|
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt.Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
09.01.2013, 22:32 | #1 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hallo zusammen, ich benötige Hilfe, da ich mir gestern ein GVU Trojaner eingefangen habe. Nachdem ich eine Systemwiederherstellung durchgeführt habe, sieht alles wie gewohnt aus. Aber: Ich traue den Frieden nicht und wollte Kasperskys RescueDisk nutzen. Bei der Aufforderung: Eine beliebige Taste drücken... erkennt der Rechner keinen Tastendruck. Also musste ich was anderes suchen. Danach bin ich auf diese Seite gestoßen. (super, dass es Euch gibt!) Defogger habe ich durchgeführt. Danach OTL. Code:
ATTFilter OTL logfile created on: 09.01.2013 21:19:10 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Daniel\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,31 Gb Available Physical Memory | 66,46% Memory free 15,97 Gb Paging File | 13,26 Gb Available in Paging File | 83,08% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 1397,26 Gb Total Space | 1183,12 Gb Free Space | 84,67% Space Free | Partition Type: NTFS Drive D: | 200,55 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive G: | 3,49 Gb Total Space | 3,27 Gb Free Space | 93,68% Space Free | Partition Type: FAT32 Computer Name: DANIEL-PC | User Name: Daniel | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.01.09 21:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe PRC - [2013.01.09 19:51:28 | 000,699,400 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_5_502_146_ActiveX.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.11.30 12:18:45 | 003,492,504 | ---- | M] (Electronic Arts) -- C:\Program Files (x86)\Origin\Origin.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.09.30 09:33:09 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.08.08 20:45:23 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe PRC - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.03.23 14:09:38 | 014,749,544 | ---- | M] (GARMIN Corp.) -- C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe PRC - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe PRC - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2011.05.20 09:10:12 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe PRC - [2008.06.27 02:30:04 | 001,221,952 | ---- | M] (WIBU-SYSTEMS AG) -- C:\Program Files (x86)\SDZ\Dosimis-3\Deutsch\CodeMeter.exe PRC - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2013.01.09 20:33:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll MOD - [2013.01.09 20:33:15 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\865d2bf19a7af7fab8660a42d92550fe\System.Windows.Forms.ni.dll MOD - [2013.01.09 20:33:11 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll MOD - [2013.01.09 20:33:04 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\cf827fe7bc99d9bcf0ba3621054ef527\WindowsBase.ni.dll MOD - [2013.01.09 20:33:01 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll MOD - [2013.01.09 20:32:59 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\195a77fcc6206f8bb35d419ff2cf0d72\System.Configuration.ni.dll MOD - [2013.01.09 20:32:58 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll MOD - [2013.01.09 20:32:55 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll MOD - [2012.11.30 12:18:46 | 000,062,976 | ---- | M] () -- C:\Program Files (x86)\Origin\tufao.dll MOD - [2011.04.12 08:43:06 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2011.03.17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2007.09.02 12:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 12:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Services (SafeList) ========== SRV - [2013.01.09 20:51:29 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.10.14 19:09:03 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.09.30 09:33:09 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.05.21 14:42:44 | 000,050,176 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe -- (SystemStore) SRV - [2012.05.02 00:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.01 23:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.01.18 07:44:52 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv) SRV - [2011.12.14 12:59:20 | 002,984,832 | ---- | M] (TeamViewer GmbH) [Auto | Running] -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.20 09:10:26 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.06.25 18:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.06.27 02:30:04 | 001,221,952 | ---- | M] (WIBU-SYSTEMS AG) [Auto | Running] -- C:\Program Files (x86)\SDZ\Dosimis-3\Deutsch\CodeMeter.exe -- (CodeMeter.exe) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.05.02 14:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.04.27 09:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.04.24 23:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.04.18 14:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.18 07:44:36 | 004,865,568 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvuvc64.sys -- (LVUVC64) DRV:64bit: - [2012.01.18 07:44:28 | 000,351,136 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lvrs64.sys -- (LVRS64) DRV:64bit: - [2012.01.17 13:45:56 | 000,188,224 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.10 13:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.05.20 08:53:44 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.05.13 14:37:54 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.30 03:11:06 | 000,056,344 | R--- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.01 12:01:52 | 000,062,080 | ---- | M] (Etron Technology Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI) DRV:64bit: - [2010.11.01 12:01:50 | 000,038,144 | ---- | M] (Etron Technology Inc) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3) DRV:64bit: - [2010.08.10 07:43:14 | 000,050,056 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiBus.sys -- (SaiNtBus) DRV:64bit: - [2010.08.10 07:43:14 | 000,022,792 | ---- | M] (Saitek) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SaiMini.sys -- (SaiMini) DRV:64bit: - [2010.06.25 18:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF) DRV:64bit: - [2009.12.17 17:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio) DRV:64bit: - [2009.08.19 21:12:24 | 000,222,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:35:03 | 000,192,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\eFE5b32e.sys -- (E100B) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2007.05.01 15:09:26 | 000,171,144 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH053C.sys -- (SaiH053C) DRV - [2009.08.19 21:12:24 | 000,222,720 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 20 3F 0C 33 3D 81 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=111304&babsrc=SP_ss&mntrId=5a5228560000000000001c6f65d9a5e6 IE - HKCU\..\SearchScopes\{3F0E47F7-D99B-46E3-A1AD-A820E8C18E3B}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ATU3&o=15380&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=UJ&apn_dtid=YYYYYYYYDE&apn_uid=89bd8f77-813d-4692-8fb2-08b752af8cb7&apn_sauid=D2086EE1-7EEB-4B0D-B9B8-C80896380148 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: text2voice@vik.josh:1.10 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.140.0: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.2: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll (ESN Social Software AB) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 19:09:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 19:09:04 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.04.14 15:29:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Extensions [2012.12.15 18:27:46 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\Firefox\Profiles\t0nqbmls.default\extensions [2012.10.08 17:10:34 | 000,061,608 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\t0nqbmls.default\extensions\text2voice@vik.josh.xpi [2012.12.15 18:27:46 | 000,036,139 | ---- | M] () (No name found) -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\t0nqbmls.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.08.14 13:41:56 | 000,002,324 | ---- | M] () -- C:\Users\Daniel\AppData\Roaming\mozilla\firefox\profiles\t0nqbmls.default\searchplugins\askcom.xml [2012.04.14 15:29:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.14 19:09:03 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.13 06:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.13 06:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.13 06:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.13 06:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.13 06:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.13 06:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (WebSpeechBHO Class) - {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\PROGRA~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll (G DATA Software AG) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [ProfilerU] C:\Programme\Saitek\SD6\Software\ProfilerU.exe (Saitek) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [SaiMfd] C:\Programme\Saitek\SD6\Software\SaiMfd.exe (Saitek) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKCU..\Run: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe (GARMIN Corp.) O4 - HKCU..\Run: [EADM] C:\Program Files (x86)\Origin\Origin.exe (Electronic Arts) O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: WebSpeech - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\PROGRA~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll (G DATA Software AG) O9 - Extra 'Tools' menuitem : Seite/Markierung vorlesen (WebSpeech) - {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - C:\PROGRA~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll (G DATA Software AG) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: gdata.de ([www] https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: logox.de ([]https in Vertrauenswürdige Sites) O15 - HKCU\..Trusted Domains: penissizedebate.com ([www] https in Vertrauenswürdige Sites) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DF1693CA-5913-4622-AFB1-F99973458F5E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~2\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 21:10:49 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013.01.09 20:55:16 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Malwarebytes [2013.01.09 20:55:14 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.09 20:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.09 20:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 20:55:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.09 20:55:06 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Local\Programs [2013.01.09 20:39:25 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.01.09 19:48:01 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Kaspersky Rescue2Usb [2013.01.09 19:44:07 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.01.09 19:44:07 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013.01.09 19:43:56 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013.01.09 19:43:55 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll [2013.01.09 19:43:53 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll [2013.01.09 19:43:53 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll [2013.01.09 19:43:53 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll [2013.01.09 19:43:53 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll [2013.01.09 19:43:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs [2013.01.09 19:43:53 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs [2013.01.09 19:43:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs [2013.01.09 19:43:53 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs [2013.01.09 19:43:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs [2013.01.09 19:43:53 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs [2013.01.09 19:43:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs [2013.01.09 19:43:53 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs [2013.01.09 19:43:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs [2013.01.09 19:43:53 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs [2013.01.09 19:43:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs [2013.01.09 19:43:53 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs [2013.01.09 19:43:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs [2013.01.09 19:43:53 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs [2013.01.09 19:43:53 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs [2013.01.09 19:43:53 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs [2013.01.09 19:43:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs [2013.01.09 19:43:53 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs [2013.01.09 19:43:53 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs [2013.01.09 19:43:53 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs [2013.01.09 19:43:53 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs [2013.01.09 19:43:53 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs [2013.01.09 19:43:53 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs [2013.01.09 19:43:40 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.01.09 19:43:40 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.01.09 19:43:39 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.01.09 19:43:39 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.01.09 19:43:39 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.01.09 19:43:39 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.01.09 19:43:39 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.01.09 19:43:39 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.01.09 19:43:39 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.01.09 19:43:39 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.01.09 19:43:39 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.01.09 19:43:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.01.09 19:43:39 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.01.09 19:43:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.01.09 19:43:39 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.01.09 19:43:39 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.01.09 19:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 19:43:39 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.01.09 19:43:39 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.01.09 19:43:37 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.01.09 19:43:37 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.01.08 21:54:27 | 000,175,880 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Daniel\wgsdgsdgdsgsd.exe [2013.01.08 20:29:48 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\EPSON [2013.01.08 20:22:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\epson [2013.01.08 19:29:38 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\BEWERBUNGSSCHREIBEN [2013.01.06 19:14:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Applications [2013.01.06 19:03:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A.I. Traffic Editor [2013.01.06 19:03:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\A.I. Traffic Editor [2013.01.06 18:21:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iFly [2013.01.06 16:54:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Airport AI Enhancer X [2012.12.31 00:39:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\aTube Catcher [2012.12.21 17:54:55 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft [2012.12.21 11:17:51 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.21 11:17:51 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.21 11:17:50 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.21 11:17:50 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.19 11:18:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FsMovMapServer [2012.12.19 11:18:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FsMovMapServer [2012.12.18 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint [2012.12.18 11:33:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.12.18 11:33:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Synchronization Services [2012.12.18 11:32:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Sync Framework [2012.12.18 11:30:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.12.18 11:30:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Analysis Services [2012.12.18 11:29:48 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.12.18 11:12:09 | 1096,292,976 | ---- | C] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\X17-75245.exe [2012.12.16 12:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON [2012.12.16 12:17:22 | 000,108,032 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_ILMBKE.DLL [2012.12.16 12:17:22 | 000,081,408 | ---- | C] (SEIKO EPSON CORPORATION) -- C:\Windows\SysNative\E_IBCBBKE.DLL [2012.12.16 12:17:22 | 000,008,704 | ---- | C] (SEIKO EPSON CORP.) -- C:\Windows\SysNative\E_GCINST.DLL [2012.12.16 12:17:12 | 000,000,000 | ---D | C] -- C:\ProgramData\EPSON [2012.12.13 14:25:54 | 000,000,000 | ---D | C] -- C:\Users\Daniel\Desktop\Neuer Ordner [2012.12.12 21:16:15 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.12.12 21:16:15 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.12.12 21:16:14 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.12.12 21:16:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.12.12 21:16:14 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.12.12 21:16:14 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.12.12 21:16:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.12.12 21:16:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.12.12 21:16:12 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.12.12 21:16:12 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.12.12 21:16:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.12.12 21:16:11 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2012.12.12 21:16:10 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.12.12 21:16:10 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2012.12.12 21:16:09 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.12.12 20:59:13 | 000,000,000 | ---D | C] -- C:\Users\Daniel\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\VATroute [2012.12.12 20:59:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VATroute [2012.12.12 20:59:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VATroute [2012.12.12 20:59:04 | 000,000,000 | ---D | C] -- C:\Windows\uninstall [2012.12.12 16:42:51 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2012.12.12 16:42:51 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll ========== Files - Modified Within 30 Days ========== [2013.01.09 21:18:03 | 000,000,000 | ---- | M] () -- C:\Users\Daniel\defogger_reenable [2013.01.09 21:17:27 | 000,050,477 | ---- | M] () -- C:\Users\Daniel\Desktop\Defogger.exe [2013.01.09 21:10:49 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Daniel\Desktop\OTL.exe [2013.01.09 20:55:14 | 000,001,119 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 20:53:15 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 20:53:15 | 000,028,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 20:51:30 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 20:51:29 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.01.09 20:51:29 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.01.09 20:45:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 20:45:39 | 2134,298,623 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 20:43:25 | 000,441,680 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 20:03:22 | 001,591,070 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.09 20:03:22 | 000,697,090 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 20:03:22 | 000,652,408 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 20:03:22 | 000,148,128 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 20:03:22 | 000,121,082 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 20:03:17 | 001,591,070 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 19:44:40 | 000,387,584 | ---- | M] () -- C:\Users\Daniel\Desktop\rescue2usb.exe [2013.01.09 19:41:28 | 210,292,736 | ---- | M] () -- C:\Users\Daniel\Desktop\KWU_1.0.3.upd.iso [2013.01.09 19:22:59 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.08 21:54:27 | 000,175,880 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Daniel\wgsdgsdgdsgsd.exe [2013.01.08 18:50:36 | 000,181,815 | ---- | M] () -- C:\Users\Daniel\Desktop\KuendigungEasyBank.pdf [2013.01.06 19:19:02 | 399,587,331 | ---- | M] () -- C:\Users\Daniel\Desktop\flight_simulator_x_sp1and2_german.zip [2013.01.06 16:54:55 | 000,001,043 | ---- | M] () -- C:\Users\Public\Desktop\Airport AI Enhancer X.lnk [2013.01.04 16:17:13 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr [2013.01.04 16:17:13 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe [2013.01.04 16:17:04 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0 [2012.12.31 01:14:33 | 006,611,435 | ---- | M] () -- C:\Users\Daniel\Desktop\The Game Ft 50Cent Hate It Or Love It [HQ].mp3 [2012.12.31 00:39:17 | 000,001,196 | ---- | M] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2012.12.19 16:39:27 | 000,004,642 | ---- | M] () -- C:\Users\Daniel\.recently-used.xbel [2012.12.19 11:18:32 | 000,001,091 | ---- | M] () -- C:\Users\Public\Desktop\FsMovMapServer.lnk [2012.12.18 11:28:41 | 1096,292,976 | ---- | M] (Microsoft Corporation) -- C:\Users\Daniel\Desktop\X17-75245.exe [2012.12.16 18:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2012.12.16 15:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2012.12.16 15:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2012.12.16 15:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2012.12.16 14:14:16 | 000,878,589 | ---- | M] () -- C:\Users\Daniel\Desktop\Bestell_MS_Office.pdf [2012.12.16 12:04:20 | 000,000,000 | ---- | M] () -- C:\Windows\SysNative\drivers\lvuvc.hs [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.13 11:40:33 | 000,014,448 | ---- | M] () -- C:\Users\Daniel\Desktop\Logbook.BIN [2012.12.12 20:59:13 | 000,001,927 | ---- | M] () -- C:\Users\Daniel\Desktop\VATroute.lnk [2012.12.12 20:58:59 | 001,005,213 | ---- | M] () -- C:\Users\Daniel\Desktop\VATroute.zip ========== Files Created - No Company Name ========== [2013.01.09 21:18:03 | 000,000,000 | ---- | C] () -- C:\Users\Daniel\defogger_reenable [2013.01.09 21:17:27 | 000,050,477 | ---- | C] () -- C:\Users\Daniel\Desktop\Defogger.exe [2013.01.09 20:55:14 | 000,001,119 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.09 19:44:39 | 000,387,584 | ---- | C] () -- C:\Users\Daniel\Desktop\rescue2usb.exe [2013.01.09 19:36:27 | 210,292,736 | ---- | C] () -- C:\Users\Daniel\Desktop\KWU_1.0.3.upd.iso [2013.01.08 21:54:27 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.06 19:04:15 | 399,587,331 | ---- | C] () -- C:\Users\Daniel\Desktop\flight_simulator_x_sp1and2_german.zip [2013.01.06 19:02:54 | 000,009,106 | ---- | C] () -- C:\Users\Daniel\Desktop\AITrafficSetup.gif [2013.01.06 18:19:26 | 000,524,288 | ---- | C] () -- C:\Users\Daniel\Desktop\setup.exe [2013.01.06 18:00:54 | 000,181,815 | ---- | C] () -- C:\Users\Daniel\Desktop\KuendigungEasyBank.pdf [2013.01.06 16:54:55 | 000,001,043 | ---- | C] () -- C:\Users\Public\Desktop\Airport AI Enhancer X.lnk [2012.12.31 01:14:28 | 006,611,435 | ---- | C] () -- C:\Users\Daniel\Desktop\The Game Ft 50Cent Hate It Or Love It [HQ].mp3 [2012.12.31 00:38:01 | 000,001,196 | ---- | C] () -- C:\Users\Public\Desktop\aTube Catcher.lnk [2012.12.19 16:39:27 | 000,004,642 | ---- | C] () -- C:\Users\Daniel\.recently-used.xbel [2012.12.19 16:33:26 | 002,774,693 | ---- | C] () -- C:\Users\Daniel\Desktop\IMG_0875.JPG [2012.12.19 11:18:32 | 000,001,091 | ---- | C] () -- C:\Users\Public\Desktop\FsMovMapServer.lnk [2012.12.16 14:14:16 | 000,878,589 | ---- | C] () -- C:\Users\Daniel\Desktop\Bestell_MS_Office.pdf [2012.12.13 14:25:57 | 000,014,448 | ---- | C] () -- C:\Users\Daniel\Desktop\Logbook.BIN [2012.12.12 20:59:13 | 000,001,927 | ---- | C] () -- C:\Users\Daniel\Desktop\VATroute.lnk [2012.12.12 20:58:56 | 001,005,213 | ---- | C] () -- C:\Users\Daniel\Desktop\VATroute.zip [2012.07.14 12:55:26 | 000,007,597 | ---- | C] () -- C:\Users\Daniel\AppData\Local\Resmon.ResmonCfg [2012.01.18 07:44:00 | 010,920,984 | ---- | C] () -- C:\Windows\SysWow64\LogiDPP.dll [2012.01.18 07:44:00 | 000,336,408 | ---- | C] () -- C:\Windows\SysWow64\DevManagerCore.dll [2012.01.18 07:44:00 | 000,104,472 | ---- | C] () -- C:\Windows\SysWow64\LogiDPPApp.exe [2011.10.19 21:05:27 | 000,552,960 | ---- | C] () -- C:\Windows\SysWow64\FS2AUDIO.dll [2011.10.18 17:30:32 | 000,029,184 | ---- | C] () -- C:\Users\Daniel\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.10.02 21:02:06 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2011.10.02 21:02:05 | 000,682,280 | ---- | C] () -- C:\Windows\SysWow64\pbsvc.exe [2011.10.02 21:02:05 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2011.09.28 16:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat [2011.07.26 06:40:37 | 001,591,070 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2222334842-3514504640-2603052772-1001\$355f16dd320e0c25b3a59dff31ff8436\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Ich nutze Win7 64bit. Kann mir jemand helfen, herauszufinden ob mein System wieder sauber ist? Vielen Dank schon im Voraus!!! |
09.01.2013, 22:40 | #2 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt.Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit GMER Bitte lade dir GMER herunter: (Dateiname zufällig) Schritt 3: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ |
09.01.2013, 23:17 | #3 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hallo ryder,
__________________erstmal vielen Dank für Deine Unterstützung! So nun habe ich die Ergebnisse nach dem 3.Anlauf (hatte Antivir & dann AnitMaleware vergessen auszuschalten): Defogger: Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 23:50 on 09/01/2013 (Daniel) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net Rootkit scan 2013-01-09 23:52:45 Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Hitachi_ rev.MN5O 1397,27GB Running: ddy0ysd5.exe; Driver: C:\Users\Daniel\AppData\Local\Temp\uxlirpod.sys ---- User code sections - GMER 2.0 ---- .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe[1664] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Program Files (x86)\RocketDock\RocketDock.exe[400] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe[1816] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe[2276] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!recv + 82 00000000722d17fa 2 bytes [2D, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!recvfrom + 88 00000000722d1860 2 bytes [2D, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 98 00000000722d1942 2 bytes [2D, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\SysWOW64\WSOCK32.dll!setsockopt + 109 00000000722d194d 2 bytes [2D, 72] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Windows\SysWOW64\PnkBstrA.exe[2688] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] ? C:\Windows\system32\mssprxy.dll [3416] entry point in ".rdata" section 0000000074ad71e6 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 0000000075571401 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 0000000075571419 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 0000000075571431 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 000000007557144a 2 bytes [57, 75] .text ... * 9 .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000755714dd 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000755714f5 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 000000007557150d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 0000000075571525 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 000000007557153d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 0000000075571555 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 000000007557156d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 0000000075571585 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 000000007557159d 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000755715b5 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000755715cd 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000755716b2 2 bytes [57, 75] .text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[3136] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000755716bd 2 bytes [57, 75] ---- Threads - GMER 2.0 ---- Thread [1532:1544] 0000000077c23e45 Thread [1532:1548] 0000000076287587 Thread [1532:1584] 000000007503c59c Thread [1532:1652] 000000007503c59c Thread [1532:1656] 000000007503c59c Thread [1532:1660] 000000007503c59c Thread [1532:1672] 0000000072fc32fb Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688:3480] 000000001000e2eb Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688:3592] 00000000016166e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688:3596] 00000000016166e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688:3604] 00000000016166e0 Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688:3608] 0000000001612560 ---- Processes - GMER 2.0 ---- Library ? (*** suspicious ***) @ [1532] 00000000009b0000 Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1688] 0000000072f60000 ---- Registry - GMER 2.0 ---- Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Daniel\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1 ---- EOF - GMER 2.0 ---- [CODE].DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 30.09.2011 09:50:21 System Uptime: 09.01.2013 23:49:18 (0 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | H67MA-USB3-B3 Processor: Intel(R) Core(TM) i7-2600K CPU @ 3.40GHz | Socket 1155 | 3701/100mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 1397 GiB total, 1181,169 GiB free. D: is CDROM () G: is Removable . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP245: 29.12.2012 19:50:13 - Geplanter Prüfpunkt RP246: 06.01.2013 17:25:11 - Installed DH106 Comet 1 and 2 for FSX or FS2004 RP247: 06.01.2013 17:31:11 - Installed iFly 747-400 for Microsoft Flight Simulator X RP248: 06.01.2013 18:19:59 - Removed iFly 747-400 for Microsoft Flight Simulator X RP249: 06.01.2013 18:21:15 - Installed iFly 747-400 for Microsoft Flight Simulator X RP250: 06.01.2013 19:03:05 - Installed A.I. Traffic Editor RP251: 09.01.2013 19:38:13 - Windows Update RP252: 09.01.2013 19:56:40 - Windows Update RP253: 09.01.2013 20:41:07 - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.1) - Deutsch Adolix Split and Merge PDF v2.1 AFPL Ghostscript 8.54 AFPL Ghostscript Fonts Airport AI Enhancer 2.0 ArmA 2 Free Uninstall aTube Catcher Avira Free Antivirus Balabolka Battlefield 3™ Battlelog Web Plugins Call of Duty(R) - World at War(TM) Call of Duty(R) - World at War(TM) 1.1 Patch Call of Duty(R) - World at War(TM) 1.2 Patch Call of Duty(R) - World at War(TM) 1.3 Patch Call of Duty(R) - World at War(TM) 1.4 Patch Call of Duty(R) - World at War(TM) 1.5 Patch Call of Duty(R) - World at War(TM) 1.6 Patch Call of Duty(R) - World at War(TM) 1.7 Patch CameraHelperMsi CCleaner D3DX10 Dangerous Waters DCS A-10C DCS Black Shark DCS World Definition Update for Microsoft Office 2010 (KB982726) 32-Bit Edition DH106 Comet 1 and 2 for FSX Dosimis-3 Version 5.1 EPSON-Drucker-Software erLT ESN Sonar FFMVATracker Flight Simulator X Flight Simulator X Service Pack 1 Free YouTube to MP3 Converter version 3.11.24.608 FreeFalcon FSFDT FSCopilot FsMovMapServer Garmin Training Center Garmin USB Drivers GIMP 2.6.8 Google SketchUp 8 HyperLobby client iFly 747-400 for Microsoft Flight Simulator X IL-2 Sturmovik 1946 Intel(R) Control Center Intel(R) IPP Run-Time Installer 5.3 Update 4 for Windows* on IA-32 Intel(R) Rapid Storage Technology Java 7 Update 7 Java Auto Updater Java(TM) 7 (64-bit) JavaFX 2.1.1 Junk Mail filter update L&H TTS3000 Deutsch LandingTrainer Lock On: Air Combat Simulation Logitech Webcam-Software LWS Facebook LWS Gallery LWS Help_main LWS Launcher LWS Motion Detection LWS Pictures And Video LWS Twitter LWS Video Mask Maker LWS VideoEffects LWS Webcam Software LWS WLM Plugin LWS YouTube Plugin Malwarebytes Anti-Malware Version 1.70.0.1100 Media Player Classic - Home Cinema v1.5.2.3456 x64 Mesh Runtime Messenger Companion Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft .NET Framework 4 Extended Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft Application Error Reporting Microsoft Flight Microsoft Flight Simulator X Microsoft Flight Simulator X: Acceleration Microsoft Games for Windows - LIVE Redistributable Microsoft Games for Windows Marketplace Microsoft IntelliType Pro 8.2 Microsoft Office 2010 Microsoft Office 2010 Service Pack 1 (SP1) Microsoft Office Access MUI (German) 2010 Microsoft Office Excel MUI (German) 2010 Microsoft Office Groove MUI (German) 2010 Microsoft Office InfoPath MUI (German) 2010 Microsoft Office Klick-und-Los 2010 Microsoft Office Office 64-bit Components 2010 Microsoft Office OneNote MUI (German) 2010 Microsoft Office Outlook MUI (German) 2010 Microsoft Office PowerPoint MUI (German) 2010 Microsoft Office Professional Plus 2010 Microsoft Office Proof (English) 2010 Microsoft Office Proof (French) 2010 Microsoft Office Proof (German) 2010 Microsoft Office Proof (Italian) 2010 Microsoft Office Proofing (German) 2010 Microsoft Office Publisher MUI (German) 2010 Microsoft Office Shared 64-bit MUI (German) 2010 Microsoft Office Shared MUI (German) 2010 Microsoft Office Starter 2010 - Deutsch Microsoft Office Word MUI (German) 2010 Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Mozilla Firefox 13.0.1 (x86 de) Mozilla Maintenance Service MSVCRT MSVCRT_amd64 MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) MSXML 4.0 SP2 Parser und SDK NVIDIA 3D Vision Controller-Treiber 296.10 NVIDIA 3D Vision Treiber 306.97 NVIDIA Grafiktreiber 306.97 NVIDIA HD-Audiotreiber 1.3.12.0 NVIDIA Install Application NVIDIA PhysX NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Stereoscopic 3D Driver NVIDIA Systemsteuerung 306.97 NVIDIA Update 1.10.8 NVIDIA Update Components OpenOffice.org 3.3 Origin Overland - MD-11 Free Aircraft for FS2004 PDF Blender PDFCreator pdfsam PunkBuster Services RealSpeak Solo fur Deutsch - Steffi Realtek High Definition Audio Driver Realtek USB 2.0 Card Reader Rise of Flight RocketDock 1.3.5 Rome - Total War - Gold Edition Security Update for CAPICOM (KB931906) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2736428) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Security Update for Microsoft .NET Framework 4 Extended (KB2736428) Security Update for Microsoft .NET Framework 4 Extended (KB2742595) Security Update for Microsoft Excel 2010 (KB2597126) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687417) 32-Bit Edition Security Update for Microsoft InfoPath 2010 (KB2687436) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553091) Security Update for Microsoft Office 2010 (KB2553096) Security Update for Microsoft Office 2010 (KB2553371) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2553447) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2589320) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2597986) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2598243) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687501) 32-Bit Edition Security Update for Microsoft Office 2010 (KB2687510) 32-Bit Edition Security Update for Microsoft PowerPoint 2010 (KB2553185) 32-Bit Edition Security Update for Microsoft Visio 2010 (KB2687508) 32-Bit Edition Security Update for Microsoft Visio Viewer 2010 (KB2598287) 32-Bit Edition Security Update for Microsoft Word 2010 (KB2760410) 32-Bit Edition Setup Dosimis-3 Deutsch V5.1 Sid Meier's Civilization 4 Complete Silent Hunter 5 Silent Hunter III Skype™ 6.0 Smart Technology Programming Software 7.0.2.7 Tacview 1.1.1 TeamViewer 7 TrackIR5 TubeBox Ubisoft Game Launcher Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) Update for Microsoft Office 2010 (KB2553065) Update for Microsoft Office 2010 (KB2553092) Update for Microsoft Office 2010 (KB2553181) 32-Bit Edition Update for Microsoft Office 2010 (KB2553267) 32-Bit Edition Update for Microsoft Office 2010 (KB2553310) 32-Bit Edition Update for Microsoft Office 2010 (KB2566458) Update for Microsoft Office 2010 (KB2596964) 32-Bit Edition Update for Microsoft Office 2010 (KB2598242) 32-Bit Edition Update for Microsoft Office 2010 (KB2687509) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2553290) 32-Bit Edition Update for Microsoft OneNote 2010 (KB2687277) 32-Bit Edition Update for Microsoft Outlook 2010 (KB2687623) 32-Bit Edition Update for Microsoft Outlook Social Connector 2010 (KB2553406) 32-Bit Edition Update for Microsoft SharePoint Workspace 2010 (KB2589371) 32-Bit Edition VATroute 0.0.1.021 VLC media player 1.1.11 Windows Driver Package - Dynastream Innovations (libusb0) LibUsbDevices (07/07/2009 1.12.2) Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live Fotogalerie Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Language Selector Windows Live Mail Windows Live Mesh Windows Live Mesh ActiveX control for remote connections Windows Live Messenger Windows Live Messenger Companion Core Windows Live MIME IFilter Windows Live Movie Maker Windows Live Photo Common Windows Live Photo Gallery Windows Live PIMT Platform Windows Live Remote Client Windows Live Remote Client Resources Windows Live Remote Service Windows Live Remote Service Resources Windows Live SOXE Windows Live SOXE Definitions Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources WinPcap 4.1.2 WinRAR 4.01 (64-Bit) . ==== End Of File =========================== Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64 Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.7.2 Run by Daniel at 23:53:03 on 2013-01-09 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8175.6616 [GMT 1:00] . AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes =============== . C:\Windows\system32\lsm.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\System32\spoolsv.exe C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe C:\Program Files (x86)\SDZ\Dosimis-3\Deutsch\CodeMeter.exe C:\Windows\system32\Dwm.exe C:\Windows\system32\taskhost.exe C:\Windows\Explorer.EXE C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe C:\Program Files\Microsoft IntelliType Pro\itype.exe C:\Program Files\Saitek\SD6\Software\ProfilerU.exe C:\Program Files\Saitek\SD6\Software\SaiMfd.exe C:\Program Files (x86)\RocketDock\RocketDock.exe C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe C:\Windows\SysWOW64\PnkBstrA.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe C:\Windows\system32\svchost.exe -k imgsvc C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\taskeng.exe C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe C:\Windows\system32\SearchIndexer.exe C:\Windows\system32\SearchProtocolHost.exe C:\Windows\system32\SearchFilterHost.exe C:\Windows\system32\taskeng.exe C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe C:\Windows\system32\sppsvc.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\System32\cscript.exe . ============== Pseudo HJT Report =============== . uStart Page = hxxp://www.google.de/ mWinlogon: Userinit = userinit.exe BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll BHO: WebSpeechBHO Class: {83A30C59-3A50-49E6-9DAF-4923C4EA3C23} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll BHO: Windows Live ID-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll BHO: Windows Live Messenger Companion Helper: {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll EB: WebSpeech Reader: {2D9700CB-A777-4DB0-96E1-1EBEBB7D1510} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll uRun: [RocketDock] "C:\Program Files (x86)\RocketDock\RocketDock.exe" uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart uRun: [ANT Agent] C:\Program Files (x86)\Garmin\ANT Agent\ANT Agent.exe mRun: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe mRun: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" mRun: [BCSSync] "C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe" /DelayServices uPolicies-Explorer: NoDriveTypeAutoRun = dword:145 mPolicies-Explorer: NoActiveDesktop = dword:1 mPolicies-Explorer: NoActiveDesktopChanges = dword:1 mPolicies-System: ConsentPromptBehaviorAdmin = dword:5 mPolicies-System: ConsentPromptBehaviorUser = dword:3 mPolicies-System: EnableUIADesktopToggle = dword:0 IE: An OneNote s&enden - C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - C:\Users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: {0000036B-C524-4050-81A0-243669A86B9F} - {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll IE: {1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - C:\Program Files (x86)\Common Files\WebSpeech.4.0\LgxIEBar.dll IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll Trusted Zone: logox.de DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.2.1 TCP: Interfaces\{DF1693CA-5913-4622-AFB1-F99973458F5E} : DHCPNameServer = 192.168.2.1 Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll SSODL: WebCheck - <orphaned> SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL x64-BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll x64-Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s x64-Run: [itype] "c:\Program Files\Microsoft IntelliType Pro\itype.exe" x64-Run: [ProfilerU] C:\Program Files\Saitek\SD6\Software\ProfilerU.exe x64-Run: [SaiMfd] C:\Program Files\Saitek\SD6\Software\SaiMfd.exe x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll x64-DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL x64-Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - <orphaned> x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned> x64-SSODL: WebCheck - <orphaned> x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL . ================= FIREFOX =================== . FF - ProfilePath - C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t0nqbmls.default\ FF - prefs.js: browser.search.selectedEngine - Ask.com FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 0 FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL FF - plugin: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\2.1.2\npesnlaunch.dll FF - plugin: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll FF - plugin: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll FF - plugin: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypchub.dll FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll FF - plugin: C:\Windows\SysWOW64\npmproxy.dll . ============= SERVICES / DRIVERS =============== . R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-7-15 27760] R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-7-15 86224] R2 AntiVirService;Avira Echtzeit Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-7-15 110032] R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-7-15 98848] R2 CodeMeter.exe;CodeMeter Runtime Server;C:\Program Files (x86)\SDZ\Dosimis-3\Deutsch\CodeMeter.exe [2012-7-7 1221952] R2 cvhsvc;Client Virtualization Handler;C:\Program Files (x86)\Common Files\microsoft shared\Virtualization Handler\CVHSVC.EXE [2012-1-4 822624] R2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;C:\Windows\System32\drivers\EtronHub3.sys [2011-1-14 38144] R2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;C:\Windows\System32\drivers\EtronXHCI.sys [2011-1-14 62080] R2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-9-24 13592] R2 sftlist;Application Virtualization Client;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-1 508776] R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-2 382824] R2 SystemStore;System Store;C:\Program Files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-5-21 50176] R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] R2 UMVPFSrv;UMVPFSrv;C:\Program Files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-1-18 450848] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;C:\Windows\System32\drivers\RtsUStor.sys [2011-9-24 222720] R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2011-7-27 539240] R3 Sftfs;Sftfs;C:\Windows\System32\drivers\Sftfslh.sys [2011-10-1 764264] R3 Sftplay;Sftplay;C:\Windows\System32\drivers\Sftplaylh.sys [2011-10-1 268648] R3 Sftredir;Sftredir;C:\Windows\System32\drivers\Sftredirlh.sys [2011-10-1 25960] R3 Sftvol;Sftvol;C:\Windows\System32\drivers\Sftvollh.sys [2011-10-1 22376] R3 sftvsa;Application Virtualization Service Agent;C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-1 219496] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576] S2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2013-1-9 398184] S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2013-1-9 682344] S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2012-11-9 160944] S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2011-9-30 48488] S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2011-5-13 1492840] S3 LVRS64;Logitech RightSound Filter Driver;C:\Windows\System32\drivers\lvrs64.sys [2012-1-18 351136] S3 LVUVC64;Logitech Webcam 250(UVC);C:\Windows\System32\drivers\lvuvc64.sys [2012-1-18 4865568] S3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2013-1-9 24176] S3 npusbio;npusbio;C:\Windows\System32\drivers\npusbio_x64.sys [2012-1-8 45600] S3 SaiH053C;SaiH053C;C:\Windows\System32\drivers\SaiH053C.sys [2007-5-1 171144] S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392] S3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232] S3 WatAdminSvc;Windows-Aktivierungstechnologieservice;C:\Windows\System32\Wat\WatAdminSvc.exe [2011-10-3 1255736] S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-22 57184] . =============== Created Last 30 ================ . 2013-01-09 19:55:16 -------- d-----w- C:\Users\Daniel\AppData\Roaming\Malwarebytes 2013-01-09 19:55:14 24176 ----a-w- C:\Windows\System32\drivers\mbam.sys 2013-01-09 19:55:14 -------- d-----w- C:\ProgramData\Malwarebytes 2013-01-09 19:55:14 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware 2013-01-09 19:55:06 -------- d-----w- C:\Users\Daniel\AppData\Local\Programs 2013-01-09 19:39:25 68608 ----a-w- C:\Windows\System32\taskhost.exe 2013-01-09 19:39:22 3149824 ----a-w- C:\Windows\System32\win32k.sys 2013-01-09 18:44:07 750592 ----a-w- C:\Windows\System32\win32spl.dll 2013-01-09 18:44:07 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll 2013-01-08 20:54:27 175880 ----a-w- C:\Users\Daniel\wgsdgsdgdsgsd.exe 2013-01-08 19:22:04 -------- d-----w- C:\Program Files (x86)\epson 2013-01-06 18:14:03 -------- d-----w- C:\ProgramData\Applications 2013-01-06 18:03:17 -------- d-----w- C:\Program Files (x86)\A.I. Traffic Editor 2013-01-06 16:22:04 99136 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\md11klmx\Panel\PAD_Groundhandling5_Sound.dll 2013-01-06 15:54:55 -------- d-----w- C:\Program Files (x86)\Airport AI Enhancer X 2012-12-21 10:17:51 46080 ----a-w- C:\Windows\System32\atmlib.dll 2012-12-21 10:17:51 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll 2012-12-21 10:17:50 367616 ----a-w- C:\Windows\System32\atmfd.dll 2012-12-21 10:17:50 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll 2012-12-19 10:18:32 -------- d-----w- C:\Program Files (x86)\FsMovMapServer 2012-12-18 10:33:02 -------- d-----w- C:\Program Files (x86)\Microsoft Synchronization Services 2012-12-18 10:30:44 -------- d-----w- C:\Program Files (x86)\Microsoft Visual Studio 8 2012-12-18 10:30:18 -------- d-----w- C:\Program Files (x86)\Microsoft Analysis Services 2012-12-16 11:17:22 8704 ----a-w- C:\Windows\System32\E_GCINST.DLL 2012-12-16 11:17:22 81408 ----a-w- C:\Windows\System32\E_IBCBBKE.DLL 2012-12-16 11:17:22 108032 ----a-w- C:\Windows\System32\E_ILMBKE.DLL 2012-12-16 11:17:12 -------- d-----w- C:\ProgramData\EPSON 2012-12-14 09:19:29 99120 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\crj200_jazznostx\panel.crj200x\RCB_Groundhandling5_Sound.dll 2012-12-13 18:25:31 97976 ----a-w- C:\Program Files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\CALLOUT_SOUND.dll 2012-12-12 19:59:12 -------- d-----w- C:\Program Files (x86)\VATroute 2012-12-12 19:59:04 -------- d-----w- C:\Windows\uninstall 2012-12-12 15:43:04 2048 ----a-w- C:\Windows\SysWow64\tzres.dll 2012-12-12 15:43:04 2048 ----a-w- C:\Windows\System32\tzres.dll 2012-12-12 15:42:51 478208 ----a-w- C:\Windows\System32\dpnet.dll 2012-12-12 15:42:51 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll . ==================== Find3M ==================== . 2013-01-09 19:51:29 74248 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 19:51:29 697864 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe 2013-01-04 15:17:13 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr 2013-01-04 15:17:13 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe 2013-01-04 15:17:04 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0 2012-12-07 13:20:16 441856 ----a-w- C:\Windows\System32\Wpc.dll 2012-12-07 13:15:31 2746368 ----a-w- C:\Windows\System32\gameux.dll 2012-12-07 12:26:17 308736 ----a-w- C:\Windows\SysWow64\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- C:\Windows\SysWow64\gameux.dll 2012-12-07 11:20:04 30720 ----a-w- C:\Windows\System32\usk.rs 2012-12-07 11:20:03 43520 ----a-w- C:\Windows\System32\csrr.rs 2012-12-07 11:20:03 23552 ----a-w- C:\Windows\System32\oflc.rs 2012-12-07 11:20:01 45568 ----a-w- C:\Windows\System32\oflc-nz.rs 2012-12-07 11:20:01 44544 ----a-w- C:\Windows\System32\pegibbfc.rs 2012-12-07 11:20:01 20480 ----a-w- C:\Windows\System32\pegi-fi.rs 2012-12-07 11:20:00 20480 ----a-w- C:\Windows\System32\pegi-pt.rs 2012-12-07 11:19:59 20480 ----a-w- C:\Windows\System32\pegi.rs 2012-12-07 11:19:58 46592 ----a-w- C:\Windows\System32\fpb.rs 2012-12-07 11:19:57 40960 ----a-w- C:\Windows\System32\cob-au.rs 2012-12-07 11:19:57 21504 ----a-w- C:\Windows\System32\grb.rs 2012-12-07 11:19:57 15360 ----a-w- C:\Windows\System32\djctq.rs 2012-12-07 11:19:56 55296 ----a-w- C:\Windows\System32\cero.rs 2012-12-07 11:19:55 51712 ----a-w- C:\Windows\System32\esrb.rs 2012-11-30 05:45:35 362496 ----a-w- C:\Windows\System32\wow64win.dll 2012-11-30 05:45:35 243200 ----a-w- C:\Windows\System32\wow64.dll 2012-11-30 05:45:35 13312 ----a-w- C:\Windows\System32\wow64cpu.dll 2012-11-30 05:45:14 215040 ----a-w- C:\Windows\System32\winsrv.dll 2012-11-30 05:43:12 16384 ----a-w- C:\Windows\System32\ntvdm64.dll 2012-11-30 05:41:07 424448 ----a-w- C:\Windows\System32\KernelBase.dll 2012-11-30 04:54:00 5120 ----a-w- C:\Windows\SysWow64\wow32.dll 2012-11-30 04:53:59 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll 2012-11-30 03:23:48 338432 ----a-w- C:\Windows\System32\conhost.exe 2012-11-30 02:44:06 25600 ----a-w- C:\Windows\SysWow64\setup16.exe 2012-11-30 02:44:04 7680 ----a-w- C:\Windows\SysWow64\instnm.exe 2012-11-30 02:44:04 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll 2012-11-30 02:44:03 2048 ----a-w- C:\Windows\SysWow64\user.exe 2012-11-30 02:38:59 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll 2012-11-22 05:44:23 800768 ----a-w- C:\Windows\System32\usp10.dll 2012-11-22 04:45:03 626688 ----a-w- C:\Windows\SysWow64\usp10.dll 2012-11-20 05:48:49 307200 ----a-w- C:\Windows\System32\ncrypt.dll 2012-11-20 04:51:09 220160 ----a-w- C:\Windows\SysWow64\ncrypt.dll 2012-11-14 06:11:44 2312704 ----a-w- C:\Windows\System32\jscript9.dll 2012-11-14 06:04:11 1392128 ----a-w- C:\Windows\System32\wininet.dll 2012-11-14 06:02:49 1494528 ----a-w- C:\Windows\System32\inetcpl.cpl 2012-11-14 05:57:46 599040 ----a-w- C:\Windows\System32\vbscript.dll 2012-11-14 05:57:35 173056 ----a-w- C:\Windows\System32\ieUnatt.exe 2012-11-14 05:52:40 2382848 ----a-w- C:\Windows\System32\mshtml.tlb 2012-11-14 02:09:22 1800704 ----a-w- C:\Windows\SysWow64\jscript9.dll 2012-11-14 01:58:15 1427968 ----a-w- C:\Windows\SysWow64\inetcpl.cpl 2012-11-14 01:57:37 1129472 ----a-w- C:\Windows\SysWow64\wininet.dll 2012-11-14 01:49:25 142848 ----a-w- C:\Windows\SysWow64\ieUnatt.exe 2012-11-14 01:48:27 420864 ----a-w- C:\Windows\SysWow64\vbscript.dll 2012-11-14 01:44:42 2382848 ----a-w- C:\Windows\SysWow64\mshtml.tlb 2012-11-01 05:43:42 2002432 ----a-w- C:\Windows\System32\msxml6.dll 2012-11-01 05:43:42 1882624 ----a-w- C:\Windows\System32\msxml3.dll 2012-11-01 04:47:54 1389568 ----a-w- C:\Windows\SysWow64\msxml6.dll 2012-11-01 04:47:54 1236992 ----a-w- C:\Windows\SysWow64\msxml3.dll 2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll 2012-10-14 18:04:53 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 18:04:53 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll 2012-10-14 18:04:53 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll . ============= FINISH: 23:53:59,60 =============== Wie sieht es aus? Mir fällt noch ein, dass ich nach der Systemwiederherstellung Malewarebytes Antimaleware installiert habe. Beim zweiten DDS-Lauf kam eine Meldung: "Infektion C:\programData\dsgsdgdsgdsgdsgw.pad Exploit.Drop.GSA" von dieser Software. Geändert von djeux21 (10.01.2013 um 00:16 Uhr) |
10.01.2013, 10:49 | #4 | |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. genau Da ist auch noch ein Rest, den wir entfernen werden: Schritt 1: AdwCleaner: Werbeprogramme suchen und löschen Schritt 2: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.01.2013, 18:13 | #5 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hallo ryder, habe beide Schritte gemacht. Schritt 1: AdwCleaner: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 10/01/2013 um 17:51:23 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : Daniel - DANIEL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Daniel\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\user.js Datei Gelöscht : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t0nqbmls.default\searchplugins\Askcom.xml Ordner Gelöscht : C:\ProgramData\Ask Ordner Gelöscht : C:\ProgramData\Babylon Ordner Gelöscht : C:\Users\Daniel\AppData\Local\Babylon Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\Babylon Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\pdfforge Ordner Gelöscht : C:\Users\Daniel\AppData\Roaming\yourfiledownloader ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\APN PIP Schlüssel Gelöscht : HKCU\Software\PIP Schlüssel Gelöscht : HKCU\Software\YourFileDownloader Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} Schlüssel Gelöscht : HKLM\Software\Babylon Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS Schlüssel Gelöscht : HKLM\Software\PIP Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D} Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5} Schlüssel Gelöscht : HKLM\Software\YourFileDownloader ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v13.0.1 (de) Datei : C:\Users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t0nqbmls.default\prefs.js Gelöscht : user_pref("browser.search.order.1", "Ask.com"); Gelöscht : user_pref("browser.search.selectedEngine", "Ask.com"); ************************* AdwCleaner[S1].txt - [2510 octets] - [10/01/2013 17:51:23] ########## EOF - C:\AdwCleaner[S1].txt - [2570 octets] ########## Code:
ATTFilter ComboFix 13-01-08.01 - Daniel 10.01.2013 17:59:04.1.8 - x64 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8175.6642 [GMT 1:00] ausgeführt von:: c:\users\Daniel\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . C:\install.exe c:\users\Daniel\Desktop\Setup.exe c:\users\Daniel\wgsdgsdgdsgsd.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-12-10 bis 2013-01-10 )))))))))))))))))))))))))))))) . . 2013-01-10 17:04 . 2013-01-10 17:04 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp 2013-01-10 17:04 . 2013-01-10 17:04 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\users\Daniel\AppData\Roaming\Malwarebytes 2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\programdata\Malwarebytes 2013-01-09 19:55 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-01-09 19:55 . 2013-01-09 19:55 -------- d-----w- c:\users\Daniel\AppData\Local\Programs 2013-01-09 19:39 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe 2013-01-09 19:39 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys 2013-01-09 18:44 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll 2013-01-09 18:44 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll 2013-01-08 19:29 . 2013-01-08 19:29 -------- d-----w- c:\users\Daniel\AppData\Roaming\EPSON 2013-01-08 19:22 . 2013-01-08 19:22 -------- d-----w- c:\program files (x86)\epson 2013-01-06 18:14 . 2013-01-06 18:14 -------- d-----w- c:\programdata\Applications 2013-01-06 18:03 . 2013-01-09 18:31 -------- d-----w- c:\program files (x86)\A.I. Traffic Editor 2013-01-06 16:22 . 2006-10-28 16:36 99136 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\md11klmx\Panel\PAD_Groundhandling5_Sound.dll 2013-01-06 15:54 . 2013-01-06 16:07 -------- d-----w- c:\program files (x86)\Airport AI Enhancer X 2012-12-21 10:17 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-21 10:17 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-21 10:17 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-21 10:17 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-19 10:18 . 2012-12-19 10:18 -------- d-----w- c:\program files (x86)\FsMovMapServer 2012-12-18 17:49 . 2012-12-18 17:49 -------- d-----w- c:\users\Default\AppData\Local\Microsoft Help 2012-12-18 10:33 . 2012-12-18 10:33 -------- d-----w- c:\program files (x86)\Microsoft Synchronization Services 2012-12-18 10:32 . 2012-12-18 10:32 -------- d-----w- c:\program files (x86)\Microsoft Sync Framework 2012-12-18 10:30 . 2012-12-18 10:30 -------- d-----w- c:\program files (x86)\Microsoft Visual Studio 8 2012-12-18 10:30 . 2012-12-18 10:30 -------- d-----w- c:\program files (x86)\Microsoft Analysis Services 2012-12-18 10:29 . 2012-12-18 10:29 -------- d-----r- C:\MSOCache 2012-12-16 11:17 . 2007-12-07 01:08 108032 ----a-w- c:\windows\system32\E_ILMBKE.DLL 2012-12-16 11:17 . 2007-12-07 01:01 81408 ----a-w- c:\windows\system32\E_IBCBBKE.DLL 2012-12-16 11:17 . 2005-02-02 11:05 8704 ----a-w- c:\windows\system32\E_GCINST.DLL 2012-12-16 11:17 . 2012-12-16 11:18 -------- d-----w- c:\programdata\EPSON 2012-12-14 09:19 . 2006-10-19 18:47 99120 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\SimObjects\Airplanes\crj200_jazznostx\panel.crj200x\RCB_Groundhandling5_Sound.dll 2012-12-13 18:25 . 2010-01-14 19:44 97976 ----a-w- c:\program files (x86)\Microsoft Games\Microsoft Flight Simulator X\Gauges\CALLOUT_SOUND.dll 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\program files (x86)\VATroute 2012-12-12 19:59 . 2012-12-12 19:59 -------- d-----w- c:\windows\uninstall 2012-12-12 15:43 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll 2012-12-12 15:43 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll 2012-12-12 15:42 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 15:42 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-01-09 19:51 . 2012-05-10 16:33 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-01-09 19:51 . 2011-10-03 16:12 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-01-09 18:59 . 2011-10-08 05:47 67599240 ----a-w- c:\windows\system32\MRT.exe 2013-01-04 15:17 . 2011-10-02 20:19 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr 2013-01-04 15:17 . 2011-10-02 20:02 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe 2013-01-04 15:17 . 2011-10-02 20:02 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0 2012-11-30 04:45 . 2013-01-09 18:43 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-10-16 08:38 . 2012-11-27 19:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll 2012-10-16 08:38 . 2012-11-27 19:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll 2012-10-16 07:39 . 2012-11-27 19:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-14 18:04 . 2012-10-14 18:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2012-10-14 18:04 . 2012-07-04 16:28 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll 2012-10-14 18:04 . 2012-03-25 17:08 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616] "EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-11-30 3492504] "ANT Agent"="c:\program files (x86)\Garmin\ANT Agent\ANT Agent.exe" [2012-03-23 14749544] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-05-20 284440] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920] "avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848] "BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32] "aux2"=wdmaud.drv . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-11-09 160944] R3 LVRS64;Logitech RightSound Filter Driver;c:\windows\system32\DRIVERS\lvrs64.sys [2012-01-18 351136] R3 LVUVC64;Logitech Webcam 250(UVC);c:\windows\system32\DRIVERS\lvuvc64.sys [2012-01-18 4865568] R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] R3 npusbio;npusbio;c:\windows\system32\Drivers\npusbio_x64.sys [2009-12-17 45600] R3 SaiH053C;SaiH053C;c:\windows\system32\DRIVERS\SaiH053C.sys [2007-05-01 171144] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392] R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-10-03 1255736] R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760] S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224] S2 CodeMeter.exe;CodeMeter Runtime Server;c:\program files (x86)\SDZ\Dosimis-3\Deutsch\CodeMeter.exe [2008-06-27 1221952] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 EtronHub3;Etron USB 3.0 Extensible Hub Driver;c:\windows\System32\Drivers\EtronHub3.sys [2010-11-01 38144] S2 EtronXHCI;Etron USB 3.0 Extensible Host Controller Driver;c:\windows\System32\Drivers\EtronXHCI.sys [2010-11-01 62080] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-05-20 13592] S2 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2010-06-25 35344] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824] S2 SystemStore;System Store;c:\program files (x86)\Freemium\SystemStore\Freemium.SystemStore.WindowsService.exe [2012-05-21 50176] S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2011-12-14 2984832] S2 UMVPFSrv;UMVPFSrv;c:\program files (x86)\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [2012-01-18 450848] S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\System32\Drivers\RtsUStor.sys [2009-08-19 222720] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-10 539240] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . Inhalt des "geplante Tasks" Ordners . 2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-10 19:51] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-07 12558440] "itype"="c:\program files\Microsoft IntelliType Pro\itype.exe" [2011-08-10 1873256] "ProfilerU"="c:\program files\Saitek\SD6\Software\ProfilerU.exe" [2010-07-29 310272] "SaiMfd"="c:\program files\Saitek\SD6\Software\SaiMfd.exe" [2010-07-29 158208] . ------- Zusätzlicher Suchlauf ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://www.google.de/ mLocal Page = c:\windows\SysWOW64\blank.htm IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105 IE: Free YouTube to MP3 Converter - c:\users\Daniel\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000 IE: {{1CE4DE72-7FCC-4eb8-8F66-AE6A56A0A54D} - {0854DA01-5BF8-4E9D-A0E9-3CD5500AFB8C} - c:\progra~2\COMMON~1\WEBSPE~1.0\LgxIEBar.dll Trusted Zone: gdata.de\www Trusted Zone: logox.de Trusted Zone: penissizedebate.com\www TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Daniel\AppData\Roaming\Mozilla\Firefox\Profiles\t0nqbmls.default\ FF - prefs.js: browser.startup.homepage - google.de FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . AddRemove-Setup-Dosimis-3-Deutsch_is1 - c:\users\Daniel\AppData\Local\Temp\is-VE074.tmp\unins000.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.bmp.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.DIB\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.bmp.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.Email.1" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ICO\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.ico.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JFIF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.jpg.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPE\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.jpg.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPEG\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.jpg.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.JPG\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.jpg.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.PNG\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.png.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.tif.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TIFF\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.tif.15.4" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLiveMail.VCard.1" . [HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.WDP\UserChoice] @Denied: (2) (LocalSystem) "Progid"="WindowsLive.PhotoGallery.wdp.15.4" . [HKEY_USERS\S-1-5-21-2222334842-3514504640-2603052772-1001\Software\SecuROM\License information*] "datasecu"=hex:c8,f1,53,85,23,4e,07,e8,61,80,c9,08,2f,8b,fc,39,58,16,b3,58,2f, 59,7f,ec,d1,aa,86,78,bb,df,46,ba,b9,64,d3,9d,b7,bc,35,6d,ff,62,5a,39,d0,1d,\ "rkeysecu"=hex:e4,e9,ef,4b,e1,51,d8,6b,2d,a9,5b,82,42,92,62,64 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-01-10 18:05:43 ComboFix-quarantined-files.txt 2013-01-10 17:05 . Vor Suchlauf: 14 Verzeichnis(se), 1.269.222.838.272 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 1.269.579.956.224 Bytes frei . - - End Of File - - 62BD31D88EC5CED307FC0EA1739CE5D7 Gruß |
10.01.2013, 18:16 | #6 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Das sind gute Neuigkeiten! Okay wir werden jetzt ein paar Dateien zur weiteren Analyse einsenden. Bitte dieser Anleitung genau folgen! Upload zur Analyse bei Trojaner-Board
__________________ --> GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. |
10.01.2013, 18:39 | #7 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hallo ryder, leider kann ich den Ordner C:\qoobox nicht packen: Zugriff verweigert 7-zip cannot open file C:\Qoobox.zip Was mache ich falsch? |
10.01.2013, 18:42 | #8 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Nach einem Neustart und als Administrator sollte es gehen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.01.2013, 18:52 | #9 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hallo ryder, nach Neustart konnte ich mit 7-zip den Ordner zippen. Dabei meldete sich Avira Antivirus: "In der Datei C:\Qoobox\Quarantine\C\...\wgsdgsggssgsd.exe.vir wurde ein Virus oder unerwünschtes Programm TR/Drop.Injector.gxbd gefunden. Zugriff verweigert. Aktionen: Entfernen oder Details" Soll ich trotzdem die Datei hochladen? Gruß |
10.01.2013, 18:53 | #10 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. ja gerade deswegen
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.01.2013, 21:07 | #11 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Habe alles hochgeladen. |
10.01.2013, 21:29 | #12 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. In Ordnung, vielen Dank. Gut! Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen und werden dann deinen Computer noch auf einen sicheren Stand bringen. Da diese Scans jetzt sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Wichtig: Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
10.01.2013, 21:53 | #13 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Während des Malwarebytelaufes kam folgende Meldung von Antivir: Es wurde ein Virus oder unerwünschtes Programm gefunden! Objekt1: cce20de-376c067b (ist im Verzeichnis C:\Users\D...\AppData\LocalLow\Sun\Java\Deployment\Cache\6.0\30\) Fund: TR/Drop.Injektor.gxbd (Trojanisches Pferd) Objekt2: 7ba5560c-28a83b97 (ist im Verzeichnis C:\Users\D...\AppData\LocalLow\Sun\Java\Deployment\Cache\6.0\12\) Fund: EXP/2012-1723.EV (Enthält Erkennungsmuster des Exploits 2012-1723.EV) Die Logfile von Malewarebyte: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.01.10.12 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Daniel :: DANIEL-PC [Administrator] Schutz: Deaktiviert 10.01.2013 21:34:33 mbam-log-2013-01-10 (21-34-33).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 248014 Laufzeit: 2 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Soll ich trotzdem weiter fortfahren? |
10.01.2013, 22:04 | #14 |
/// TB-Ausbilder | GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Einfach weitermachen bitte.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
11.01.2013, 06:57 | #15 |
| GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. Hier sind die Ergebnisse von ESET: Code:
ATTFilter C:\Qoobox\Quarantine\C\Users\Daniel\wgsdgsdgdsgsd.exe.vir Win32/Reveton.N trojan C:\Users\Daniel\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\1b33e436-73ed0ef6 a variant of Java/Exploit.Agent.NEE trojan und von SecurityCheck: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.70.0.1100 JavaFX 2.1.1 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.5.502.146 Adobe Reader 10.1.1 Adobe Reader out of Date! Mozilla Firefox 13.0.1 Firefox out of Date! ````````Process Check: objlist.exe by Laurent```````` Avira Antivir avgnt.exe Avira Antivir avguard.exe ESET ESET Online Scanner OnlineCmdLineScanner.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` |
Themen zu GVU-Trojaner, Systemwiederherstellung erfolgreich, Ungewissheit bleibt. |
adobe, antivir, avg, avira, bho, converter, error, explorer, firefox, flash player, format, freemium, helper, home, launch, logfile, mozilla, mp3, nvidia, nvidia update, object, origin, plug-in, realtek, recycle.bin, registry, scan, senden, super, trojaner, visual studio, windows |