![]() |
|
Log-Analyse und Auswertung: Deutsche Post TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
![]() | #1 |
![]() | ![]() Deutsche Post Trojaner Hallo, Meine Mutter hat am Familienrechner ne Mail von "der Post" geöffnet, inklusive der .zip Datei. Scheint sie ja aber nicht die einzige gewesen zu sein, habe mal geguckt und schonmal ein Scan mit Malwarebytes Anti-Malware und mit OTL durchgeführt. Für Hilfe wie ich weiter vorgehen sollte bedanke ich mich schonmal im vorraus! Hier schonmal die beiden Log files: Malwabytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.27.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 meister :: MEISTER-PC [Administrator] Schutz: Aktiviert 27.12.2012 14:05:00 mbam-log-2012-12-27 (15-03-54).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 438578 Laufzeit: 57 Minute(n), 54 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\ProgramData\pcdfdata (Rogue.PCDefenderPlus) -> Keine Aktion durchgeführt. Infizierte Dateien: 3 C:\ProgramData\pcdfdata\defs.bin (Rogue.PCDefenderPlus) -> Keine Aktion durchgeführt. C:\ProgramData\pcdfdata\config.bin (Rogue.PCDefenderPlus) -> Keine Aktion durchgeführt. C:\ProgramData\pcdfdata\vl.bin (Rogue.PCDefenderPlus) -> Keine Aktion durchgeführt. (Ende) Code:
ATTFilter OTL logfile created on: 27.12.2012 15:13:20 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\meister\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 2,18 Gb Available Physical Memory | 54,59% Memory free 8,00 Gb Paging File | 5,82 Gb Available in Paging File | 72,83% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 456,40 Gb Total Space | 374,14 Gb Free Space | 81,98% Space Free | Partition Type: NTFS Drive D: | 457,11 Gb Total Space | 412,80 Gb Free Space | 90,31% Space Free | Partition Type: NTFS Computer Name: MEISTER-PC | User Name: meister | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.27 14:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meister\Desktop\OTL.exe PRC - [2012.12.09 19:54:04 | 001,046,984 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe PRC - [2012.12.09 19:54:04 | 000,894,920 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe PRC - [2012.12.08 17:03:35 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.11.06 19:00:32 | 003,143,800 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe PRC - [2011.09.01 12:39:54 | 000,966,712 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe PRC - [2011.06.16 08:24:20 | 000,141,824 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.06.14 16:42:26 | 001,540,096 | ---- | M] (Nokia) -- C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe PRC - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe PRC - [2008.07.29 17:52:56 | 000,454,704 | ---- | M] (Egis inc.) -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSMSNLoader32.exe PRC - [2004.06.09 15:37:02 | 000,040,960 | ---- | M] (BIGDOG) -- C:\Windows\VM_STI.EXE ========== Modules (No Company Name) ========== MOD - [2012.12.09 19:54:04 | 001,046,984 | ---- | M] () -- C:\Program Files (x86)\AVG Secure Search\vprot.exe MOD - [2012.12.09 19:54:04 | 000,566,728 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.3.2\avgdttbx.dll MOD - [2012.12.09 19:54:04 | 000,137,672 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\SiteSafety.dll MOD - [2012.12.08 17:03:33 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.07.21 13:00:12 | 000,931,896 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Maps Service API.dll MOD - [2011.07.21 12:59:22 | 000,416,256 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\sqldrivers\qsqlite4.dll MOD - [2011.07.21 12:59:22 | 000,196,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qjpeg4.dll MOD - [2011.07.21 12:59:22 | 000,026,624 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\imageformats\qgif4.dll MOD - [2011.07.21 12:59:20 | 010,837,504 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtWebKit4.dll MOD - [2011.07.21 12:59:20 | 008,166,912 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtGui4.dll MOD - [2011.07.21 12:59:20 | 002,551,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXmlPatterns4.dll MOD - [2011.07.21 12:59:20 | 002,282,496 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtCore4.dll MOD - [2011.07.21 12:59:20 | 002,246,656 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtDeclarative4.dll MOD - [2011.07.21 12:59:20 | 001,288,192 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtScript4.dll MOD - [2011.07.21 12:59:20 | 000,913,920 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtNetwork4.dll MOD - [2011.07.21 12:59:20 | 000,676,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtOpenGL4.dll MOD - [2011.07.21 12:59:20 | 000,340,480 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtXml4.dll MOD - [2011.07.21 12:59:20 | 000,266,752 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\phonon4.dll MOD - [2011.07.21 12:59:20 | 000,190,464 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtSql4.dll MOD - [2011.07.21 12:31:14 | 000,508,416 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QtMultimediaKit1.dll MOD - [2011.07.21 12:31:14 | 000,109,568 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\mediaservice\dsengine.dll MOD - [2011.07.21 12:30:46 | 000,378,880 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtCore.dll MOD - [2011.07.21 12:30:46 | 000,159,232 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\QxtWeb.dll MOD - [2011.07.21 12:30:44 | 000,392,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\ssoengine.dll MOD - [2011.07.21 12:30:44 | 000,387,976 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\OviShareLib.dll MOD - [2011.07.21 12:30:44 | 000,089,088 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\qjson.dll MOD - [2011.07.21 12:30:44 | 000,058,768 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\securestorage.dll MOD - [2011.07.21 12:29:38 | 000,727,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\CommonUpdateChecker.dll MOD - [2008.04.28 09:49:20 | 000,003,072 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BkupTrayLOC.dll MOD - [2005.07.20 10:48:10 | 000,059,904 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Ovi Suite\zlib1.dll ========== Services (SafeList) ========== SRV - [2012.12.12 17:32:38 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.09 19:54:04 | 000,894,920 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.3.2\ToolbarUpdater.exe -- (vToolbarUpdater13.3.2) SRV - [2012.12.08 17:03:34 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.11.06 19:00:04 | 005,814,392 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate) SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc) SRV - [2011.06.08 12:02:00 | 000,633,856 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2010.01.29 23:40:16 | 001,043,584 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.08.18 11:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.08.19 14:27:22 | 000,024,576 | ---- | M] () [Auto | Running] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService) SRV - [2008.07.29 17:53:00 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.09 19:54:04 | 000,030,568 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.05 03:32:50 | 000,111,456 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.18 09:14:22 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2011.05.18 09:14:20 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2011.05.18 09:14:16 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2011.05.18 09:14:12 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 14:32:47 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 14:32:46 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.08.28 11:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2008.08.05 05:29:26 | 000,056,352 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2008.07.29 17:53:50 | 000,060,976 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDVdisk.sys -- (psdvdisk) DRV:64bit: - [2008.07.29 17:53:50 | 000,021,040 | ---- | M] (Egis Incorporated) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\PSDNServ.sys -- (PSDNServ) DRV:64bit: - [2008.07.29 17:53:48 | 000,022,064 | ---- | M] (Egis Incorporated) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\psdfilter.sys -- (PSDFilter) DRV:64bit: - [2008.05.26 10:54:28 | 000,120,816 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSVD.sys -- (WSVD) DRV:64bit: - [2008.02.25 15:29:24 | 000,013,144 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ITEIO.sys -- (ITEIO.SYS) DRV:64bit: - [2008.01.31 01:48:32 | 000,016,384 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2008.01.31 01:48:16 | 000,016,384 | ---- | M] (NewTech Infosystems Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2006.06.06 13:45:24 | 000,432,512 | ---- | M] (VM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbVM31b.sys -- (ZSMC301b) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.19 14:23:00 | 000,017,952 | ---- | M] (Acer, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\int15_64.sys -- (int15) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{CCC7A320-B3CA-4199-B1A6-9F516DD69829}: "URL" = hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg-chrome&type=yahoo_avg_hs2-tb-web_chrome_us&p={searchTerms} IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&s=1&o=vp64&d=1006&m=aspire_x1700 IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://isearch.avg.com/?cid={6CA05A4E-8FD5-4E66-9885-6CF13DC63024}&mid=163e95c0082e47d1bc95d168d1a91dd1-b36302885f86057c89883997faaca0c8b11df77f&lang=de&ds=AVG&pr=fr&d=2012-12-09 19:54:13&v=13.3.0.17&sap=hp IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE339 IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={6CA05A4E-8FD5-4E66-9885-6CF13DC63024}&mid=163e95c0082e47d1bc95d168d1a91dd1-b36302885f86057c89883997faaca0c8b11df77f&lang=de&ds=AVG&pr=fr&d=2012-12-09 19:54:13&v=13.3.0.17&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.3.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:10.0.0.1178 FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1209 FF - prefs.js..extensions.enabledItems: avg@igeared:6.103.018.001 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.3.2\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 17:03:35 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.16 19:04:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{CCB7D94B-CA92-4E3F-B79D-ADE0F07ADC74}: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Thunderbird Connector\ThunderbirdExtension\ [2011.11.23 20:59:45 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.08 17:03:35 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.16 19:04:08 | 000,000,000 | ---D | M] [2011.11.23 21:06:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\meister\AppData\Roaming\mozilla\Extensions [2012.11.23 17:20:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\meister\AppData\Roaming\mozilla\Firefox\Profiles\jps9qeaf.default\extensions [2011.11.23 21:06:56 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\meister\AppData\Roaming\mozilla\Firefox\Profiles\jps9qeaf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.11.17 21:09:35 | 000,566,853 | ---- | M] () (No name found) -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\extensions\toolbar@web.de.xpi [2012.11.23 17:20:15 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.17 21:09:42 | 000,000,911 | ---- | M] () -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\searchplugins\11-suche.xml [2012.11.17 21:09:42 | 000,002,273 | ---- | M] () -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\searchplugins\englische-ergebnisse.xml [2012.11.17 21:09:42 | 000,010,563 | ---- | M] () -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\searchplugins\gmx-suche.xml [2012.11.17 21:09:42 | 000,002,432 | ---- | M] () -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\searchplugins\lastminute.xml [2012.11.17 21:09:42 | 000,005,545 | ---- | M] () -- C:\Users\meister\AppData\Roaming\mozilla\firefox\profiles\jps9qeaf.default\searchplugins\webde-suche.xml [2012.12.08 17:03:20 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.12.08 17:03:35 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 16:55:59 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.12.09 19:54:14 | 000,000,000 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.12 18:08:51 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 16:55:59 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 16:55:59 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 16:55:59 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 16:55:59 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - Extension: No name found = C:\Users\meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: No name found = C:\Users\meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: No name found = C:\Users\meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ CHR - Extension: No name found = C:\Users\meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.2.5.32_0\ CHR - Extension: No name found = C:\Users\meister\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 22:37:24 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found O2:64bit: - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\ActiveToolBand.dll (Egis) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll () O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (no name) - {0BF43445-2F28-4351-9252-17FE6E806AA0} - No CLSID value found. O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.3.0.17\AVG Secure Search_toolbar.dll () O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDStoolbar.dll (Egis Incorporated.) O3 - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3:64bit: - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Acer Empowering Technology Monitor] C:\Programme\Acer\Empowering Technology\SysMonitor.exe () O4:64bit: - HKLM..\Run: [eDataSecurity Loader] C:\Program Files (x86)\Acer\Empowering Technology\eDataSecurity\x64\eDSloader.exe (Egis Incorporated) O4:64bit: - HKLM..\Run: [EmpoweringTechnology] C:\Program Files\Acer\Empowering Technology\Framework.Launcher.exe boot File not found O4:64bit: - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [NokiaMServer] C:\Program Files (x86)\Common Files\Nokia\MPlatform\NokiaMServer.exe (Nokia) O4 - HKLM..\Run: [ROC_roc_dec12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_dec12.exe" /PROMPT /CMPID=roc_dec12 File not found O4 - HKLM..\Run: [ROC_ROC_JULY_P1] "C:\Program Files (x86)\AVG Secure Search\ROC_ROC_JULY_P1.exe" / /PROMPT /CMPID=ROC_JULY_P1 File not found O4 - HKLM..\Run: [ROC_roc_ssl_v12] "C:\Program Files (x86)\AVG Secure Search\ROC_roc_ssl_v12.exe" / /PROMPT /CMPID=roc_ssl_v12 File not found O4 - HKLM..\Run: [VM_STI] C:\Windows\VM_STI.exe (BIGDOG) O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2570873103-3852924451-1295019736-1000..\Run: [NokiaOviSuite2] C:\Program Files (x86)\Nokia\Nokia Ovi Suite\NokiaOviSuite.exe (Nokia) O4 - HKU\S-1-5-21-2570873103-3852924451-1295019736-1003..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2570873103-3852924451-1295019736-1003..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm File not found O8 - Extra context menu item: Senden an &Bluetooth - C:\Program Files (x86)\Sitecom\Bluetooth Software\btsendto_ie_ctx.htm File not found O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files (x86)\ICQ6.5\ICQ.exe (ICQ, LLC.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 10.9.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A2A44C1-F445-4E41-BE14-1BF65CF33C0C}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.3.2\ViProtocol.dll () O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\meister\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\meister\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.27 15:04:01 | 000,000,000 | ---D | C] -- C:\Users\meister\Desktop\Logfiles [2012.12.27 14:25:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\meister\Desktop\OTL.exe [2012.12.27 13:59:20 | 000,000,000 | ---D | C] -- C:\Users\meister\AppData\Roaming\Malwarebytes [2012.12.27 13:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.12.27 13:59:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.12.27 13:59:02 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.27 13:59:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.12.27 13:57:31 | 010,524,080 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\meister\Desktop\mbam-setup-1.65.0.1400.exe [2012.12.22 16:40:27 | 000,000,000 | ---D | C] -- C:\ProgramData\pcdfdata [2012.12.22 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\meister\AppData\Roaming\Ywok [2012.12.22 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\meister\AppData\Roaming\Suinu [2012.12.22 16:36:47 | 000,000,000 | ---D | C] -- C:\Users\meister\AppData\Roaming\Lyor [2012.12.20 20:50:15 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.20 20:50:15 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.20 20:50:14 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.20 20:50:13 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 19:04:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.16 19:04:08 | 000,821,736 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.16 19:04:08 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.16 19:03:56 | 000,095,208 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.16 18:58:46 | 000,895,464 | ---- | C] (Oracle Corporation) -- C:\Users\meister\Desktop\jxpiinstall.exe [2012.12.12 20:28:26 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 20:28:26 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 20:28:25 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 20:28:25 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 20:28:25 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 20:28:25 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 20:28:24 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 20:28:24 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 20:28:23 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 20:28:23 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 20:28:23 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 20:28:23 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 20:28:21 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 20:28:21 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 20:28:21 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 19:59:12 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2012.12.12 19:59:12 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2012.12.12 19:59:11 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2012.12.12 19:59:11 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2012.12.12 19:59:10 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2012.12.12 19:59:10 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2012.12.12 19:59:10 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2012.12.12 19:59:10 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2012.12.12 19:59:10 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2012.12.12 19:59:10 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2012.12.12 19:59:10 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2012.12.12 19:59:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2012.12.12 19:59:10 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2012.12.12 19:59:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2012.12.12 19:59:10 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2012.12.12 19:59:10 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2012.12.12 19:59:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 19:59:10 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2012.12.12 19:59:10 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2012.12.12 19:59:10 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2012.12.12 19:59:01 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 19:59:01 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2012.12.09 19:54:19 | 000,000,000 | ---D | C] -- C:\Users\meister\AppData\Local\AVG Secure Search [2012.12.09 19:54:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2012.12.09 19:54:12 | 000,030,568 | ---- | C] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.12.09 19:54:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\AVG Secure Search [2012.12.09 19:54:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2012.12.09 19:33:49 | 121,907,392 | ---- | C] (AVG Technologies) -- C:\Users\meister\Desktop\avg_free_x86_all_2013_2793a5877.exe [2012.12.08 17:03:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2 C:\Users\meister\Desktop\*.tmp files -> C:\Users\meister\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.27 14:52:02 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.12.27 14:31:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.27 14:25:46 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\meister\Desktop\OTL.exe [2012.12.27 14:03:13 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.27 13:58:24 | 010,524,080 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\meister\Desktop\mbam-setup-1.65.0.1400.exe [2012.12.27 13:25:08 | 000,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 13:25:08 | 000,009,504 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.27 13:22:41 | 001,472,002 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.27 13:22:41 | 000,643,628 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.12.27 13:22:41 | 000,606,992 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.12.27 13:22:41 | 000,126,188 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.12.27 13:22:41 | 000,103,370 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.12.27 13:18:10 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.12.27 13:17:59 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\LogConfigTemp.xml [2012.12.27 13:17:56 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat [2012.12.27 13:17:54 | 3220,627,456 | -HS- | M] () -- C:\hiberfil.sys [2012.12.22 16:55:24 | 000,046,075 | ---- | M] () -- C:\Users\meister\AppData\Local\ierugrkv [2012.12.22 16:48:20 | 000,000,000 | ---- | M] () -- C:\Users\meister\AppData\Roaming\SharedSettings.ccs [2012.12.20 21:07:23 | 000,339,784 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.12.16 19:03:49 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2012.12.16 19:03:49 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2012.12.16 19:03:49 | 000,095,208 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2012.12.16 19:03:48 | 000,821,736 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2012.12.16 19:03:48 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2012.12.16 19:03:48 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2012.12.16 18:58:49 | 000,895,464 | ---- | M] (Oracle Corporation) -- C:\Users\meister\Desktop\jxpiinstall.exe [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.12 17:32:38 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.12.12 17:32:38 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.12.11 20:39:42 | 002,580,948 | ---- | M] () -- C:\Users\meister\Desktop\2012-12-08 15.08.57.jpg [2012.12.11 20:20:21 | 005,616,427 | ---- | M] () -- C:\Users\meister\Desktop\2012-12-05 Kursübersicht JCU Anton Pflaum.pdf [2012.12.11 20:20:13 | 000,371,602 | ---- | M] () -- C:\Users\meister\Desktop\International Student Induction Pack English Version_revised2012.pdf [2012.12.09 19:54:04 | 000,030,568 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2012.12.09 19:45:09 | 121,907,392 | ---- | M] (AVG Technologies) -- C:\Users\meister\Desktop\avg_free_x86_all_2013_2793a5877.exe [2 C:\Users\meister\Desktop\*.tmp files -> C:\Users\meister\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.27 13:59:03 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.22 16:55:24 | 000,046,075 | ---- | C] () -- C:\Users\meister\AppData\Local\ierugrkv [2012.12.22 16:48:20 | 000,000,000 | ---- | C] () -- C:\Users\meister\AppData\Roaming\SharedSettings.ccs [2012.12.11 20:38:53 | 002,580,948 | ---- | C] () -- C:\Users\meister\Desktop\2012-12-08 15.08.57.jpg [2012.12.11 20:20:12 | 000,371,602 | ---- | C] () -- C:\Users\meister\Desktop\International Student Induction Pack English Version_revised2012.pdf [2012.12.11 20:19:37 | 005,616,427 | ---- | C] () -- C:\Users\meister\Desktop\2012-12-05 Kursübersicht JCU Anton Pflaum.pdf [2012.10.20 09:13:02 | 000,005,120 | ---- | C] () -- C:\Users\meister\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.09 15:08:31 | 000,001,133 | ---- | C] () -- C:\Users\meister\Bildbestellung.html [2011.09.14 18:01:06 | 000,233,461 | ---- | C] () -- C:\Windows\hpoins47.dat [2011.03.28 20:35:24 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2009.06.11 18:20:07 | 000,000,128 | ---- | C] () -- C:\Users\meister\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
Themen zu Deutsche Post Trojaner |
administrator, adobe, autorun, avg, avg secure search, avg security toolbar, bho, bingbar, cid, deutsche post, e-mail anlage, error, explorer, firefox, flash player, format, home, logfile, monitor, mozilla, nvidia, nvidia update, plug-in, popup, programme, realtek, registry, scan, secure search, senden, software, trojaner, vtoolbarupdater, ziparchiv |