Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Fund: Variante von Win32/InstallCore.D Anwendung

Fund: Variante von Win32/InstallCore.D Anwendung


Log-Analyse und Auswertung: Fund: Variante von Win32/InstallCore.D Anwendung

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 25.01.2013, 23:48   #1
bloc
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Hallo,

nachdem ich auf meinem PC (siehe hier: http://www.trojaner-board.de/130058-...iframe-bt.html) einen Trojaner gefunden habe, hab ich auch mal meinen Laptop unter die Lupe genommen und bin leider auch fündig geworden - wegen Zeichenüberschreitung ist die Extras.txt + gmer.txt im angehängten 7zip. Es sind keine weiteren Logs vorhanden!

Log Online-Scanner ESET
Code:
ATTFilter
:\Users\xxx\AppData\Local\Temp\ICReinstall\cnet2_NokiaSoftwareUpdaterSetup_EN_US_exe.exe	Variante von Win32/InstallCore.D Anwendung	Gesäubert durch Löschen - in Quarantäne kopiert
OTL.txt
Code:
ATTFilter
OTL logfile created on: 25.01.2013 22:24:15 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\xxx\Desktop
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 48,30% Memory free
3,01 Gb Paging File | 1,62 Gb Available in Paging File | 53,69% Paging File free
Paging file location(s): c:\pagefile.sys 16 4069 [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 88,90 Gb Total Space | 6,34 Gb Free Space | 7,13% Space Free | Partition Type: NTFS
 
Computer Name: xxx-PC | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\xxx\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Users\xxx\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
PRC - C:\Programme\Secunia\PSI\psia.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\sua.exe (Secunia)
PRC - C:\Programme\Secunia\PSI\psi_tray.exe (Secunia)
PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation)
PRC - C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
PRC - C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
PRC - C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
PRC - C:\Programme\TeamViewer\Version7\tv_w32.exe (TeamViewer GmbH)
PRC - C:\Programme\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
PRC - C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Windows\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Synaptics\SynTP\SynTPLpr.exe (Synaptics Incorporated)
PRC - C:\Programme\XSManager\WTGService.exe ()
PRC - C:\Programme\ThinkVantage Fingerprint Software\upeksvr.exe (UPEK Inc.)
PRC - C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
PRC - C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
PRC - C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
PRC - C:\Programme\Google\Gmail Notifier\gnotify.exe (Google Inc.)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll ()
MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ()
MOD - C:\Programme\Notepad++\NppShell_04.dll ()
MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (swi_service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Intelligence\swi_service.exe (Sophos Limited)
SRV - (SAVAdminService) -- C:\Programme\Sophos\Sophos Anti-Virus\SAVAdminService.exe (Sophos Limited)
SRV - (swi_update) -- C:\ProgramData\Sophos\Web Intelligence\swi_update.exe (Sophos Limited)
SRV - (Secunia PSI Agent) -- C:\Programme\Secunia\PSI\psia.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Programme\Secunia\PSI\sua.exe (Secunia)
SRV - (Microsoft SharePoint Workspace Audit Service) -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE (Microsoft Corporation)
SRV - (Sophos AutoUpdate Service) -- C:\Programme\Sophos\AutoUpdate\ALsvc.exe (Sophos Limited)
SRV - (Sophos Web Control Service) -- C:\Programme\Sophos\Sophos Anti-Virus\Web Control\swc_service.exe (Sophos Limited)
SRV - (SAVService) -- C:\Programme\Sophos\Sophos Anti-Virus\SavService.exe (Sophos Limited)
SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (SUService) -- C:\Programme\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation)
SRV - (XS Stick Service) -- C:\Windows\service4g.exe (4G Systems GmbH & Co. KG)
SRV - (rpcapd) -- C:\Programme\WinPcap\rpcapd.exe (CACE Technologies, Inc.)
SRV - (WTGService) -- C:\Programme\XSManager\WTGService.exe ()
SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (ThinkVantage Registry Monitor Service) -- C:\Programme\Common Files\Lenovo\tvt_reg_monitor_svc.exe (Lenovo Group Limited)
SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation)
SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation)
SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation)
SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV - (AEADIFilters) -- C:\Windows\System32\AEADISRV.EXE (Andrea Electronics Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV - (vpnva) -- system32\DRIVERS\vpnva.sys File not found
DRV - (VBoxNetFlt) -- system32\DRIVERS\VBoxNetFlt.sys File not found
DRV - (sdcfilter) -- C:\Windows\System32\drivers\sdcfilter.sys (Sophos Limited)
DRV - (SAVOnAccess) -- C:\Windows\System32\drivers\savonaccess.sys (Sophos Limited)
DRV - (truecrypt) -- C:\Windows\System32\drivers\truecrypt.sys (TrueCrypt Foundation)
DRV - (e1express) -- C:\Windows\System32\drivers\e1e6232.sys (Intel Corporation)
DRV - (teamviewervpn) -- C:\Windows\System32\drivers\teamviewervpn.sys (TeamViewer GmbH)
DRV - (SKMScan) -- C:\Windows\System32\drivers\skmscan.sys (Sophos Plc)
DRV - (dc3d) -- C:\Windows\System32\drivers\dc3d.sys (Microsoft Corporation)
DRV - (nhcDriverDevice) -- C:\Windows\System32\drivers\nhcDriver.sys (Notebook Hardware Control)
DRV - (cmnsusbser) -- C:\Windows\System32\drivers\cmnsusbser.sys (Mobile Connector)
DRV - (SophosBootDriver) -- C:\Windows\System32\drivers\SophosBootDriver.sys (Sophos Plc)
DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation)
DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation)
DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation)
DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation)
DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation)
DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation)
DRV - (VBoxNetAdp) -- C:\Windows\System32\drivers\VBoxNetAdp.sys (Oracle Corporation)
DRV - (PSI) -- C:\Windows\System32\drivers\psi_mf.sys (Secunia)
DRV - (NPF) -- C:\Windows\System32\drivers\npf.sys (CACE Technologies, Inc.)
DRV - (taphss) -- C:\Windows\System32\drivers\taphss.sys (AnchorFree Inc)
DRV - (InputFilter_Hid_FlexDef2b) -- C:\Windows\System32\drivers\InputFilter_FlexDef2b.sys (Siliten)
DRV - (PCDSRVC{3037D694-FD904ACA-06020000}_0) -- c:\Programme\PC-Doctor\pcdsrvc.pkms (PC-Doctor, Inc.)
DRV - (psadd) -- C:\Windows\System32\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV - (Serial) -- C:\Windows\System32\drivers\serial.sys (Brother Industries Ltd.)
DRV - (TPM) -- C:\Windows\System32\drivers\tpm.sys (Microsoft Corporation)
DRV - (netw5v32) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation)
DRV - (TVTI2C) -- C:\Windows\System32\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV - (DNE) -- C:\Windows\System32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (pccsmcfd) -- C:\Windows\System32\drivers\pccsmcfd.sys (Nokia)
DRV - (lenovo.smi) -- C:\Windows\System32\drivers\smiif32.sys (Lenovo Group Limited)
DRV - (CVirtA) -- C:\Windows\System32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.)
DRV - (ZSMC0305) -- C:\Windows\System32\drivers\usbVM305.sys (Vimicro Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com?o=15788&l=dis
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\..\SearchScopes\{171DEBEB-C3D4-40b7-AC73-056A5EBA4A7E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=&src=crm&q={searchTerms}&locale=
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products (Canada) Ltd.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.01.25 19:41:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.01.25 19:41:19 | 000,000,000 | ---D | M]
 
[2013.01.25 19:41:19 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.01.25 19:41:23 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2013.01.18 22:56:20 | 000,171,584 | ---- | M] (Tracker Software Products (Canada) Ltd.) -- C:\Program Files\mozilla firefox\plugins\npPDFXCviewNPPlugin.dll
[2013.01.05 16:11:17 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.01.05 16:11:17 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2013.01.05 16:11:17 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2013.01.05 16:11:17 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.01.05 16:11:17 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.01.05 16:11:17 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\PepperFlash\11.1.31.203\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll
CHR - plugin: Mixesoft Click&Clean Plug-In (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\7.9_0\plugin/npccch32.dll
CHR - plugin: Bitdefender QuickScan (Enabled) = C:\Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\7.9_0\plugin/npqscan.dll
CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: PDF-XChange Viewer (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.1 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: DivX Web Player (Enabled) = C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - Extension: Angry Birds = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Search Filter = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ddgjlkmkllmpdhegaliddgplookikmjf\2.0.0.2_0\
CHR - Extension: AT_Reas = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\dinoconpnefhjndafimindldhibbcdae\2_1\
CHR - Extension: VTchromizer = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\efbjojhplkelaegfbieplglfidafgoka\1.2_0\
CHR - Extension: Facebook Disconnect = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejpepffjfmamnambagiibghpglaidiec\1.3.0_0\
CHR - Extension: Click&Clean = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghgabhxxxejejjmhhchfonmamedcbeod\8.0.1_0\
CHR - Extension: AdBlock = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.56_0\
CHR - Extension: Keep My Opt-Outs = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\hhnjdplhmcnkiecampfdgfjilccfpfoe\1.0.14_0\
CHR - Extension: SEO for Chrome = \Users\xxx\AppData\Local\Google\Chrome\User Data\Default\Extensions\oangcciaeihlfmhppegpdceadpfaoclj\0.9.5_0\
 
O1 HOSTS File: ([2010.10.11 15:16:07 | 000,386,187 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 13319 more lines...
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found
O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Programme\Google\Gmail Notifier\gnotify.exe (Google Inc.)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de)
O4 - HKLM..\Run: [Sophos AutoUpdate Monitor] C:\Programme\Sophos\AutoUpdate\ALMon.exe (Sophos Limited)
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001..\Run: [PC Suite Tray] "C:\Program Files\Nokia\Nokia PC Suite 7\PCSuite.exe" -onlytray File not found
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001..\Run: [SpybotSD TeaTimer] C:\Programme\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1013..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: C:\Users\Admin\Anwendungsdaten [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\AppData [2012.07.04 12:34:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Admin\Cookies [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\defogger_reenable ()
O4 - Startup: C:\Users\Admin\Desktop [2013.01.25 21:45:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Documents [2013.01.25 18:07:47 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Downloads [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Druckumgebung [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Eigene Dateien [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Favorites [2012.12.23 12:57:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Links [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Lokale Einstellungen [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Music [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Netzwerkumgebung [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\NTUSER.DAT ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{018eebc6-0182-11e2-b0c2-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{17190f5b-f357-11e1-8bc0-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{3849d7e2-057a-11e2-86ef-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{448e2cc1-3423-11e2-bb86-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{48d4e901-0e41-11e2-981e-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{8d024ed9-4b7a-11e2-9c7e-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{e895d7e4-154c-11e2-9b1b-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TM.blf ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Admin\NTUSER.DAT{fcdd911a-e889-11e1-9b51-0015582fc1d2}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Admin\ntuser.ini ()
O4 - Startup: C:\Users\Admin\Pictures [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Recent [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Saved Games [2009.07.14 03:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Admin\SendTo [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Startmenü [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Admin\Videos [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Admin\Vorlagen [2012.07.04 12:34:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1 [2013.01.14 11:26:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ABBYY [2013.01.25 18:04:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Adobe [2012.12.23 12:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Apple [2011.10.11 23:07:45 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Apple Computer [2010.09.07 12:36:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Cisco [2010.10.18 17:47:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\DivX [2010.11.13 23:02:44 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\ezsidmv.dat ()
O4 - Startup: C:\Users\All Users\Favoriten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\FreePDF [2010.06.27 23:43:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Google [2011.11.30 18:59:29 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Hewlett-Packard [2010.04.12 22:10:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\HP [2012.01.19 12:48:10 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\hpzinstall.log ()
O4 - Startup: C:\Users\All Users\Installations [2012.05.21 14:47:34 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2010.04.20 16:11:48 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2011.08.12 10:53:26 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Microsoft Help [2013.01.11 16:32:16 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Mozilla [2012.05.23 15:41:39 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Nokia [2010.05.25 18:11:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Norton [2010.10.18 17:36:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ntuser.pol ()
O4 - Startup: C:\Users\All Users\OviInstallerCache [2010.05.25 17:29:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC Suite [2011.03.02 16:12:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PC-Doctor for Windows [2010.06.09 11:22:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\PCDr [2010.06.09 11:23:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\regid.1986-12.com.adobe [2012.10.26 21:31:02 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Skype [2012.09.20 07:21:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Sophos [2012.07.28 08:14:15 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2013.01.25 18:58:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2010.04.10 19:20:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Tracker Software [2010.06.24 23:59:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\TrueCrypt [2010.04.01 10:54:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\WEBREG [2010.06.23 15:39:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521} [2010.04.10 22:17:14 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 03:37:05 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2010.04.01 09:56:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 03:04:25 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 05:53:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 03:04:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2010.04.01 09:56:37 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\.gimp-2.6 [2013.01.25 18:24:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.jordan [2010.09.28 11:47:42 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.pdfsam [2010.04.10 21:19:56 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.recently-used.xbel ()
O4 - Startup: C:\Users\xxx\.thumbnails [2012.02.17 15:56:00 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\.VirtualBox [2012.07.06 19:16:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Anwendungsdaten [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\AppData [2010.11.08 23:45:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\xxx\Application Data [2010.04.29 11:49:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\B0BF705768694E4B920CEA2A58DA07F0.TMP [2011.05.27 10:00:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Calibre Bibliothek [2012.12.31 14:27:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Contacts [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Cookies [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\defogger_reenable ()
O4 - Startup: C:\Users\xxx\Desktop [2013.01.25 22:09:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Documents [2012.12.26 18:35:27 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Downloads [2013.01.25 21:49:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Dropbox [2013.01.25 16:43:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Druckumgebung [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\dwhelper [2011.05.03 08:31:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\eBooks [2012.12.23 12:19:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Eigene Dateien [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Favorites [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Links [2013.01.18 22:15:19 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Lokale Einstellungen [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Music [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Netzwerkumgebung [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\NTUSER.DAT ()
O4 - Startup: C:\Users\xxx\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\xxx\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\xxx\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\xxx\ntuser.ini ()
O4 - Startup: C:\Users\xxx\ntuser.pol ()
O4 - Startup: C:\Users\xxx\Pictures [2013.01.06 14:11:02 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Recent [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Saved Games [2012.09.18 18:51:53 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Searches [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\SendTo [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\Sicherung.ct ()
O4 - Startup: C:\Users\xxx\Startmenü [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\xxx\temp [2012.08.17 18:02:31 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\xxx\Videos [2012.07.17 19:19:40 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\xxx\Vorlagen [2010.04.01 09:56:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2013.01.25 18:47:31 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2010.04.01 09:56:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 05:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 03:04:25 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2010.04.01 09:56:39 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 05:41:57 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Pictures [2012.03.27 21:52:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009.07.14 09:56:56 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2011.11.06 14:17:18 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCAD = 1
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2
O7 - HKU\S-1-5-21-1540551232-1688979138-1493288123-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\ProgramData\Sophos\Web Intelligence\swi_ifslsp.dll (Sophos Limited)
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B183254B-A08C-46D1-81D5-CFD1C68FD3D7}: DhcpNameServer = 192.168.42.129
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F22437F5-A0DC-4EA7-BC94-2F925A130629}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Sophos\SOPHOS~1\SOPHOS~1.DLL) - C:\Programme\Sophos\Sophos Anti-Virus\sophos_detoured.dll (Sophos Limited)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.25 19:41:19 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.25 18:56:30 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2013.01.25 18:24:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
[2013.01.25 18:18:55 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2013.01.25 18:11:47 | 000,000,000 | ---D | C] -- C:\Program Files\Secunia
[2013.01.14 11:26:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2013.01.14 11:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2013.01.14 11:25:46 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2013.01.14 11:25:46 | 000,000,000 | ---D | C] -- C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2013.01.13 14:34:25 | 000,000,000 | ---D | C] -- C:\Windows\rescache
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.25 22:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.01.25 22:04:00 | 000,001,092 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.25 22:01:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1540551232-1688979138-1493288123-1001UA.job
[2013.01.25 21:49:03 | 000,000,000 | ---- | M] () -- C:\Users\Admin\defogger_reenable
[2013.01.25 18:47:31 | 000,001,033 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2013.01.25 18:46:54 | 000,001,175 | ---- | M] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.01.25 18:24:15 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.25 18:23:26 | 000,000,930 | ---- | M] () -- C:\Users\Public\Desktop\calibre - E-book management.lnk
[2013.01.25 18:21:41 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.25 18:11:50 | 000,001,068 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.25 16:51:10 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:51:10 | 000,014,752 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.25 16:42:44 | 000,001,088 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.25 16:41:36 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.25 16:41:25 | 2414,682,112 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.25 12:01:22 | 000,000,332 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.01.25 10:18:49 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1540551232-1688979138-1493288123-1001Core.job
[2013.01.14 11:26:37 | 000,001,753 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2013.01.11 21:01:34 | 000,439,840 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.01.11 16:37:37 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.11 16:37:37 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.11 16:37:37 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.11 16:37:37 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[3 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.25 21:49:03 | 000,000,000 | ---- | C] () -- C:\Users\Admin\defogger_reenable
[2013.01.25 18:46:54 | 000,001,175 | ---- | C] () -- C:\Users\Public\Desktop\PDF-Viewer.lnk
[2013.01.25 18:24:15 | 000,001,751 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
[2013.01.25 18:24:15 | 000,001,739 | ---- | C] () -- C:\Users\Public\Desktop\ImgBurn.lnk
[2013.01.25 18:21:41 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.01.25 18:19:09 | 000,001,791 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
[2013.01.25 18:11:50 | 000,001,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.01.25 18:11:50 | 000,001,031 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.01.14 11:26:37 | 000,001,753 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.06.09 12:43:05 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2011.06.09 12:43:05 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2011.03.11 10:04:53 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2010.12.09 01:31:51 | 000,000,058 | ---- | C] () -- \.tdbd
[2010.04.20 19:41:20 | 000,000,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2010.04.17 22:44:24 | 000,001,732 | ---- | C] () -- \tvtpktfilter.dat
[2010.04.01 11:05:18 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.04.01 10:42:47 | 000,008,192 | RHS- | C] () -- \BOOTSECT.BAK
[2010.04.01 10:42:45 | 000,383,786 | RHS- | C] () -- \bootmgr
[2010.04.01 09:43:57 | 2414,682,112 | -HS- | C] () -- \hiberfil.sys
[2009.07.14 03:04:04 | 000,000,024 | ---- | C] () -- \autoexec.bat
[2009.07.14 03:04:04 | 000,000,010 | ---- | C] () -- \config.sys
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Anwendungsdaten
[2012.07.04 12:34:47 | 000,000,000 | -H-D | M] -- C:\Users\Admin\AppData
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Cookies
[2013.01.25 21:45:59 | 000,000,000 | R--D | M] -- C:\Users\Admin\Desktop
[2013.01.25 18:07:47 | 000,000,000 | R--D | M] -- C:\Users\Admin\Documents
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Downloads
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Druckumgebung
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Eigene Dateien
[2012.12.23 12:57:32 | 000,000,000 | R--D | M] -- C:\Users\Admin\Favorites
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Links
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Lokale Einstellungen
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Music
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Netzwerkumgebung
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Pictures
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Recent
[2009.07.14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Admin\Saved Games
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\SendTo
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Startmenü
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Admin\Videos
[2012.07.04 12:34:47 | 000,000,000 | -HSD | M] -- C:\Users\Admin\Vorlagen
[2013.01.14 11:26:29 | 000,000,000 | ---D | M] -- C:\Users\All Users\188F1432-103A-4ffb-80F1-36B633C5C9E1
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2010.10.18 17:47:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\Cisco
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2010.06.27 23:43:12 | 000,000,000 | ---D | M] -- C:\Users\All Users\FreePDF
[2012.05.21 14:47:34 | 000,000,000 | ---D | M] -- C:\Users\All Users\Installations
[2010.05.25 18:11:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\Nokia
[2010.05.25 17:29:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\OviInstallerCache
[2011.03.02 16:12:23 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC Suite
[2010.06.09 11:22:32 | 000,000,000 | ---D | M] -- C:\Users\All Users\PC-Doctor for Windows
[2010.06.09 11:23:09 | 000,000,000 | ---D | M] -- C:\Users\All Users\PCDr
[2012.10.26 21:31:02 | 000,000,000 | ---D | M] -- C:\Users\All Users\regid.1986-12.com.adobe
[2012.07.28 08:14:15 | 000,000,000 | ---D | M] -- C:\Users\All Users\Sophos
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2010.06.24 23:59:00 | 000,000,000 | ---D | M] -- C:\Users\All Users\Tracker Software
[2010.04.01 10:54:03 | 000,000,000 | ---D | M] -- C:\Users\All Users\TrueCrypt
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2010.04.10 22:17:14 | 000,000,000 | ---D | M] -- C:\Users\All Users\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 03:37:05 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2010.04.01 09:56:37 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 03:04:25 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 03:04:25 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2010.04.01 09:56:37 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.01.25 18:24:23 | 000,000,000 | ---D | M] -- C:\Users\xxx\.gimp-2.6
[2010.09.28 11:47:42 | 000,000,000 | ---D | M] -- C:\Users\xxx\.jordan
[2010.04.10 21:19:56 | 000,000,000 | ---D | M] -- C:\Users\xxx\.pdfsam
[2012.02.17 15:56:00 | 000,000,000 | ---D | M] -- C:\Users\xxx\.thumbnails
[2012.07.06 19:16:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\.VirtualBox
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Anwendungsdaten
[2010.11.08 23:45:47 | 000,000,000 | -H-D | M] -- C:\Users\xxx\AppData
[2010.04.29 11:49:49 | 000,000,000 | ---D | M] -- C:\Users\xxx\Application Data
[2011.05.27 10:00:32 | 000,000,000 | ---D | M] -- C:\Users\xxx\B0BF705768694E4B920CEA2A58DA07F0.TMP
[2012.12.31 14:27:01 | 000,000,000 | ---D | M] -- C:\Users\xxx\Calibre Bibliothek
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Contacts
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Cookies
[2013.01.25 22:09:18 | 000,000,000 | R--D | M] -- C:\Users\xxx\Desktop
[2012.12.26 18:35:27 | 000,000,000 | R--D | M] -- C:\Users\xxx\Documents
[2013.01.25 21:49:03 | 000,000,000 | R--D | M] -- C:\Users\xxx\Downloads
[2013.01.25 16:43:54 | 000,000,000 | R--D | M] -- C:\Users\xxx\Dropbox
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Druckumgebung
[2011.05.03 08:31:05 | 000,000,000 | ---D | M] -- C:\Users\xxx\dwhelper
[2012.12.23 12:19:47 | 000,000,000 | ---D | M] -- C:\Users\xxx\eBooks
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Eigene Dateien
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Favorites
[2013.01.18 22:15:19 | 000,000,000 | R--D | M] -- C:\Users\xxx\Links
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Lokale Einstellungen
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Music
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Netzwerkumgebung
[2013.01.06 14:11:02 | 000,000,000 | R--D | M] -- C:\Users\xxx\Pictures
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Recent
[2012.09.18 18:51:53 | 000,000,000 | R--D | M] -- C:\Users\xxx\Saved Games
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Searches
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\SendTo
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Startmenü
[2012.08.17 18:02:31 | 000,000,000 | ---D | M] -- C:\Users\xxx\temp
[2012.07.17 19:19:40 | 000,000,000 | R--D | M] -- C:\Users\xxx\Videos
[2010.04.01 09:56:54 | 000,000,000 | -HSD | M] -- C:\Users\xxx\Vorlagen
[2013.01.25 18:47:31 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2010.04.01 09:56:37 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 03:04:25 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2010.04.01 09:56:39 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 05:41:57 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2012.03.27 21:52:46 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 09:56:56 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2011.11.06 14:17:18 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >

Alt 26.01.2013, 10:10   #2
ryder
/// TB-Ausbilder
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Das ist ein Installer in dem ein wenig Werbung ist. Da ist nichts zu tun.
__________________

__________________
Alt 26.01.2013, 10:20   #3
bloc
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Okay. Eine Frage noch:

Was mir im OTL-Log noch aufgefallen war, sind diese komischen Links unter:

O1 HOSTS File: ([2010.10.11 15:16:07 | 000,386,187 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com

und so weiter

O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info

wo kommen die her?
__________________
Alt 26.01.2013, 10:23   #4
ryder
/// TB-Ausbilder
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Das ist der veraltete Spybot-Schutz. Weg mit dem Programm ...
__________________
Digitale Freibeuter gegen Malware!
Keine Hilfe per PM!
Alt 26.01.2013, 10:24   #5
bloc
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Super! Danke ... Ihr seid echt die besten!!


Alt 26.01.2013, 10:28   #6
ryder
/// TB-Ausbilder
 
Fund: Variante von Win32/InstallCore.D Anwendung - Standard

Fund: Variante von Win32/InstallCore.D Anwendung


Yay!

Schön, dass wir helfen konnten

Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen

Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________
--> Fund: Variante von Win32/InstallCore.D Anwendung

Antwort

Themen zu Fund: Variante von Win32/InstallCore.D Anwendung
.dll, adblock, adobe flash player, application/pdf:, bho, bonjour, browser, defender, einstellungen, explorer, firefox, flash player, format, ftp, google, helper, homepage, icreinstall, lenovo, logfile, löschen, monitor, object, plug-in, programme, registry, secunia psi, senden, stick, taskhost.exe, temp, tracker, win32/installcore.d, windows


« Laptop mit Windows xp gesperrt durch Bundespolizei, Entsperrung nur durch Geld | neuer gvu virus mit otl.text »


Ähnliche Themen: Fund: Variante von Win32/InstallCore.D Anwendung


  1. Variante von Win32/Adware.Agent.NOH Anwendung gefunden
    Plagegeister aller Art und deren Bekämpfung - 15.11.2015 (7)
  2. Windows Vista Home Premium Service Pack 2 Win32/Bundled.Toolbar.Google.D und Variante von Win32/OpenCandy.C mit eset online scanner gefunden
    Log-Analyse und Auswertung - 16.10.2015 (9)
  3. Windows 7; ESET Online-Scanner Fund "Variante von Win32/DownloadSponsor.C evtl. unerwünschte Anwendung"
    Log-Analyse und Auswertung - 27.04.2015 (13)
  4. Win32/InstallCore.XA hat mich erwischt
    Plagegeister aller Art und deren Bekämpfung - 23.04.2015 (9)
  5. Fund ADWARE/InstallCore.Gen7
    Log-Analyse und Auswertung - 02.02.2015 (9)
  6. Avira Fund - ADWARE/InstallCore.Gen7
    Plagegeister aller Art und deren Bekämpfung - 16.11.2014 (5)
  7. ADWARE/InstallCore.Gen7 --> fund nach systemscan mit avira antivir!
    Log-Analyse und Auswertung - 24.10.2014 (9)
  8. Variante von Win32/Bundled.Toolbar.Ask.F
    Log-Analyse und Auswertung - 08.07.2014 (13)
  9. Windows 8: Malware Fund - ADWARE/InstallCore.Gen + WLAN Probleme
    Plagegeister aller Art und deren Bekämpfung - 21.12.2013 (7)
  10. Variante von Win32/Bundled.Toolbar.Ask Anwendung - von Eset erkannte "Bedrohungen"
    Plagegeister aller Art und deren Bekämpfung - 02.11.2013 (3)
  11. Avira-Maleware-Fund "Adware/InstallCore.Gen7" - wie System verlässlich säubern?
    Plagegeister aller Art und deren Bekämpfung - 09.09.2013 (13)
  12. ESETLog:Win32/OpenCandy Anwendung; Win32/Toolbar.Zugo Anwendung; Var. von: Win32/Bundled.Toolbar.Ask Anwendung; Win32/Injector.AIBG Trojaner
    Log-Analyse und Auswertung - 17.06.2013 (7)
  13. ESET NOD32 Bedrohung Win32/InstallCore.Aevtl.unerwünschte Anwendung
    Plagegeister aller Art und deren Bekämpfung - 19.04.2013 (15)
  14. AVIRA-Fund: ADWARE/YONTOO.GEN2 und ESET-Fund: Win32/StartPage.OPH trojan
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (12)
  15. Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.10.2011 (25)
  16. Problem mit ESET Online scanner bei Fund einer Variante von Win32 SpyZBot ZR Trojaner
    Antiviren-, Firewall- und andere Schutzprogramme - 23.10.2011 (1)
  17. Variante von Win32/Kryptik.GYI Trojaner
    Plagegeister aller Art und deren Bekämpfung - 27.09.2010 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Fund: Variante von Win32/InstallCore.D Anwendung - Hallo, nachdem ich auf meinem PC (siehe hier: http://www.trojaner-board.de/130058-...iframe-bt.html ) einen Trojaner gefunden habe, hab ich auch mal meinen Laptop unter die Lupe genommen und bin leider auch fündig geworden - Fund: Variante von Win32/InstallCore.D Anwendung...
Archiv
Du betrachtest: Fund: Variante von Win32/InstallCore.D Anwendung auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130