Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?

Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?


Log-Analyse und Auswertung: Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.11.2012, 10:55   #1
lmm-av
 
Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los? - Standard

Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?


Hallo zusammen.

Ich habe seit einigen Tagen folgende 2 Meldungen in Avira:
1.
Die Datei 'C:\Users\Thomas\AppData\Roaming\AcroIEHelpe227.dll'
enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '5406a6b8.qua' verschoben!
2.
Die Datei 'C:\Users\Thomas\AppData\Local\Temp\ldrC6B8.tmp'
enthielt einen Virus oder unerwünschtes Programm 'TR/Crypt.EPACK.Gen2' [trojan].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '55df5e5a.qua' verschoben!

Mein System:
ACER ASPIRE 5750G
Intel i5-2410M 2.3GHz 64bit
NVIDIA GeForce GT 540M
4GB Arbeitsspeicher
500GB HDD

Dann hab ich noch ein paar logfiles für euch:


defogger_disable.log:
Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 09:38 on 13/11/2012 (***)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
HKCU:DAEMON Tools Lite -> Removed

Checking for services/drivers...
SPTD -> Disabled (Service running -> reboot required)


-=E.O.F=-

OLT.Txt
Code:
ATTFilter
OTL logfile created on: 13.11.2012 09:43:20 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\***\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 2,08 Gb Available Physical Memory | 53,94% Memory free
7,71 Gb Paging File | 5,80 Gb Available in Paging File | 75,27% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,66 Gb Total Space | 15,99 Gb Free Space | 16,38% Space Free | Partition Type: NTFS
Drive E: | 353,01 Gb Total Space | 201,11 Gb Free Space | 56,97% Space Free | Partition Type: NTFS
 
Computer Name: ***-NOTEBOOK | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.11.13 09:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
PRC - [2012.10.06 03:14:00 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.08.08 12:39:59 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 20:30:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 20:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
PRC - [2011.08.26 13:14:40 | 000,177,448 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe
PRC - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe
PRC - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
PRC - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.03.14 12:44:38 | 000,414,800 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMutilps32.exe
PRC - [2011.03.14 12:44:38 | 000,334,416 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe
PRC - [2011.03.14 12:44:36 | 001,081,424 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe
PRC - [2011.03.09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe
PRC - [2011.03.09 18:10:04 | 000,297,280 | ---- | M] (NTI Corporation) -- C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe
PRC - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
PRC - [2011.02.23 21:19:22 | 000,371,200 | ---- | M] (shbox.de) -- C:\Program Files (x86)\FreePDF_XP\fpassist.exe
PRC - [2011.02.22 09:02:16 | 000,120,104 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Acer\clear.fi\MVP\clear.fiAgent.exe
PRC - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe
PRC - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe
PRC - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2010.09.14 02:32:30 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2010.04.15 10:57:44 | 000,203,912 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsCtrl.exe
PRC - [2010.04.15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe
PRC - [2010.03.02 18:52:00 | 000,140,640 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe
PRC - [2007.08.03 11:51:18 | 001,422,632 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2007.08.03 11:51:06 | 000,202,024 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.11 18:59:28 | 000,181,304 | ---- | M] () -- C:\Users\***\AppData\Roaming\16001.009\components\AcroFF009.dll
MOD - [2012.11.06 07:10:09 | 000,182,184 | ---- | M] () -- C:\Users\***\AppData\Roaming\16ffmeih001.001\components\ffmeih.dll
MOD - [2012.11.06 07:09:58 | 000,486,312 | ---- | M] () -- C:\Users\***\AppData\Roaming\16ffmei001.002\components\ffmei.dll
MOD - [2012.10.06 03:14:14 | 002,294,240 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.06.14 10:35:48 | 000,475,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\09557e6c5a83a1cb68c7c50a841c8064\IAStorUtil.ni.dll
MOD - [2012.06.14 09:42:47 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012.06.14 09:42:42 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012.05.12 10:14:12 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\220b0516e45e7f9bbf6a631490c1243a\IAStorCommon.ni.dll
MOD - [2012.05.12 10:12:24 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 10:11:50 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.12 10:11:46 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.12 10:11:43 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.12 10:11:42 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.12 10:11:36 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011.07.06 00:40:31 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
MOD - [2011.05.20 10:13:04 | 000,206,216 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\Kernel\DMR\CLNetMediaDMA.dll
MOD - [2011.05.20 10:13:04 | 000,169,352 | ---- | M] () -- C:\Program Files (x86)\Acer\clear.fi\MVP\.\Kernel\DMR\DMREngine.exe
MOD - [2011.03.09 18:13:18 | 000,465,640 | ---- | M] () -- C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.04.15 10:54:42 | 000,187,528 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsEngineRes407.dll
MOD - [2010.04.15 10:54:24 | 002,473,096 | ---- | M] () -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsAppRes407.dll
MOD - [2007.03.13 10:28:36 | 000,823,296 | ---- | M] () -- C:\Program Files (x86)\Common Files\Nero\Lib\log4cxx.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.11.01 15:59:16 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.08 20:30:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 20:30:32 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7)
SRV - [2011.08.05 11:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc)
SRV - [2011.08.05 11:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm)
SRV - [2011.08.05 11:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc)
SRV - [2011.07.05 15:10:20 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2011.05.26 07:40:48 | 000,029,696 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService)
SRV - [2011.05.10 13:01:08 | 000,872,552 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2011.03.30 23:05:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.03.14 12:44:36 | 000,352,336 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService)
SRV - [2011.03.09 18:11:22 | 000,257,344 | ---- | M] (NTI Corporation) [Auto | Running] -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2011.03.01 20:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011.02.25 09:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2011.02.01 22:24:42 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2011.02.01 22:24:40 | 000,326,168 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2011.01.31 21:55:14 | 000,244,624 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Live Updater Service)
SRV - [2010.11.11 17:07:12 | 000,199,600 | ---- | M] (Telefónica I+D) [Auto | Running] -- C:\Program Files (x86)\o2\Mobile Connection Manager\ImpWiFiSvc.exe -- (TGCM_ImportWiFiSvc)
SRV - [2010.10.08 01:24:16 | 000,150,016 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Programme\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV - [2010.09.23 02:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc)
SRV - [2010.09.21 22:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.09.14 02:32:32 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2010.04.15 10:51:02 | 000,261,256 | ---- | M] (NovaStor) [Auto | Running] -- C:\Program Files (x86)\NovaStor\NovaStor NovaBACKUP\nsService.exe -- (nsService)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.15 07:20:41 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.05.08 20:30:33 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.08 20:30:33 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.09 00:43:29 | 000,141,920 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\vsflt53.sys -- (vidsflt53)
DRV:64bit: - [2011.11.03 02:01:00 | 000,056,208 | ---- | M] (Rovi Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.10.03 15:41:58 | 000,146,736 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV:64bit: - [2011.09.15 22:55:03 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.04.15 19:08:28 | 012,228,128 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011.03.30 23:05:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 05:01:45 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2011.03.10 05:01:45 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2011.03.01 15:33:16 | 004,720,704 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2011.01.21 02:15:30 | 000,019,496 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdmp.sys -- (b57xdmp)
DRV:64bit: - [2011.01.21 02:15:28 | 000,067,624 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\b57xdbd.sys -- (b57xdbd)
DRV:64bit: - [2011.01.20 04:28:26 | 000,052,264 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiMSa.sys -- (bScsiMSa)
DRV:64bit: - [2011.01.17 23:56:14 | 000,412,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2011.01.14 02:22:24 | 000,085,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bScsiSDa.sys -- (bScsiSDa)
DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.21 04:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.20 14:34:04 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm)
DRV:64bit: - [2010.11.20 14:34:04 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus)
DRV:64bit: - [2010.11.20 12:35:34 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb)
DRV:64bit: - [2010.11.20 12:35:26 | 000,016,384 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpcuxd.sys -- (vpcuxd)
DRV:64bit: - [2010.11.20 12:35:22 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV:64bit: - [2010.11.12 07:23:40 | 000,138,024 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2010.10.20 01:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.10.15 09:28:18 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.10.08 01:23:38 | 000,019,192 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.09.14 02:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2010.02.22 16:41:42 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.12.28 14:52:12 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.02.03 16:00:04 | 000,012,800 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter_hs.sys -- (massfilter_hs)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
 
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://acer.msn.com [binary data]
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = my.daemon-search.com
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..\SearchScopes\{AD22EBAF-0D18-4fc7-90CC-5EA0ABBE9EB8}: "URL" = hxxp://www.daemon-search.com/search?q={searchTerms}
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.10
FF - prefs.js..extensions.enabledAddons: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.4.8.20120412011105
FF - prefs.js..extensions.enabledAddons: {33044118-6597-4D2F-ABEA-7974BB185379}:1.0
FF - prefs.js..extensions.enabledAddons: {A396240B-27B6-4007-9588-064E96278BAD}:1.0
FF - prefs.js..extensions.enabledAddons: {BC5B75E1-4A8F-4081-A8B8-3B6E5B9F068D}:1.0
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.26 17:38:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{A396240B-27B6-4007-9588-064E96278BAD}: C:\Users\Thomas\AppData\Roaming\16ffmei001.002 [2012.11.06 07:10:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{BC5B75E1-4A8F-4081-A8B8-3B6E5B9F068D}: C:\Users\Thomas\AppData\Roaming\16ffmeih001.001 [2012.11.06 07:10:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{33044118-6597-4D2F-ABEA-7974BB185379}: C:\Users\Thomas\AppData\Roaming\16001.009 [2012.11.11 18:59:28 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 15:59:11 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
 
[2011.10.07 19:51:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions
[2012.10.26 17:39:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions
[2012.10.26 17:39:02 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.09.17 09:26:04 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\oir04hnp.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.10.13 23:10:55 | 000,189,644 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\oir04hnp.default\extensions\onlinehdtv@onlinehd.tv.xpi
[2011.10.29 02:06:39 | 000,002,055 | ---- | M] () -- C:\Users\Thomas\AppData\Roaming\mozilla\firefox\profiles\oir04hnp.default\searchplugins\daemon-search.xml
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012.10.26 17:38:19 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files (x86)\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2012.11.11 18:59:28 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\16001.009
[2012.11.06 07:10:00 | 000,000,000 | ---D | M] (Java Common Helper) -- C:\USERS\***\APPDATA\ROAMING\16FFMEI001.002
[2012.11.06 07:10:11 | 000,000,000 | ---D | M] (Adobe Pdf Helper 1.0) -- C:\USERS\***\APPDATA\ROAMING\16FFMEIH001.001
[2012.10.06 03:14:59 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.10.06 04:22:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.10.06 04:22:08 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.10.06 04:22:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.10.06 04:22:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.10.06 04:22:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.10.06 04:22:08 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (no name) - {EBCDDA60-2A68-11D3-8A43-0060083CFB9C} - No CLSID value found.
O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found.
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll File not found
O3:64bit: - HKLM\..\Toolbar: (DAEMON Tools Toolbar) - {32099AAC-C132-4136-9E9A-4E364A424E17} - C:\Program Files (x86)\DAEMON Tools Toolbar\DTToolbar64.dll File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Logitech Download Assistant] C:\Windows\SysNative\LogiLDA.dll (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Dolby PCEE4\pcee4.exe (Dolby Laboratories Inc.)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Program Files (x86)\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScanUtility] C:\Program Files (x86)\Canon\Canon IJ Network Scan Utility\CNMNSUT.exe (CANON INC.)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NBKeyScan] C:\Program Files (x86)\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001..\Run: [AdobeBridge]  File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000..\RunOnce: [ScrSav] C:\Program Files (x86)\Acer\Screensaver\run_Acer.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~4\OFFICE11\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: cleverreach.com ([novastor] http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: google-analytics.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: novastor.com ([]http in Vertrauenswürdige Sites)
O15 - HKU\S-1-5-21-3442338135-3307266524-3679170696-1001\..Trusted Domains: novastor.com ([]https in Vertrauenswürdige Sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4AAA5634-0035-4185-B50A-EBCA2C02926B}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{1ad4afe3-fa62-11e0-8321-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4afe3-fa62-11e0-8321-b870f49f885f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{1ad4afef-fa62-11e0-8321-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{1ad4afef-fa62-11e0-8321-b870f49f885f}\Shell\AutoRun\command - "" = F:\AutoRun.exe
O33 - MountPoints2\{3a1082f3-f44b-11e0-bfe2-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{3a1082f3-f44b-11e0-bfe2-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7a868878-4ea6-11e1-a28a-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{7a868878-4ea6-11e1-a28a-b870f49f885f}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{8a0a1f65-f34f-11e0-ad0c-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0a1f65-f34f-11e0-ad0c-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{8a0a1f78-f34f-11e0-ad0c-ccaf78088fe2}\Shell - "" = AutoRun
O33 - MountPoints2\{8a0a1f78-f34f-11e0-ad0c-ccaf78088fe2}\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{93bdd469-0cb9-11e1-beba-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{93bdd469-0cb9-11e1-beba-b870f49f885f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{df55f88b-6fa7-11e1-a65c-b870f49f885f}\Shell - "" = AutoRun
O33 - MountPoints2\{df55f88b-6fa7-11e1-a65c-b870f49f885f}\Shell\AutoRun\command - "" = H:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\E\Shell - "" = AutoRun
O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.11.13 09:37:31 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.11 18:59:28 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.009
[2012.11.06 12:47:32 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.008
[2012.11.06 07:10:31 | 000,195,496 | ---- | C] (BitDefender Corporation) -- C:\Users\***\AppData\Roaming\meih.dll
[2012.11.06 07:10:21 | 000,491,432 | ---- | C] (Microsoft Corporation) -- C:\Users\***\AppData\Roaming\mei.dll
[2012.11.06 07:10:11 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.11.06 07:10:00 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.03 14:23:40 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.007
[2012.11.01 15:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird
[2012.11.01 12:18:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Finale 2011
[2012.11.01 12:15:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Finale 2011
[2012.10.31 14:17:29 | 000,000,000 | ---D | C] -- C:\Users\****\AppData\Roaming\16001.006
[2012.10.26 22:03:18 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Adobe
[2012.10.26 22:03:17 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.10.26 21:49:26 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.10.26 19:30:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XMedia Recode
[2012.10.26 19:30:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XMedia Recode
[2012.10.26 18:29:34 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\16001.005
[2012.10.24 16:00:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.012
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\PACE Anti-Piracy
[2012.10.20 18:23:45 | 000,000,000 | ---D | C] -- C:\ProgramData\PACE Anti-Piracy
[2012.10.20 17:43:45 | 000,056,208 | ---- | C] (Rovi Corporation) -- C:\Windows\SysNative\drivers\PxHlpa64.sys
[2012.10.20 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Sonic Shared
[2012.10.20 17:43:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2012.10.20 17:43:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\My Company Name
[2012.10.20 17:39:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Production Premium CS6
[2012.10.20 17:39:33 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2012.10.20 17:38:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2012.10.20 17:10:36 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\Adobe CS6 Production Premium
[2012.10.20 10:40:00 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Notes
[2012.10.18 00:23:15 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.011
[2012.10.17 09:48:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\15001.010
[2012.10.15 10:38:25 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Adobe Scripts
[2 C:\Users\Thomas\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.11.13 09:46:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 09:46:43 | 000,016,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.11.13 09:46:37 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.11.13 09:46:37 | 000,656,294 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.11.13 09:46:37 | 000,616,800 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.11.13 09:46:37 | 000,130,894 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.11.13 09:46:37 | 000,107,180 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.11.13 09:39:15 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl
[2012.11.13 09:39:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.11.13 09:38:59 | 3104,722,944 | -HS- | M] () -- C:\hiberfil.sys
[2012.11.13 09:38:20 | 000,000,188 | ---- | M] () -- C:\Users\***\defogger_reenable
[2012.11.13 09:37:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe
[2012.11.13 09:37:18 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.12 13:14:42 | 000,000,034 | ---- | M] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.11.12 11:53:27 | 000,000,080 | ---- | M] () -- C:\Windows\BBW_INFO.INI
[2012.11.11 18:59:34 | 000,208,528 | ---- | M] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll
[2012.11.11 18:59:34 | 000,007,720 | ---- | M] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll
[2012.11.11 17:24:59 | 000,000,531 | ---- | M] () -- C:\Users\***\Desktop\Band-in-a-Box.lnk
[2012.11.06 07:10:31 | 000,195,496 | ---- | M] (BitDefender Corporation) -- C:\Users\***\AppData\Roaming\meih.dll
[2012.11.01 21:43:33 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
[2012.11.01 12:15:56 | 000,000,984 | ---- | M] () -- C:\Users\Public\Desktop\Finale 2011.lnk
[2012.11.01 12:08:45 | 000,001,117 | ---- | M] () -- C:\Users\***\Desktop\CDex.lnk
[2012.10.31 14:38:55 | 000,000,018 | ---- | M] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.10.28 21:04:34 | 000,007,605 | ---- | M] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.10.28 11:20:15 | 000,001,088 | ---- | M] () -- C:\Users\***\Desktop\Adobe Premiere Pro CS6.lnk
[2012.10.26 19:30:12 | 000,001,035 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.10.26 19:02:21 | 000,001,214 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo ClipFinder HD.lnk
[2012.10.26 17:38:27 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.24 07:45:16 | 005,447,184 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.11.13 09:38:20 | 000,000,188 | ---- | C] () -- C:\Users\***\defogger_reenable
[2012.11.13 09:37:17 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe
[2012.11.11 18:59:34 | 000,208,528 | ---- | C] () -- C:\Users\***\AppData\Roaming\AcroIEHelpe227.dll
[2012.11.11 18:59:34 | 000,007,720 | ---- | C] () -- C:\Users\***\AppData\Roaming\BAcroIEHelpe227.dll
[2012.11.01 12:15:56 | 000,000,984 | ---- | C] () -- C:\Users\Public\Desktop\Finale 2011.lnk
[2012.11.01 12:08:45 | 000,001,117 | ---- | C] () -- C:\Users\***\Desktop\CDex.lnk
[2012.10.31 14:38:55 | 000,000,018 | ---- | C] () -- C:\Users\***\AppData\Roaming\urhtps.dat
[2012.10.28 21:04:34 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012.10.28 11:20:15 | 000,001,088 | ---- | C] () -- C:\Users\***\Desktop\Adobe Premiere Pro CS6.lnk
[2012.10.26 19:30:12 | 000,001,035 | ---- | C] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012.10.26 17:38:27 | 000,001,127 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2012.10.26 17:38:27 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.10.20 17:41:03 | 000,000,961 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk
[2012.10.13 23:43:42 | 000,000,034 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res
[2012.10.13 17:19:28 | 002,463,976 | ---- | C] () -- C:\Windows\SysWow64\NPSWF32.dll
[2012.08.28 16:11:50 | 000,000,080 | ---- | C] () -- C:\Windows\BBW_INFO.INI
[2012.08.24 20:32:34 | 000,000,186 | ---- | C] () -- C:\Windows\VWCMIM.INI
[2012.04.22 19:25:43 | 000,000,028 | ---- | C] () -- C:\Windows\PcNcEdtClnd.ini
[2012.02.23 09:04:37 | 000,007,168 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.02.12 14:57:06 | 000,000,085 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.12.21 22:06:48 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE
[2011.12.13 22:07:46 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\_Z2
[2011.11.13 13:33:47 | 000,000,553 | ---- | C] () -- C:\Windows\CAPELL~1.INI
[2011.11.08 17:20:59 | 000,000,604 | -H-- | C] () -- C:\Program Files (x86)\STLL Notifier
[2011.10.28 20:05:36 | 000,000,069 | ---- | C] () -- C:\Windows\NeroDigital.ini
[2011.10.27 15:15:44 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2011.10.25 11:58:03 | 000,000,043 | ---- | C] () -- C:\Windows\gswin64.ini
[2011.10.23 20:21:19 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.10.09 21:06:58 | 000,003,273 | ---- | C] () -- C:\Windows\scenelib24.ini
[2011.06.08 08:30:47 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.08 08:30:45 | 000,218,304 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.08 08:30:44 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2011.06.08 08:30:43 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.08 08:30:41 | 013,359,616 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
[2011.06.08 07:57:52 | 000,131,984 | ---- | C] () -- C:\ProgramData\FullRemove.exe
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.02.09 14:52:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\.oit
[2012.10.20 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.008
[2012.10.20 01:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.010
[2012.10.20 01:34:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.011
[2012.10.24 16:00:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\15001.012
[2012.10.26 18:29:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.005
[2012.10.31 14:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.006
[2012.11.03 14:23:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.007
[2012.11.06 12:47:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.008
[2012.11.11 18:59:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16001.009
[2012.11.06 07:10:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmei001.002
[2012.11.06 07:10:11 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\16ffmeih001.001
[2012.02.09 00:47:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Acronis
[2012.08.16 13:39:07 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo
[2011.12.13 22:08:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avid
[2011.10.07 20:27:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CadSoft
[2012.08.24 18:25:05 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Canon
[2011.12.19 14:34:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\capella-software
[2011.12.29 15:14:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CD-LabelPrint
[2012.10.26 22:03:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2012.04.26 18:18:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.02.12 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DAEMON Tools Lite
[2012.06.22 16:12:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft
[2012.05.16 23:15:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\elsterformular
[2011.10.24 12:13:18 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreePDF
[2012.10.13 23:40:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\FreeTorrentViewer
[2012.02.09 13:33:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\GetRightToGo
[2012.02.09 13:35:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HDX4 GmbH
[2012.02.10 10:24:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Jens Lorek
[2012.10.13 23:43:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock
[2012.11.01 12:19:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MakeMusic
[2012.05.03 09:44:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NASNaviator2
[2012.04.19 08:36:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Neuratron
[2012.04.23 23:57:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\newsXpresso
[2012.10.20 18:23:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PACE Anti-Piracy
[2012.08.30 07:40:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PowerCinema
[2012.02.28 13:11:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\REAPER
[2012.02.09 13:33:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SuperEasy Software
[2012.05.05 15:14:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer
[2012.03.22 19:02:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Telefónica
[2011.10.08 15:08:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird
[2011.10.23 11:50:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP
[2011.11.08 19:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TuneUp Software
[2011.10.10 15:56:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vodafone
[2012.10.20 01:35:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinTrack
[2012.10.26 21:49:26 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode
[2012.11.13 09:41:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 142 bytes -> C:\ProgramData\Temp:5925E400
@Alternate Data Stream - 129 bytes -> C:\ProgramData\Temp:5D458568

< End of report >

 

Themen zu Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?
adobe, antivir, avg, avira, bingbar, canon, converter, defender, document, excel, firefox, format, google, google-analytics.com, home, launch, mozilla, mp3, nvpciflt.sys, plug-in, programm, realtek, registry, required, scan, software, system, thomas, tr/crypt.epack.gen2, tr/spy.banker.gen8, trojan, virus, windows


« Wieder Da! Trojaner chydo in c:/user/public | Trojaner durch Deutsche Post E-Mail »


Ähnliche Themen: Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?


  1. Avira hat TR/Crypt.EPACK.Gen2 gefunden
    Log-Analyse und Auswertung - 23.05.2015 (9)
  2. Avira meldet Fund: 'TR/Crypt.XPACK.Gen2, Malwarebytes findet PUP.Optional.OpenCandy. Was tun?
    Plagegeister aller Art und deren Bekämpfung - 21.05.2014 (14)
  3. Windows7:Avira:TR/Crypt.EPACK.Gen2
    Log-Analyse und Auswertung - 17.05.2014 (9)
  4. Einblendung "Budesamt" sperrt PC, Avira meldet Crypt.EPACK.Gen2 & Rogue.kdz.7567.1
    Plagegeister aller Art und deren Bekämpfung - 17.02.2013 (17)
  5. Avira meldet 'TR/Crypt.EPACK.Gen2'
    Log-Analyse und Auswertung - 05.01.2013 (16)
  6. TR/Crypt.EPACK.Gen2 bei AVIRA gefunden, aber MALWAREBYTES fand andere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 03.01.2013 (2)
  7. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (9)
  8. TR/Crypt.EPACK.Gen2 auf dem pc
    Plagegeister aller Art und deren Bekämpfung - 19.12.2012 (7)
  9. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 13.12.2012 (6)
  10. TR/Crypt.EPACK.Gen2 / TR/Spy.Banker.Gen8
    Plagegeister aller Art und deren Bekämpfung - 22.11.2012 (5)
  11. Verschlüsselungstrojaner noch auf PC? (TR/Crypt.EPACK.Gen8, wroui.dll)
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (3)
  12. Avira findet TR/Crypt.ZPACK.Gen8, TR/Vcaredrix.A.3 und Tr/Crpyt.EPACK.Gen8
    Plagegeister aller Art und deren Bekämpfung - 30.08.2012 (21)
  13. Avira meldet mehrere Infizierungen: u.a. TR/Crypt.EPACK.Gen2
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (3)
  14. Avira findet TR/Kazy.81861, TR/Crypt.ZPACK.Gen2, TR/ATRAPS.Gen2
    Log-Analyse und Auswertung - 02.08.2012 (1)
  15. TR/Crypt.EPACK.Gen8, TR/Crypt.XPACK.Gen, TR/Vcaredrix.A.3 und einige EXP/CVE-xx, EXP/2010-xx Viren.
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (7)
  16. TR/Crypt.XPACK.Gen8 - TR/Crypt.EPACK.Gen2 - TR/ATRAPS.Gen
    Plagegeister aller Art und deren Bekämpfung - 10.07.2012 (18)
  17. Virus TR/Crypt.EPACK.Gen8' [trojan] > Daten verschlüsselt
    Plagegeister aller Art und deren Bekämpfung - 19.06.2012 (1)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los? - Hallo zusammen. Ich habe seit einigen Tagen folgende 2 Meldungen in Avira: 1. Die Datei 'C:\Users\Thomas\AppData\Roaming\AcroIEHelpe227.dll' enthielt einen Virus oder unerwünschtes Programm 'TR/Spy.Banker.Gen8' [trojan]. Durchgeführte Aktion(en): Die Datei wurde ins - Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los?...
Archiv
Du betrachtest: Avira findet TR/Spy.Banker.Gen8 und TR/Crypt.EPACK.Gen2 - wie werd ich die wieder los? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19