Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner Generic laut AVG in Thunderbird...AppData...Inbox

Trojaner Generic laut AVG in Thunderbird...AppData...Inbox


Plagegeister aller Art und deren Bekämpfung: Trojaner Generic laut AVG in Thunderbird...AppData...Inbox

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 06.01.2013, 04:01   #1
Munatius
 
Trojaner Generic laut AVG in Thunderbird...AppData...Inbox - Standard

Trojaner Generic laut AVG in Thunderbird...AppData...Inbox


Hallo!

Vorneweg schonmal danke fürs Anschauen.

Ich hatte das gleiche Problem vor ca. 1/2 Jahr schon einmal. Damals hat mir auch jemand von Euch geholfen. Die Vermutung war, dass noch ein ungeöffneter Mailanhang in den Untiefen der Inbox steckte. Diesen hatte AVG letztlich nach erneutem Löschen aller gelöschten Mails und Junkmails + Komprimieren aller Ordner im Thunderbird nicht mehr gefunden. Ich hoffe es ist diesmal ähnlich harmlos. Vielleicht hat es auch was mit dem Backup-Ordner auf der Partition H zu tun? Aber warum erst nach 1/2 Jahr?

Ich hab natürlich keine Mailanhänge geöffnet, nichts wissentlich ausgeführt oder so... Junkmail landet automatisch im Junk-Ordner, den lösche ich immer wieder, derzeit ist er genauso wie der Papierkorb im Thunderbird leer. Komprimieren hab ich auch schon versucht, AVG bleibt bei dem einen infizierten Fund. --> AVG hat - wie ich erst heute gesehen habe, schon am Freitag 4 * Generic-Warnungen ausgegeben, eine davon "unbehandelt":

Code:
ATTFilter
Geplanter Scan
Hohe Priorität;"4";"3";"1"
Ausgewählte Ordner:;"Gesamten Computer scannen"
Gestartet/beendet:;"05.01.2013, 14:38:43 / 05.01.2013, 14:55:47"
Gescannter Objekte:;"2122573"
Benutzer:;"SYSTEM"

Status;"Priorität";"Name";"Beschreibung";"Ergebnis"
Infiziert;"Hoch";"Trojaner: Downloader.Generic13.XPO";"C:\Users\Clemens\AppData\Roaming\Thunderbird\Profiles\xswnxjzr.default\Mail\pop.chello.at\Inbox";"Infiziert"
Geheilt;"Hoch";"Trojaner: Downloader.Generic13.XPO";"H:\_BACKUP\Thunderbird\Profiles\xswnxjzr.default\Mail\pop.chello.at\Inbox";"In Virenquarantäne verschoben"
Geheilt;"Hoch";"Trojaner: Downloader.Generic13.XPO";"C:\Users\Clemens\AppData\Roaming\Thunderbird\Profiles\xswnxjzr.default\Mail\pop.chello.at\Junk";"In Virenquarantäne verschoben"
Geheilt;"Hoch";"Trojaner: Downloader.Generic13.XPO";"H:\_BACKUP\Thunderbird\Profiles\xswnxjzr.default\Mail\pop.chello.at\Junk";"In Virenquarantäne verschoben"
Defogger ausgeführt.

OTL ausgeführt, aber nur ein OTL.txt bekommen, kein Extra.txt

Code:
ATTFilter
OTL logfile created on: 06.01.2013 02:49:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Downloads\Sicherheit
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 1,63 Gb Available Physical Memory | 46,75% Memory free
6,99 Gb Paging File | 5,34 Gb Available in Paging File | 76,37% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 59,53 Gb Total Space | 14,18 Gb Free Space | 23,82% Space Free | Partition Type: NTFS
Drive E: | 439,45 Gb Total Space | 414,68 Gb Free Space | 94,36% Space Free | Partition Type: NTFS
Drive F: | 390,62 Gb Total Space | 388,58 Gb Free Space | 99,48% Space Free | Partition Type: NTFS
Drive H: | 101,43 Gb Total Space | 99,07 Gb Free Space | 97,67% Space Free | Partition Type: NTFS
 
Computer Name: PC-CLEMENS | User Name: Clemens | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - F:\Downloads\Sicherheit\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll ()
MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe ()
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (PDF Architect Helper Service) -- C:\Program Files (x86)\PDF Architect\HelperService.exe (pdfforge GbR)
SRV - (PDF Architect Service) -- C:\Program Files (x86)\PDF Architect\ConversionService.exe (pdfforge GbR)
SRV - (vToolbarUpdater13.2.0) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (AVG Security Toolbar Service) -- C:\Program Files (x86)\AVG\AVG10\Toolbar\ToolbarBroker.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf.sys (Secunia)
DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amd_sata) -- C:\Windows\SysNative\drivers\amd_sata.sys (Advanced Micro Devices)
DRV:64bit: - (amd_xata) -- C:\Windows\SysNative\drivers\amd_xata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxhc) -- C:\Windows\SysNative\drivers\amdxhc.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdhub30) -- C:\Windows\SysNative\drivers\amdhub30.sys (Advanced Micro Devices, INC.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys ()
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://orf.at/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C8 89 3B 85 FB D9 CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = hxxp://isearch.avg.com/search?cid={43E45C39-D2B5-4F1D-8662-02F2068F1698}&mid=018e64bee5d547d1837181ac0fb01d5a-9a2ad72286dfaa3dab1daa255e69ae261c88c103&lang=de&ds=AVG&pr=fr&d=2012-06-05 13:30:32&v=11.1.0.7&sap=dsp&q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://orf.at/"
FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.5
FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20120926
FF - prefs.js..extensions.enabledAddons: %7Bd40f5e7b-d2cf-4856-b441-cc613eeffbe3%7D:1.68
FF - prefs.js..extensions.enabledAddons: FFPDFArchitectConverter%40pdfarchitect.com:1.0
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.2.1.9
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:4.12.22.2
FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.4.2
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll ()
FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00:  File not found
FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012.11.08 19:23:16 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files (x86)\PDF Architect\FFPDFArchitectExt [2012.12.09 19:31:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files (x86)\Common Files\DVDVideoSoft\plugins\ff\ [2013.01.01 17:15:18 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 08:16:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 12:30:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.11.01 11:16:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.01 08:16:15 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 12:30:37 | 000,000,000 | ---D | M]
 
[2011.07.21 19:42:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Extensions
[2013.01.01 17:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\5rsi9vol.default\extensions
[2011.07.21 22:05:59 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\5rsi9vol.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2012.12.27 18:52:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\nanf36pj.default\extensions
[2012.12.25 21:14:39 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\nanf36pj.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2012.10.02 20:57:23 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Clemens\AppData\Roaming\mozilla\Firefox\Profiles\nanf36pj.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2011.07.21 19:48:41 | 000,094,386 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\5rsi9vol.default\extensions\adblockpopups@jessehakanen.net.xpi
[2011.07.21 19:48:41 | 000,076,225 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\5rsi9vol.default\extensions\elemhidehelper@adblockplus.org.xpi
[2011.07.21 19:48:41 | 000,507,529 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\5rsi9vol.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2011.07.21 19:48:41 | 000,608,840 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\5rsi9vol.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2011.07.21 19:48:41 | 000,116,666 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\5rsi9vol.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2012.11.15 00:14:15 | 000,124,993 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\adblockpopups@jessehakanen.net.xpi
[2012.07.05 15:31:14 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\elemhidehelper@adblockplus.org.xpi
[2012.12.27 18:52:40 | 000,533,036 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi
[2012.12.11 21:07:46 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi
[2012.11.24 15:50:19 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.01.21 22:06:50 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi
[2011.07.21 21:53:06 | 000,002,492 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\searchplugins\ixquick-https.xml
[2012.04.11 20:47:08 | 000,001,283 | ---- | M] () -- C:\Users\Clemens\AppData\Roaming\mozilla\firefox\profiles\nanf36pj.default\searchplugins\wiktionary-de.xml
[2012.12.01 08:16:12 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
[2012.12.09 19:31:15 | 000,000,000 | ---D | M] (PDF Architect Converter For Firefox) -- C:\PROGRAM FILES (X86)\PDF ARCHITECT\FFPDFARCHITECTEXT
[2012.12.01 08:16:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2008.09.16 15:26:22 | 000,167,936 | ---- | M] (Esker) -- C:\Program Files (x86)\mozilla firefox\plugins\np72esk32.dll
[2012.04.18 10:21:04 | 000,170,592 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files (x86)\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2012.06.20 17:14:20 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.12.21 06:08:50 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.08 19:23:14 | 000,003,572 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012.08.30 09:39:53 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.12.21 06:08:50 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.12.21 06:08:50 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.12.21 06:08:50 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.12.21 06:08:50 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files (x86)\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files (x86)\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found.
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files (x86)\Winamp\winampa.exe (Nullsoft, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} hxxp://drmlicense.one.microsoft.com/crlupdate/en/crlocx.ocx (CRLDownloadWrapper Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{24F7030A-601A-4B3D-97C5-F15E6C3B37C7}: DhcpNameServer = 192.168.0.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll ()
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.03 23:37:14 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\vlc
[2013.01.01 17:15:25 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.01 17:15:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft
[2013.01.01 17:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft
[2013.01.01 17:15:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft
[2012.12.22 18:45:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2012.12.14 16:32:52 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\PDF Architect
[2012.12.09 19:31:19 | 000,000,000 | ---D | C] -- C:\Users\Clemens\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.09 19:31:18 | 000,000,000 | ---D | C] -- H:\Eigene Dokumente\PDF Architect Files
[2012.12.09 19:31:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Architect
[2012.12.09 19:31:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Architect
[2012.12.09 19:31:05 | 000,103,936 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll
[2012.12.09 19:31:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator
[2012.12.09 17:20:10 | 000,000,000 | -H-D | C] -- C:\ProgramData\CanonIJEGV
[2012.12.09 17:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.06 02:48:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.06 02:48:03 | 000,000,000 | ---- | M] () -- C:\Users\Clemens\defogger_reenable
[2013.01.05 21:27:47 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.01.05 21:27:47 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.01.05 21:27:47 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.01.05 21:27:47 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.01.05 21:27:47 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.01.05 20:36:52 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 20:36:52 | 000,022,096 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.05 20:29:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.05 20:29:44 | 2816,487,424 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.21 08:28:24 | 000,346,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.01.06 02:48:03 | 000,000,000 | ---- | C] () -- C:\Users\Clemens\defogger_reenable
[2011.11.17 22:15:48 | 000,214,016 | ---- | C] () -- C:\Users\Clemens\AppData\Roaming\SharedSettings.ccs
[2011.08.11 21:53:59 | 000,111,932 | ---- | C] () -- C:\Windows\SysWow64\EPPICPrinterDB.dat
[2011.08.11 21:53:59 | 000,031,053 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern131.dat
[2011.08.11 21:53:59 | 000,027,417 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern121.dat
[2011.08.11 21:53:59 | 000,026,154 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern1.dat
[2011.08.11 21:53:59 | 000,024,903 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern3.dat
[2011.08.11 21:53:59 | 000,021,390 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern5.dat
[2011.08.11 21:53:59 | 000,020,148 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern2.dat
[2011.08.11 21:53:59 | 000,011,811 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern4.dat
[2011.08.11 21:53:59 | 000,004,943 | ---- | C] () -- C:\Windows\SysWow64\EPPICPattern6.dat
[2011.08.11 21:53:59 | 000,001,146 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_DU.dat
[2011.08.11 21:53:59 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_PT.dat
[2011.08.11 21:53:59 | 000,001,139 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_BP.dat
[2011.08.11 21:53:59 | 000,001,136 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_ES.dat
[2011.08.11 21:53:59 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_FR.dat
[2011.08.11 21:53:59 | 000,001,129 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_CF.dat
[2011.08.11 21:53:59 | 000,001,120 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_IT.dat
[2011.08.11 21:53:59 | 000,001,107 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_GE.dat
[2011.08.11 21:53:59 | 000,001,104 | ---- | C] () -- C:\Windows\SysWow64\EPPICPresetData_EN.dat
[2011.08.11 21:53:59 | 000,000,097 | ---- | C] () -- C:\Windows\SysWow64\PICSDK.ini
[2011.07.22 15:03:15 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.07.21 21:07:34 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.07.21 19:16:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.07.21 19:14:23 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.07.21 19:09:53 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2011.05.12 17:03:12 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.12.09 19:31:19 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\APP_NAME_NON_STRING
[2012.11.04 02:45:06 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\AVG2013
[2012.05.07 21:04:05 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Canon
[2011.11.17 23:16:43 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\CoffeeCup Software
[2013.01.01 17:15:14 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DVDVideoSoft
[2013.01.01 17:17:08 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.09.07 15:26:31 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Edraw Max
[2011.07.22 16:14:55 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Opera
[2012.12.14 16:32:58 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\PDF Architect
[2012.12.09 19:31:11 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\pdfforge
[2012.09.19 13:49:00 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Sony
[2011.07.30 15:21:49 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TeamViewer
[2011.07.22 15:17:58 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Thunderbird
[2012.10.27 21:07:21 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TIPP10
[2011.12.03 22:25:14 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\Tropico 4 Demo
[2012.03.27 22:27:13 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TS3Client
[2011.07.23 10:54:41 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\ts3overlay
[2012.11.04 02:44:04 | 000,000,000 | ---D | M] -- C:\Users\Clemens\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
GMER ausgeführt

Code:
ATTFilter
GMER 2.0.18327 - hxxp://www.gmer.net
Rootkit scan 2013-01-06 03:40:10
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005f KINGSTON rev.CJRA 59,63GB
Running: u4b20g3r.exe; Driver: C:\Users\Clemens\AppData\Local\Temp\pwryqfog.sys


---- User code sections - GMER 2.0 ----

.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17      0000000075601401 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17        0000000075601419 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17      0000000075601431 2 bytes [60, 75]
.text    ...                                                                                                                   * 9
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17         00000000756014dd 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17  00000000756014f5 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17         000000007560150d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17  0000000075601525 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17        000000007560153d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17             0000000075601555 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17      000000007560156d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17        0000000075601585 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17           000000007560159d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17        00000000756015b5 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17      00000000756015cd 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe[1856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20  00000000756016b2 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17             0000000075601401 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17               0000000075601419 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17             0000000075601431 2 bytes [60, 75]
.text    ...                                                                                                                   * 9
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                00000000756014dd 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17         00000000756014f5 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                000000007560150d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17         0000000075601525 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17               000000007560153d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                    0000000075601555 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17             000000007560156d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17               0000000075601585 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                  000000007560159d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17               00000000756015b5 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17             00000000756015cd 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1472] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20         00000000756016b2 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17         0000000075601401 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17           0000000075601419 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17         0000000075601431 2 bytes [60, 75]
.text    ...                                                                                                                   * 9
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17            00000000756014dd 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17     00000000756014f5 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17            000000007560150d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17     0000000075601525 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17           000000007560153d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                0000000075601555 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17         000000007560156d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17           0000000075601585 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17              000000007560159d 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17           00000000756015b5 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17         00000000756015cd 2 bytes [60, 75]
.text    C:\Program Files (x86)\Secunia\PSI\psi_tray.exe[5432] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20     00000000756016b2 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExW + 17      0000000075601401 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!EnumProcessModules + 17        0000000075601419 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetModuleInformation + 17      0000000075601431 2 bytes [60, 75]
.text    ...                                                                                                                   * 9
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!EnumDeviceDrivers + 17         00000000756014dd 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameA + 17  00000000756014f5 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!QueryWorkingSetEx + 17         000000007560150d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetDeviceDriverBaseNameW + 17  0000000075601525 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameW + 17        000000007560153d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!EnumProcesses + 17             0000000075601555 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetProcessMemoryInfo + 17      000000007560156d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetPerformanceInfo + 17        0000000075601585 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!QueryWorkingSet + 17           000000007560159d 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetModuleBaseNameA + 17        00000000756015b5 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetModuleFileNameExA + 17      00000000756015cd 2 bytes [60, 75]
.text    C:\Program Files (x86)\AVG Secure Search\vprot.exe[1920] C:\Windows\syswow64\Psapi.dll!GetProcessImageFileNameW + 20  00000000756016b2 2 bytes [60, 75]

---- Threads - GMER 2.0 ----

Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:5504]                                       000007fef5a9cc10
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:6020]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:1564]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:3524]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:3116]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:3980]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:5720]                                       000007fef5a6f718
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:2080]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:5236]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:4888]                                       000007fef595143c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:5816]                                       000007fef5f96050
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:1492]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388:3288]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:3932]                                       000007fef5a9cc10
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:976]                                        000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4460]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:2220]                                       000007fef5a6f718
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:5196]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:3172]                                       000007fef5f96050
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4648]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:5484]                                       000007fefb682a7c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:1988]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:1364]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:3616]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:5508]                                       000007fef595143c
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4744]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:5440]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:392]                                        000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:5628]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4344]                                       000000006f596c88
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4456]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:1880]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:6000]                                       000007fef595b564
Thread   C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848:4212]                                       000007fef595b564
---- Processes - GMER 2.0 ----

Library  ? (*** suspicious ***) @ C:\PROGRA~2\AVG\AVG2013\avgrsa.exe [408]                                                     000007feffb10000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [4388]                   000007fefe630000
Library  ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3848]                   000007fefe630000

---- EOF - GMER 2.0 ----
Bitte um Hilfe zum endgültigen Loswerden - Danke!
Geändert von Munatius (06.01.2013 um 04:06 Uhr)

 

Themen zu Trojaner Generic laut AVG in Thunderbird...AppData...Inbox
application/pdf:, autorun, avg, avg secure search, avg security toolbar, bho, ccc.exe, computer, converter, explorer, firefox, flash player, format, generic, logfile, loswerden, löschen, mailanhang, mom.exe, pdf, plug-in, problem, programme, realtek, registry, secunia psi, secure search, security, senden, system, temp, tracker, trojaner, virenquarantäne, vtoolbarupdater, warum, windows


« BKA Trojaner Frage | Ihr Computer ist gesperrt! »


Ähnliche Themen: Trojaner Generic laut AVG in Thunderbird...AppData...Inbox


  1. inbox ad bei web.de postfach
    Überwachung, Datenschutz und Spam - 14.07.2014 (6)
  2. Backdoor Trojan Generic und laut malwarebyte noch einiges anderes
    Plagegeister aller Art und deren Bekämpfung - 27.11.2012 (18)
  3. HEUR:Backdoor.Win64.Generic AppData\Local\{5606b0a3-eb60-c334-4ba4-a9ef61df0433}\U\8000000.@
    Log-Analyse und Auswertung - 23.07.2012 (1)
  4. Trojan.Generic.5423606 in C:\Users\Name\AppData\Roaming\WinDefender.exe (Forenregeln beachtet)
    Plagegeister aller Art und deren Bekämpfung - 27.02.2012 (7)
  5. HEUR:Backdoor.Win64.Generic appdata\local\71E21EAB\U\800000cb.@
    Log-Analyse und Auswertung - 26.02.2012 (3)
  6. simdemo.exe mit Trojaner Generic 22.BSSM & Generic 26.KCB
    Log-Analyse und Auswertung - 28.12.2011 (7)
  7. Lüfter sehr laut, Laut Highjackthis-Analyse Schadsoftware auf Laptop
    Log-Analyse und Auswertung - 05.12.2011 (10)
  8. HiJackLogFile, Generic 3 und Back Door, Generic 6 laut AVG gefunden
    Log-Analyse und Auswertung - 21.06.2007 (4)
  9. HiJackThis Log-File - Generic 4 Trojaner laut AVG
    Log-Analyse und Auswertung - 21.06.2007 (2)
  10. Thunderbird-Identitäten in Thunderbird importieren?!
    Alles rund um Windows - 20.11.2006 (2)
  11. Thunderbird: Inbox restaurieren
    Alles rund um Windows - 07.11.2006 (10)
  12. Virus in der Inbox Datei bei Thunderbird
    Log-Analyse und Auswertung - 19.12.2005 (1)
  13. Virenscanner auf Inbox
    Log-Analyse und Auswertung - 17.02.2005 (26)
  14. AntiVir löscht Inbox von Thunderbird
    Antiviren-, Firewall- und andere Schutzprogramme - 16.01.2005 (9)
  15. Trojaner in Inbox von Thunderbird
    Plagegeister aller Art und deren Bekämpfung - 26.11.2004 (2)
  16. Mails aus Inbox von Thunderbird retten
    Antiviren-, Firewall- und andere Schutzprogramme - 21.11.2004 (7)
  17. Vierenfund in Inbox von Thunderbird (?)
    Antiviren-, Firewall- und andere Schutzprogramme - 22.08.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Generic laut AVG in Thunderbird...AppData...Inbox - Hallo! Vorneweg schonmal danke fürs Anschauen. Ich hatte das gleiche Problem vor ca. 1/2 Jahr schon einmal. Damals hat mir auch jemand von Euch geholfen. Die Vermutung war, dass noch - Trojaner Generic laut AVG in Thunderbird...AppData...Inbox...
Archiv
Du betrachtest: Trojaner Generic laut AVG in Thunderbird...AppData...Inbox auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55