\eadm\core.exe" = protocol=17 | dir=in | app=c:\program files (x86)\electronic arts\eadm\core.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02382870-19C7-3ACD-BBAE-F6E3760947DC}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ2412" = CanoScan LiDE 90
"{4E09871F-1285-CE5A-F1E1-74EE9537D1F3}" = ccc-utility64
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{624C7F0A-89B2-4C49-9CAB-9D69613EC95A}" = Microsoft IntelliPoint 8.2
"{6FEDAFB4-A2AE-4D6B-A505-D82B07291F40}" = AVG 2012
"{822D0F14-D815-8540-3264-839DB958DE66}" = AMD Media Foundation Decoders
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{BF46C84D-1AC3-4CC3-A45C-EF6257B80984}" = AVG 2012
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DDD72DB8-BB69-1AE3-9E21-BFD1CB87AEDF}" = ATI Catalyst Install Manager
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F83779DF-E1F5-43A2-A7BE-732F856FADB7}" = Microsoft SQL Server Compact 3.5 SP1 x64 English
"AVG" = AVG 2012
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft IntelliPoint 8.2" = Microsoft IntelliPoint 8.2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0F6199F2-A00F-E0D3-9AA8-A8C77CBA71E5}" = CCC Help Korean
"{15D2ABC9-D0E1-8FED-0124-22B3D631B65E}" = CCC Help Chinese Standard
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{19A492A0-888F-44A0-9B21-D91700763F62}" = Catalyst Control Center - Branding
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{242B2601-AF61-42B7-B6DB-B1C34FE5830F}" = Wii Xploder Cheat Saves and Media Manager
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{2A23E37B-DE77-98FB-8538-AD4B0D6EE632}" = CCC Help Swedish
"{2BA3C106-F8CE-9381-6D8E-AACA006386A1}" = CCC Help Norwegian
"{2DCD52EE-1AE1-4128-9819-A79F7D09B6B3}" = MAGIX Foto Designer 7
"{2E560D11-B767-46CF-47EC-CEACD190BE40}" = Catalyst Control Center Graphics Previews Common
"{3B983EFD-6E37-4AD9-9A7D-8C83E61674F7}" = Splashtop Connect IE
"{3DECD372-76A1-4483-BF10-B547790A3261}" = ON_OFF Charge B11.0110.1
"{3F0D0ABE-CDAF-431A-00BC-CBBE018EA74E}" = SimCity 4 Deluxe
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"{45D49CA7-D7D8-4659-B35A-EBD98C30AF28}" = Splashtop Connect for Firefox
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5347A5BA-9390-E244-5529-636DFEB5A869}" = CCC Help French
"{5E7626D4-61D6-05F9-5ED1-E633DCECC618}" = CCC Help Japanese
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61B5FC28-2C93-C7CC-91C3-805AC5EEE795}" = CCC Help Spanish
"{62AF1819-74A4-6260-0702-783ADF29C21F}" = AMD VISION Engine Control Center
"{63C5DD30-4C46-4968-B96A-A3E2992769FE}" = MAGIX Screenshare
"{6A85A2E4-C06D-0021-1627-1B35BDBCB480}" = CCC Help Greek
"{6C5F8503-55D2-4398-858C-362B7A7AF51C}" = Firebird SQL Server - MAGIX Edition
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74224F8D-4A17-4816-9EDB-7BB854DE532C}" = NVIDIA PhysX v8.04.25
"{768CA608-CBDB-D1F1-FB8E-4D5DBF2117B4}" = CCC Help Russian
"{8109378D-FF10-7794-F864-DE78FD082164}" = CCC Help Turkish
"{82465076-8328-2F93-E01D-88ADFEA62ABC}" = CCC Help Hungarian
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84F7CAD9-2316-4701-B5CA-E90FD60029E9}" = ANNO 1602
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{959282E3-55A9-49D8-B885-D27CF8A2FD82}" = PHOTOfunSTUDIO 5.0
"{9A96FB74-09A1-8157-4FBF-89A1AFC9D0D8}" = CCC Help Thai
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9CC9C809-6A85-8CED-1153-95B1FB4B4D73}" = CCC Help Czech
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A2D6ECD0-7E52-42B7-9236-DB2951436616}_is1" = Foto-Mosaik-Edda Standard V6.6.11255.1
"{A4FBF47A-178D-11C0-CF85-174AB58E854A}" = CCC Help Finnish
"{A6338038-539C-3896-C692-1D33BBB01D46}" = MAGIX Online Druck Service
"{A670706C-6792-16E7-409E-0BA8964DEB16}" = CCC Help Portuguese
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{B0674260-49DC-5A89-63F3-18F7B7CF0105}" = CCC Help Dutch
"{B252FEC0-C63B-4AF6-8459-D105B3E3FC70}" = MAGIX Foto Manager 10
"{B836D1A0-3FD2-CCE4-E55B-73F78D83C3CB}" = Catalyst Control Center Localization All
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die*Sims™*3
"{C6317628-C85F-4CEE-A2A7-8D4477EC7C24}" = Red Line 2 Sprachtrainer
"{C6DD7119-47BD-2049-C198-CDA0C62406D4}" = CCC Help Polish
"{CDA34A2D-8E04-39EC-A1AC-F05E57A32A26}" = CCC Help Danish
"{D9E52CD1-9DF1-4A8A-9BDC-1E5E53982F2B}" = Black & White® 2
"{DA55C3AE-41D7-D163-62B1-C0D6B0D6C3C2}" = Catalyst Control Center InstallProxy
"{DEC2B592-A6C8-81C3-32AA-179A8EE15DA8}" = CCC Help German
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E46210DE-11E9-F0FD-3D25-3AC39066A2FE}" = CCC Help English
"{E59113EB-0285-4BFD-A37A-B79EAC6B8F4B}" = Microsoft SQL Server Compact 3.5 SP1 English
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F54C0A3F-D78F-BF70-C4BD-12A4A983B866}" = CCC Help Italian
"{FBCF2ED3-AFB5-475E-BF9A-30BEAD366FBC}" = Sprachtrainer Fonts
"{FC9ADE57-C19B-AE0F-7EFD-03B7D76CFD46}" = CCC Help Chinese Traditional
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"Akamai" = Akamai NetSession Interface Service
"Audition Online1.2.6064" = Audition Online
"B991B020-2968-11D8-AF23-444553540000_is1" = FreeMind
"de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1" = MAGIX Online Druck Service
"ffdshow_is1" = ffdshow [rev 1953] [2008-05-04]
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.32.918
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B11.0704.1
"IrfanView" = IrfanView (remove only)
"Kindersicherung_is1" = Kindersicherung 2012
"Lernerfolg Grundschule Mathematik 1" = Lernerfolg Grundschule Mathematik 1
"MAGIX_MSI_Foto_Manager_10" = MAGIX Foto Manager 10
"MAGIX_MSI_FotoDesigner7_silver" = MAGIX Foto Designer 7
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"McAfee Security Scan" = McAfee Security Scan Plus
"Mozilla Firefox 16.0.2 (x86 de)" = Mozilla Firefox 16.0.2 (x86 de)
"Mozilla Thunderbird 16.0.2 (x86 de)" = Mozilla Thunderbird 16.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"Pflanzen gegen Zombies" = Pflanzen gegen Zombies
"SADK" = Die Siedler - Aufbruch der Kulturen
"TIPP10_is1" = TIPP10 Version 2.1.0
"VLC media player" = VLC media player 2.0.1
"Winamp" = Winamp
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-2045731269-1497510627-3927324861-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Akamai" = Akamai NetSession Interface
"Winamp Detect" = Winamp Erkennungs-Plug-in
"Wizard101(DE)_is1" = Wizard101(DE)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 16.11.2012 15:04:14 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 16.11.2012 16:15:08 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2012 07:54:09 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2012 08:16:14 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2012 11:38:43 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 17.11.2012 12:05:34 | Computer Name = Ki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 17.11.2012 14:00:49 | Computer Name = Ki-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "C:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 17.11.2012 17:57:20 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2012 05:15:47 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
Error - 18.11.2012 05:21:57 | Computer Name = Ki-PC | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 17.11.2012 08:14:41 | Computer Name = Ki-PC | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 08:16:00 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06 [verify-U]_System
Error - 17.11.2012 08:42:51 | Computer Name = Ki-PC | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 11:37:30 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06 [verify-U]_System
Error - 17.11.2012 17:40:23 | Computer Name = Ki-PC | Source = DCOM | ID = 10010
Description =
Error - 17.11.2012 17:57:18 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06 [verify-U]_System
Error - 17.11.2012 18:03:28 | Computer Name = Ki-PC | Source = DCOM | ID = 10010
Description =
Error - 18.11.2012 05:14:27 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06 [verify-U]_System
Error - 18.11.2012 05:20:26 | Computer Name = Ki-PC | Source = DCOM | ID = 10010
Description =
Error - 18.11.2012 05:21:47 | Computer Name = Ki-PC | Source = Service Control Manager | ID = 7026
Description = Das Laden folgender Boot- oder Systemstarttreiber ist fehlgeschlagen:
acedrv06 [verify-U]_System
< End of report >
|
|
18.11.2012, 21:39
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
20.11.2012, 22:57
| #11 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Malware: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.20.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Admin :: KI-PC [Administrator] Schutz: Aktiviert 20.11.2012 22:47:40 mbam-log-2012-11-20 (22-47-40).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 399504 Laufzeit: 2 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Fehlermeldung: "Can not get update. Is proxy configured?" wir hängen hier ganz normal mit Modem im Internet, kein proxy server soweit ich weiß Was ist zu tun? |
|
21.11.2012, 11:26
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Probier mal: Dieses Setup von ESET von runterladen => http://filepony.de/download-eset_online_scanner/ Beende danach alle Programme und starte das Setup via Rechtklick => als Administrator ausführen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.11.2012, 21:06
| #13 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
esets_scanner_update returned -1 esets_gle=12
esets_scanner_update returned -1 esets_gle=12
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=2519e8f0f014814baf4e9c501d100250
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-11-23 08:03:19
# local_time=2012-11-23 09:03:19 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1024 16777215 100 0 22570763 22570763 0 0
# compatibility_mode=5893 16776574 100 94 22575445 105326392 0 0
# compatibility_mode=8192 67108863 100 0 251762 251762 0 0
# scanned=150813
# found=1
# cleaned=0
# scan_time=4457
C:\Users\Duy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\VC3O99VE\lol10[1].exe multiple threats (unable to clean) 00000000000000000000000000000000 I
|
|
24.11.2012, 00:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Sieht soweit ok aus, nur ein Fund im IE-Cache Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.11.2012, 14:03
| #15 |
| | Backdoor Trojan Generic und laut malwarebyte noch einiges anderes Wie lösche ich den einen Fund noch? Was mache ich mit den ganzen installierten Programmen (malwarebytes meldet Ablauf der Testversion) - kann ich die wieder deinstallieren? Ich habe Firefox in allen accounts so eingestellt, dass die Cookies am Ende gelöscht werden und auch Better Privacy drauf. Werbebanner & Co sind mit Adblock inkl. 2 Erweiterungen eigentlich auch geblockt. Benötige ich dennoch CookieCuller und/oder MVPS? System sonst in Ordnung. Vielen Dank für die Hilfe und die Informationen! lg Clemens |
|
| Themen zu Backdoor Trojan Generic und laut malwarebyte noch einiges anderes |
| akamai, avg secure search, backdoor, bho, black, converter, document, error, fehler, firefox, flash player, format, home, install.exe, installation, logfile, mozilla, mp3, nodrives, plug-in, realtek, registry, rundll, scan, secure search, security, senden, software, svchost.exe, trojan, trojaner, visual studio |
Linear-Darstellung
