Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Spionageattacke auf Rechner ?

Spionageattacke auf Rechner ?


Plagegeister aller Art und deren Bekämpfung: Spionageattacke auf Rechner ?

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 07.02.2013, 20:06   #1
ElvedinZ
 
Spionageattacke auf Rechner ? - Icon27

Spionageattacke auf Rechner ?


Ich denke dieses Mal bin ich wohl am wenigsten Schuld allerdings ist mir aufgefallen dass in letzter Zeit der Rechner meines Cousin ziemlich oft hängt bzw. sehr langsam reagiert.

Wir haben uns heute beide mal gedacht dem Problem nach zu gehen...

Ich benutze seinen PC ziemlich oft in den letzten 2-3 Wochen weil ich in Salzburg bei ihm übernachte...

Ich habe meine eigenen Benutzerkonto und er seinen... jetzt fanden wir plötzlich folgende Datei bei mir UND ihm...?
war eine TXT datei.... Bitte um Rat ? Wir fanden sie zufällig im Downloadverzeichnis.... außerdem hat ab und an nachdem wir sie öffneten mein Antivirus und Antimaleware Alarm geschlagen..... :???

Code:
ATTFilter
 [Build info]
Application: XXX
BuildTime:   2009-04-29-1826
BuildUser:   codebuilder
BuildHost:   -BUILD108
BuildConfig: Release
BuldVersion: 0.0.0.11195
Commandline: C:\Users\Elvedin\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX4467XXXXX7z8hfsd


[System info]
Computer name: ELVEDIN-PC
Computer DNS name: Elvedin-PC
User name: Elvedin
EA_PLATFORM: Windows on X86
OS name: Windows Vista
OS version number: 6.1.7601
OS service pack: Service Pack 1
Debugger present: no
CPU count: 2
Processor type: x86
Processor level: 20
Processor revision: 512
Memory load: 53%
Total physical memory: 3818 Mb
Available physical memory: 1791 Mb
Total page file memory: 7635 Mb
Available page file memory: 4693 Mb
Total virtual memory: 2047 Mb
Free virtual memory: 1946 Mb

[Application info]
Language: C++
Compiler: Microsoft Visual C++ compiler, version 1400
App version: 0.0.0.11195

[Exception info]
date: 2013-02-07
time: 14.19.57
type: ACCESS_VIOLATION reading address 0x00000003
address: 0x00a1eb13 "C:\Users\Elvedin\Downloads\XXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXXX4467XXXXX7z8hfsd
:0x0001:0x0061db13

[Call stack]
Callstack not available

[Stack data]
0018ec30 | 13 eb a1 00<10>23 16 03 bc fe 18 00 f0 22 16 03 | .....#.......".. |
0018ec40 | 00 00 00 00 50 0e 17 03 de 0e 17 03 e0 0e 17 03 | ....P........... |
0018ec50 | 88 43 d8 00 44 73 65 00 90 06 17 03 a8 06 17 03 | .C..Dse......... |
0018ec60 | c0 06 17 03 88 43 d8 00 00 f2 18 00 00 00 00 00 | .....C.......... |
0018ec70 | 02 00 00 00 30 0e 17 03 60 0c 17 03 d8 0c 17 03 | ....0...`....... |
0018ec80 | 20 0d 17 03 08 49 d8 00 da 9a 4e 00 00 00 00 00 |  ....I....N..... |
0018ec90 | 00 00 00 00 90 f4 16 03 00 00 00 00 a4 fa 16 03 | ................ |
0018eca0 | c8 64 d1 00 00 00 00 00 74 2b ec 00 74 2b ec 00 | .d......t+..t+.. |
0018ecb0 | 76 2b ec 00 88 43 d8 00 00 00 00 00 00 00 00 00 | v+...C.......... |
0018ecc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ecd0 | e4 ec 18 00 e4 ec 18 00 64 ed 18 00 f0 bd ce 00 | ........d....... |
0018ece0 | e4 ec 18 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ecf0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed40 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed50 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed60 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed70 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed80 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ed90 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018eda0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018edb0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018edc0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018edd0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ede0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018edf0 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ee00 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ee10 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ee20 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
0018ee30 | 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |

[Instruction data]
00a1ea93 => DasmX86Dll.dll not found. 

[Registers]
eip: 00a1eb13
eax: 00000003
ebx: 00ec2b76
ecx: 00e4991c
edx: ffffffff
esi: 00ec2b74
edi: 00d84388
ebp: 00000000
efl: 00010216
esp: 0018ec34

[Modules]
base 0x77330000 size 0x00180000 entry 0x00000000 "ntdll.dll"                                      "C:\Windows\SysWOW64\ntdll.dll"
base 0x759a0000 size 0x00110000 entry 0x759b32b3 "kernel32.dll"                                   "C:\Windows\syswow64\kernel32.dll"
base 0x75f30000 size 0x00047000 entry 0x75f374b1 "KERNELBASE.dll"                                 "C:\Windows\syswow64\KERNELBASE.dll"
base 0x6ee80000 size 0x001c3000 entry 0x6ee81a45 "d3d9.dll"                                       "C:\Windows\system32\d3d9.dll"
base 0x758f0000 size 0x000ac000 entry 0x758fa472 "msvcrt.dll"                                     "C:\Windows\syswow64\msvcrt.dll"
base 0x76090000 size 0x00019000 entry 0x76094975 "sechost.dll"                                    "C:\Windows\SysWOW64\sechost.dll"
base 0x74b00000 size 0x000f0000 entry 0x74b10569 "RPCRT4.dll"                                     "C:\Windows\syswow64\RPCRT4.dll"
base 0x74a10000 size 0x00060000 entry 0x74a2a3b3 "SspiCli.dll"                                    "C:\Windows\syswow64\SspiCli.dll"
base 0x74a00000 size 0x0000c000 entry 0x74a010e1 "CRYPTBASE.dll"                                  "C:\Windows\syswow64\CRYPTBASE.dll"
base 0x75bd0000 size 0x00100000 entry 0x75beb6ed "USER32.dll"                                     "C:\Windows\syswow64\USER32.dll"
base 0x76650000 size 0x00090000 entry 0x76666343 "GDI32.dll"                                      "C:\Windows\syswow64\GDI32.dll"
base 0x758e0000 size 0x0000a000 entry 0x758e36a0 "LPK.dll"                                        "C:\Windows\syswow64\LPK.dll"
base 0x766e0000 size 0x0009d000 entry 0x76713fd7 "USP10.dll"                                      "C:\Windows\syswow64\USP10.dll"
base 0x765b0000 size 0x000a0000 entry 0x765c49e5 "ADVAPI32.dll"                                   "C:\Windows\syswow64\ADVAPI32.dll"
base 0x72ff0000 size 0x00009000 entry 0x72ff1220 "VERSION.dll"                                    "C:\Windows\system32\VERSION.dll"
base 0x6ee70000 size 0x00006000 entry 0x6ee711f0 "d3d8thk.dll"                                    "C:\Windows\system32\d3d8thk.dll"
base 0x73120000 size 0x00013000 entry 0x73121d3f "dwmapi.dll"                                     "C:\Windows\system32\dwmapi.dll"
base 0x01490000 size 0x00267000 entry 0x016aaf6c "d3dx9_31.dll"                                   "C:\Windows\system32\d3dx9_31.dll"
base 0x6f060000 size 0x000e7000 entry 0x6f061771 "DDRAW.dll"                                      "C:\Windows\system32\DDRAW.dll"
base 0x6f050000 size 0x00006000 entry 0x6f051250 "DCIMAN32.dll"                                   "C:\Windows\system32\DCIMAN32.dll"
base 0x75d30000 size 0x0019d000 entry 0x75d317e7 "SETUPAPI.dll"                                   "C:\Windows\syswow64\SETUPAPI.dll"
base 0x760c0000 size 0x00027000 entry 0x760c58b9 "CFGMGR32.dll"                                   "C:\Windows\syswow64\CFGMGR32.dll"
base 0x74a70000 size 0x0008f000 entry 0x74a73fb1 "OLEAUT32.dll"                                   "C:\Windows\syswow64\OLEAUT32.dll"
base 0x76450000 size 0x0015c000 entry 0x7649ba3d "ole32.dll"                                      "C:\Windows\syswow64\ole32.dll"
base 0x75f10000 size 0x00012000 entry 0x75f11441 "DEVOBJ.dll"                                     "C:\Windows\syswow64\DEVOBJ.dll"
base 0x74c00000 size 0x00c4a000 entry 0x74c81621 "SHELL32.dll"                                    "C:\Windows\syswow64\SHELL32.dll"
base 0x763f0000 size 0x00057000 entry 0x76409ba6 "SHLWAPI.dll"                                    "C:\Windows\syswow64\SHLWAPI.dll"
base 0x72640000 size 0x0009b000 entry 0x7264232b "MSVCR80.dll"                                    "C:\Windows\WinSxS\x86_microsoft.vc80.crt_1fc8b3b9a1e18e3b_8.0.50727.6195_none_d09154e044272b9a\MSVCR80.dll"
base 0x76780000 size 0x00060000 entry 0x7679158f "IMM32.dll"                                      "C:\Windows\syswow64\IMM32.dll"
base 0x769a0000 size 0x000cc000 entry 0x769a168b "MSCTF.dll"                                      "C:\Windows\syswow64\MSCTF.dll"
base 0x70bf0000 size 0x000eb000 entry 0x70bf13ce "dbghelp.dll"                                    "C:\Windows\system32\dbghelp.dll"
base 0x77300000 size 0x00005000 entry 0x77301438 "PSAPI.DLL"                                      "C:\Windows\syswow64\PSAPI.DLL"
base 0x73240000 size 0x00011000 entry 0x73241300 "NETAPI32.dll"                                   "C:\Windows\system32\NETAPI32.dll"
base 0x73230000 size 0x00009000 entry 0x732315a6 "netutils.dll"                                   "C:\Windows\system32\netutils.dll"
base 0x73210000 size 0x00019000 entry 0x73211319 "srvcli.dll"                                     "C:\Windows\system32\srvcli.dll"
base 0x73200000 size 0x0000f000 entry 0x732012a1 "wkscli.dll"                                     "C:\Windows\system32\wkscli.dll"
base 0x75ed0000 size 0x00035000 entry 0x75ed145d "WS2_32.dll"                                     "C:\Windows\syswow64\WS2_32.dll"
base 0x74bf0000 size 0x00006000 entry 0x74bf1782 "NSI.dll"                                        "C:\Windows\syswow64\NSI.dll"
base 0x695d0000 size 0x00072000 entry 0x695d1576 "DSOUND.dll"                                     "C:\Windows\system32\DSOUND.dll"
base 0x732e0000 size 0x00032000 entry 0x732e37f1 "WINMM.dll"                                      "C:\Windows\system32\WINMM.dll"
base 0x6f180000 size 0x00025000 entry 0x6f182b71 "POWRPROF.dll"                                   "C:\Windows\system32\POWRPROF.dll"
base 0x00250000 size 0x00016000 entry 0x0025801f "xinput1_3.dll"                                  "C:\Windows\system32\xinput1_3.dll"
base 0x714a0000 size 0x00022000 entry 0x714ab13c "glu32.dll"                                      "C:\Windows\system32\glu32.dll"
base 0x65590000 size 0x000c8000 entry 0x6562b0e4 "OPENGL32.dll"                                   "C:\Windows\system32\OPENGL32.dll"

[Register memory]
ebx 00ec2b70 |                  <00>00 00 00 00 00 00 00 00 00 |       .......... |
    00ec2b80 | 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
    00ec2b90 | 00 00 00 00 00 00                               | ......           |
ecx 00e49910 |                                    <ff>ff ff ff |             .... |
    00e49920 | 1c 00 00 00 fe ff ff ff 18 32 d0 00 a8 33 d0 00 | .........2...3.. |
    00e49930 | 90 33 d0 00 80 33 d0 00 68 33 d0 00             | .3...3..h3..     |
Memory pointer appears to point to invalid memory.
esi 00ec2b70 |            <00>00 00 00 00 00 00 00 00 00 00 00 |     ............ |
    00ec2b80 | 04 01 00 00 00 00 00 00 00 00 00 00 00 00 00 00 | ................ |
    00ec2b90 | 00 00 00 00                                     | ....             |
edi 00d84380 |                        <57>6f 72 6c 64 2f 57 6f |         World/Wo |
    00d84390 | 72 6c 64 55 74 69 6c 73 00 00 00 00 24 00 45 00 | rldUtils....$.E. |
    00d843a0 | 58 00 45 00 00 00 00 00                         | X.E.....         |

[Extra]
Geändert von ElvedinZ (07.02.2013 um 20:15 Uhr)

Alt 08.02.2013, 03:32   #2
t'john
/// Helfer-Team
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?





1. Schritt

Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.
Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss!

Malwarebytes Anti-Malware
- Anwendbar auf Windows 2000, XP, Vista und 7.
- Installiere das Programm in den vorgegebenen Pfad.
- Aktualisiere die Datenbank!
- Aktiviere "Komplett Scan durchführen" => Scan.
- Wähle alle verfügbaren Laufwerke (ausser CD/DVD) aus und starte den Scan.
- Funde bitte löschen lassen oder in Quarantäne.
- Wenn der Scan beendet ist, klicke auf "Zeige Resultate".

danach:


Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.
__________________

__________________
Alt 08.02.2013, 12:31   #3
ElvedinZ
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?


Code:
ATTFilter
 Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.02.07.08

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Elvedin  :: Elvedin-PC [limitiert]

07.02.2013 19:49:02
mbam-log-2013-02-07 (19-49-02).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 375015
Laufzeit: 1 Stunde(n), 44 Minute(n), 10 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 08.02.2013 12:31:47 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Elvedin\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,73 Gb Total Physical Memory | 2,07 Gb Available Physical Memory | 55,44% Memory free
7,46 Gb Paging File | 5,32 Gb Available in Paging File | 71,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 450,66 Gb Total Space | 385,44 Gb Free Space | 85,53% Space Free | Partition Type: NTFS
Drive D: | 3,95 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
 
Computer Name: ELVEDIN-PC | User Name: Elvedin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Elvedin\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - c:\PROGRA~2\mcafee\SITEAD~1\saui.exe (McAfee, Inc.)
PRC - C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
PRC - C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
PRC - C:\Program Files (x86)\Launch Manager\LMutilps32.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LMworker.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
PRC - C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
PRC - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\NTI\Acer Backup Manager\sqlite3.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\virtualization handler\OfficeVirt.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD)
SRV:64bit: - (CxAudMsg) -- C:\Windows\SysNative\CxAudMsg64.exe (Conexant Systems Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (NisSrv) -- c:\Programme\Microsoft Security Client\NisSrv.exe (Microsoft Corporation)
SRV - (MsMpSvc) -- c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (McAfee SiteAdvisor Service) -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe (McAfee, Inc.)
SRV - (Live Updater Service) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe (Acer Incorporated)
SRV - (0039301360188895mcinstcleanup) -- C:\Windows\Temp\0039301360188895mcinst.exe (McAfee, Inc.)
SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation)
SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation)
SRV - (ePowerSvc) -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe (Acer Incorporated)
SRV - (DsiWMIService) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe (Dritek System Inc.)
SRV - (EgisTec Ticket Service) -- C:\Program Files (x86)\Common Files\EgisTec\Services\EgisTicketService.exe (Egis Technology Inc. )
SRV - (GREGService) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe (Acer Incorporated)
SRV - (NTI IScheduleSvc) -- C:\Program Files (x86)\NTI\Acer Backup Manager\IScheduleSvc.exe (NTI Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (NOBU) -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe (Symantec Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found
DRV:64bit: - (mwlPSDVDisk) -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDFilter) -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys (Egis Technology Inc.)
DRV:64bit: - (mwlPSDNServ) -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys (Egis Technology Inc.)
DRV:64bit: - (LMIRfsClientNP) -- C:\Windows\SysNative\LMIRfsClientNP.dll (LogMeIn, Inc.)
DRV:64bit: - (LMIRfsDriver) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys (LogMeIn, Inc.)
DRV:64bit: - (lmimirr) -- C:\Windows\SysNative\drivers\lmimirr.sys (LogMeIn, Inc.)
DRV:64bit: - (NisDrv) -- C:\Windows\SysNative\drivers\NisDrvWFP.sys (Microsoft Corporation)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation)
DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation)
DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation)
DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation)
DRV:64bit: - (NTIDrvr) -- C:\Windows\SysNative\drivers\NTIDrvr.sys (NTI Corporation)
DRV:64bit: - (UBHelper) -- C:\Windows\SysNative\drivers\UBHelper.sys (NTI Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.)
DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (ETD) -- C:\Windows\SysNative\drivers\ETD.sys (ELAN Microelectronics Corp.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG)
DRV:64bit: - (usbfilter) -- C:\Windows\SysNative\drivers\usbfilter.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (hamachi) -- C:\Windows\SysNative\drivers\hamachi.sys (LogMeIn, Inc.)
DRV - (UnlockerDriver5) -- C:\Programme\Unlocker\UnlockerDriver5.sys ()
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://acer.msn.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=AARTDF&pc=MAAR&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer.msn.com
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\..\SearchScopes,DefaultScope = {414CB050-5E11-47D6-99E0-DCFCB8D7D92E}
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\..\SearchScopes\{414CB050-5E11-47D6-99E0-DCFCB8D7D92E}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={sear
IE - HKU\S-1-5-21-257985789-1664029291-901367648-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1168638.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll ()
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2013.02.06 23:14:49 | 000,000,000 | ---D | M]
 
[2013.01.14 12:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elvedin\AppData\Roaming\mozilla\Extensions
[2013.01.14 12:30:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elvedin\AppData\Roaming\mozilla\Extensions\home2@tomtom.com
 
========== Chrome  ==========
 
CHR - homepage: 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\24.0.1312.57\pdf.dll
CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.31.131.2_0\McChPlg.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll
CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~2\mcafee\msc\npmcsn~1.dll
CHR - Extension: Bejeweled = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\adpkifcfcacgmnggcbpbjbkdijciiigm\2_0\
CHR - Extension: YOUZEEK Free Music = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\bjcgpdkighmjfjlplcighhgamlhkimce\2.0.1_0\
CHR - Extension: YouTube = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Adblock Plus = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.3.4_0\
CHR - Extension: Google-Suche = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: SiteAdvisor = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\
CHR - Extension: AdBlock = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom\2.5.58_0\
CHR - Extension: Looper for YouTube = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\iggpfpnahkgpnindfkdncknoldgnccdg\4.1_0\
CHR - Extension: Erweiterung \RSS-Abonnement\ (von Google) = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\nlbjncdgjeocebhnmkbbbdekmmmcbfjd\2.2.0_0\
CHR - Extension: Google Mail = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Cargo Bridge 2 = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmphjijgcdpmmnfjbemolkdiidinogml\1.0.0_0\
CHR - Extension: RSS Feed Reader = C:\Users\Elvedin\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnjaodmkngahhkoihejjehlcdlnohgmp\4.1.6_0\
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {10EDB994-47F8-43F7-AE96-F2EA63E9F90F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [ETDCtrl] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.)
O4:64bit: - HKLM..\Run: [LogMeIn GUI] "C:\Program Files (x86)\LogMeIn\x64\LogMeInSystray.exe" File not found
O4:64bit: - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [Power Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated)
O4 - HKLM..\Run: [ArcadeMovieService] C:\Program Files (x86)\Acer\clear.fi\Movie\clear.fiMovieService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NTI\Acer Backup Manager\BackupManagerTray.exe (NTI Corporation)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-257985789-1664029291-901367648-1000..\Run: [Sysinternals Desktops] C:\Users\Elvedin\AppData\Local\Temp\Rar$EXa0.850\Desktops.exe (Sysinternals - www.sysinternals.com)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{DE516E87-FB74-442B-B3A0-B0E61E70E8F9}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2013.02.07 14:29:36 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006.09.06 09:18:27 | 000,000,000 | R--D | M] - D:\AutoRun -- [ UDF ]
O32 - AutoRun File - [2006.09.06 08:52:46 | 000,741,376 | R--- | M] (Electronic Arts Inc.) - D:\AutoRun.exe -- [ UDF ]
O32 - AutoRun File - [2006.09.06 09:07:35 | 000,000,136 | R--- | M] () - D:\autorun.inf -- [ UDF ]
O32 - AutoRun File - [2006.08.24 01:58:17 | 000,593,920 | R--- | M] (Electronic Arts Inc.) - D:\AutoRunGUI.dll -- [ UDF ]
O33 - MountPoints2\{1844727f-5e8b-11e2-97bf-dc0ea19e918b}\Shell - "" = AutoRun
O33 - MountPoints2\{1844727f-5e8b-11e2-97bf-dc0ea19e918b}\Shell\AutoRun\command - "" = H:\Autorun.exe
O33 - MountPoints2\{379cdbd0-564e-11e2-9dcf-dc0ea19e918b}\Shell - "" = AutoRun
O33 - MountPoints2\{379cdbd0-564e-11e2-9dcf-dc0ea19e918b}\Shell\AutoRun\command - "" = G:\Autorun.exe
O33 - MountPoints2\{7babaa7b-55df-11e2-bc27-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{7babaa7b-55df-11e2-bc27-806e6f6e6963}\Shell\AutoRun\command - "" = D:\AutoRun.exe -- [2006.09.06 08:52:46 | 000,741,376 | R--- | M] (Electronic Arts Inc.)
O33 - MountPoints2\{cc252d09-568a-11e2-8767-dc0ea19e918b}\Shell - "" = AutoRun
O33 - MountPoints2\{cc252d09-568a-11e2-8767-dc0ea19e918b}\Shell\AutoRun\command - "" = H:\start.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\start.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.07 20:03:59 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.02.07 19:58:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger
[2013.02.07 19:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.07 19:45:19 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.07 19:45:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.07 19:33:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.02.07 14:28:34 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.02.07 14:27:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard
[2013.02.07 14:19:57 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Documents\Electronic Arts
[2013.02.07 14:08:47 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.07 14:08:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.07 14:08:26 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.07 14:08:26 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.07 14:08:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.02.06 23:14:43 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2013.02.06 22:56:20 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\{36A8BABB-B309-4565-A342-414BDD10BF7A}
[2013.02.06 22:56:19 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\{B1E85E4D-30A4-42DE-96BA-0CBD521C3151}
[2013.02.06 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\Windows Live Writer
[2013.02.06 22:56:04 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Windows Live Writer
[2013.02.05 01:24:30 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\.terasology
[2013.02.03 22:58:33 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Microsoft Help
[2013.02.03 22:58:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft Help
[2013.02.02 18:37:45 | 000,310,688 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.02 18:37:32 | 000,188,832 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.02 18:37:32 | 000,188,320 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.02 18:37:32 | 000,108,448 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.01 21:53:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EA SPORTS
[2013.01.31 14:50:25 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll
[2013.01.31 14:49:49 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\xlive
[2013.01.31 14:49:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Games for Windows Marketplace
[2013.01.31 14:49:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Games for Windows - LIVE
[2013.01.30 11:24:41 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer Crystal Eye Webcam
[2013.01.30 11:04:56 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\CyberLink
[2013.01.27 00:57:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
[2013.01.26 23:58:50 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Desktop\Vergangenheit
[2013.01.25 10:18:38 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Facebook
[2013.01.22 22:16:55 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.01.21 16:31:36 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\ts3overlay_hook_win64
[2013.01.21 16:31:29 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\ts3overlay
[2013.01.21 16:29:58 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\TS3Client
[2013.01.21 01:25:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.01.21 01:25:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.01.21 01:25:14 | 000,861,088 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.01.21 01:25:14 | 000,782,240 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.01.21 01:18:42 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\TagCraftMC_1.4.6_Minecraft
[2013.01.21 01:18:07 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\.minecraft
[2013.01.21 00:25:56 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2013.01.20 18:51:02 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\LogMeIn
[2013.01.20 18:50:59 | 000,035,832 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIport.dll
[2013.01.20 18:50:58 | 000,088,600 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIRfsClientNP.dll
[2013.01.20 18:50:58 | 000,072,216 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\drivers\LMIRfsDriver.sys
[2013.01.20 18:50:55 | 000,084,472 | ---- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\LMIinit.dll
[2013.01.20 18:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\LogMeIn
[2013.01.20 18:50:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LogMeIn
[2013.01.20 18:13:23 | 000,031,232 | ---- | C] (Tunngle.net) -- C:\Windows\SysNative\drivers\tap0901t.sys
[2013.01.20 18:13:23 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\Tunngle
[2013.01.20 18:08:45 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Desktop\Eigene Sachen
[2013.01.20 17:59:06 | 000,033,856 | -H-- | C] (LogMeIn, Inc.) -- C:\Windows\SysNative\hamachi.sys
[2013.01.19 23:34:12 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Documents\My Videos
[2013.01.18 12:27:41 | 000,000,000 | R--D | C] -- C:\Users\Elvedin\Documents\Scanned Documents
[2013.01.18 12:27:41 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Documents\Fax
[2013.01.15 15:30:46 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Diagnostics
[2013.01.14 12:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\TomTom
[2013.01.14 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\TomTom
[2013.01.14 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\TomTom
[2013.01.14 12:30:13 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\Mozilla
[2013.01.14 12:27:07 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Downloaded Installations
[2013.01.12 18:11:45 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2013.01.11 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\Documents\Bus Simulator 2012
[2013.01.11 13:36:54 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Local\Bus Simulator 2012
[2013.01.11 13:24:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\astragon
[2013.01.11 13:05:45 | 000,000,000 | ---D | C] -- C:\Users\Elvedin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Unlocker
[2013.01.11 13:05:45 | 000,000,000 | ---D | C] -- C:\Program Files\Unlocker
[2013.01.11 13:05:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp
[2013.01.11 13:05:18 | 001,706,640 | ---- | C] (Realtek Semiconductor Corp.) -- C:\Windows\RtlExUpd.dll
[2013.01.10 21:54:28 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.01.09 15:23:03 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll
[2013.01.09 15:23:03 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll
[2013.01.09 15:22:43 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2013.01.09 15:22:42 | 000,800,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usp10.dll
[2013.01.09 15:22:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\fpb.rs
[2013.01.09 15:22:35 | 000,046,592 | ---- | C] (Microsoft) -- C:\Windows\SysNative\fpb.rs
[2013.01.09 15:22:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc-nz.rs
[2013.01.09 15:22:35 | 000,045,568 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc-nz.rs
[2013.01.09 15:22:35 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegibbfc.rs
[2013.01.09 15:22:35 | 000,044,544 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegibbfc.rs
[2013.01.09 15:22:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\csrr.rs
[2013.01.09 15:22:35 | 000,043,520 | ---- | C] (Microsoft) -- C:\Windows\SysNative\csrr.rs
[2013.01.09 15:22:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cob-au.rs
[2013.01.09 15:22:35 | 000,040,960 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cob-au.rs
[2013.01.09 15:22:35 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\usk.rs
[2013.01.09 15:22:35 | 000,030,720 | ---- | C] (Microsoft) -- C:\Windows\SysNative\usk.rs
[2013.01.09 15:22:34 | 002,746,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\gameux.dll
[2013.01.09 15:22:34 | 002,576,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\gameux.dll
[2013.01.09 15:22:34 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Wpc.dll
[2013.01.09 15:22:34 | 000,308,736 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Wpc.dll
[2013.01.09 15:22:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\grb.rs
[2013.01.09 15:22:34 | 000,021,504 | ---- | C] (Microsoft) -- C:\Windows\SysNative\grb.rs
[2013.01.09 15:22:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-pt.rs
[2013.01.09 15:22:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-pt.rs
[2013.01.09 15:22:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi.rs
[2013.01.09 15:22:34 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi.rs
[2013.01.09 15:22:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\djctq.rs
[2013.01.09 15:22:34 | 000,015,360 | ---- | C] (Microsoft) -- C:\Windows\SysNative\djctq.rs
[2013.01.09 15:22:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\esrb.rs
[2013.01.09 15:22:33 | 000,051,712 | ---- | C] (Microsoft) -- C:\Windows\SysNative\esrb.rs
[2013.01.09 15:22:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\oflc.rs
[2013.01.09 15:22:33 | 000,023,552 | ---- | C] (Microsoft) -- C:\Windows\SysNative\oflc.rs
[2013.01.09 15:22:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\pegi-fi.rs
[2013.01.09 15:22:33 | 000,020,480 | ---- | C] (Microsoft) -- C:\Windows\SysNative\pegi-fi.rs
[2013.01.09 15:22:32 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysWow64\cero.rs
[2013.01.09 15:22:32 | 000,055,296 | ---- | C] (Microsoft) -- C:\Windows\SysNative\cero.rs
[2013.01.09 15:21:55 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll
[2013.01.09 15:21:55 | 000,424,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll
[2013.01.09 15:21:54 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe
[2013.01.09 15:21:54 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll
[2013.01.09 15:21:53 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe
[2013.01.09 15:21:53 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll
[2013.01.09 15:21:53 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe
[2013.01.09 15:21:53 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 15:21:53 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll
[2013.01.09 15:21:53 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 15:21:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 15:21:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 15:21:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 15:21:53 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 15:21:53 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 15:21:53 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 15:21:52 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll
[2013.01.09 15:21:52 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll
[2013.01.09 15:21:52 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 15:21:52 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 15:21:52 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 15:21:52 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 15:21:52 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe
[2013.01.09 15:21:51 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll
[2013.01.09 15:21:51 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll
[2013.01.09 15:21:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll
[2013.01.09 15:21:51 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll
[2013.01.09 15:21:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll
[2013.01.09 15:21:51 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 15:21:51 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll
[2013.01.09 15:21:50 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll
[2013.01.09 15:21:50 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 15:21:50 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll
[2013.01.09 15:21:49 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll
[2013.01.09 15:21:49 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll
[2013.01.09 15:21:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 15:21:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll
[2013.01.09 15:21:49 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll
[2013.01.09 15:21:31 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.08 12:29:32 | 001,500,018 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.08 12:29:32 | 000,654,610 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.08 12:29:32 | 000,616,452 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.08 12:29:32 | 000,130,192 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.08 12:29:32 | 000,106,574 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.08 12:25:53 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.08 12:07:56 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.08 12:07:55 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.07 20:03:59 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\Windows\stinger.sys
[2013.02.07 14:29:36 | 000,000,000 | ---- | M] () -- C:\autoexec.bat
[2013.02.07 14:08:13 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
[2013.02.07 14:08:08 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe
[2013.02.07 14:08:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe
[2013.02.07 14:08:07 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe
[2013.02.07 14:08:06 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll
[2013.02.07 14:08:05 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll
[2013.02.02 18:37:22 | 000,108,448 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\WindowsAccessBridge-64.dll
[2013.02.02 18:37:18 | 000,310,688 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaws.exe
[2013.02.02 18:37:18 | 000,188,832 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe
[2013.02.02 18:37:17 | 000,188,320 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe
[2013.02.02 18:37:15 | 001,085,344 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\npDeployJava1.dll
[2013.02.02 18:37:15 | 000,963,488 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\deployJava1.dll
[2013.02.02 16:00:28 | 000,535,830 | ---- | M] () -- C:\Users\Elvedin\Desktop\new-york-skyline-night-wallpaper_1.jpg
[2013.02.02 14:28:53 | 000,111,401 | ---- | M] () -- C:\Users\Elvedin\Desktop\best_quotes_and_pieces_of_advice_14.jpg
[2013.02.01 19:38:16 | 003,285,000 | ---- | M] () -- C:\Users\Elvedin\Desktop\JOVAN PERISIC - PUSTITE ME DA JE PREBOLIM.mp3
[2013.02.01 18:31:24 | 003,851,333 | ---- | M] () -- C:\Users\Elvedin\Desktop\Haris Dzinovic - Mustuluk (2009)wmv.mp3
[2013.01.29 09:57:37 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.29 09:57:37 | 000,016,976 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.28 20:18:17 | 022,719,636 | ---- | M] () -- C:\Users\Elvedin\Desktop\Nickelback - Lullaby.mp4
[2013.01.27 11:19:10 | 3003,305,984 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.26 20:27:48 | 003,504,010 | ---- | M] () -- C:\Users\Elvedin\Desktop\Jovan Perii-2011-Tvoje malo meni znai mnogo.mp3
[2013.01.23 22:08:36 | 000,003,088 | ---- | M] () -- C:\Users\Elvedin\AppData\Roaming\PData.MMM
[2013.01.23 22:08:36 | 000,003,088 | ---- | M] () -- C:\Users\Elvedin\AppData\Roaming\PData.MM1
[2013.01.21 02:02:18 | 000,001,413 | ---- | M] () -- C:\Users\Elvedin\Desktop\Minecraft - Verknüpfung.lnk
[2013.01.21 00:29:24 | 115,113,506 | ---- | M] () -- C:\Users\Elvedin\Desktop\minecraft.rar
[2013.01.20 23:40:00 | 001,756,174 | ---- | M] () -- C:\Users\Elvedin\Desktop\mcpatcher-2.4.5_02.exe
[2013.01.20 18:53:33 | 000,291,728 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.20 18:50:52 | 000,001,024 | ---- | M] () -- C:\.rnd
[2013.01.18 16:55:39 | 006,649,277 | ---- | M] () -- C:\Users\Elvedin\Desktop\i39d come for you - nickelback - lyrics.mp4
[2013.01.18 12:33:29 | 000,179,387 | ---- | M] () -- C:\Users\Elvedin\Desktop\Kroatien ENC-Box.pdf
[2013.01.18 12:31:28 | 000,179,798 | ---- | M] () -- C:\Users\Elvedin\Desktop\Panorama Schlussrechnung.pdf
[2013.01.18 12:28:09 | 000,000,965 | ---- | M] () -- C:\Users\Elvedin\Desktop\Scan2PDF.lnk
[2013.01.16 00:13:47 | 023,743,675 | ---- | M] () -- C:\Users\Elvedin\Desktop\Taylor Swift - The Story Of Us.mp4
[2013.01.11 13:29:51 | 000,001,432 | ---- | M] () -- C:\Users\Elvedin\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2013.01.11 13:29:51 | 000,001,425 | ---- | M] () -- C:\Users\Elvedin\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2013.01.10 21:54:24 | 380,175,321 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.01.10 17:47:37 | 000,001,266 | ---- | M] () -- C:\Users\Elvedin\Desktop\Windows Update.lnk
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.07 14:29:36 | 000,000,000 | ---- | C] () -- C:\autoexec.bat
[2013.02.02 16:00:25 | 000,535,830 | ---- | C] () -- C:\Users\Elvedin\Desktop\new-york-skyline-night-wallpaper_1.jpg
[2013.02.02 14:28:50 | 000,111,401 | ---- | C] () -- C:\Users\Elvedin\Desktop\best_quotes_and_pieces_of_advice_14.jpg
[2013.02.01 19:38:14 | 003,285,000 | ---- | C] () -- C:\Users\Elvedin\Desktop\JOVAN PERISIC - PUSTITE ME DA JE PREBOLIM.mp3
[2013.02.01 18:31:23 | 003,851,333 | ---- | C] () -- C:\Users\Elvedin\Desktop\Haris Dzinovic - Mustuluk (2009)wmv.mp3
[2013.01.28 20:16:39 | 022,719,636 | ---- | C] () -- C:\Users\Elvedin\Desktop\Nickelback - Lullaby.mp4
[2013.01.26 20:26:30 | 003,504,010 | ---- | C] () -- C:\Users\Elvedin\Desktop\Jovan Perii-2011-Tvoje malo meni znai mnogo.mp3
[2013.01.21 02:02:18 | 000,001,413 | ---- | C] () -- C:\Users\Elvedin\Desktop\Minecraft - Verknüpfung.lnk
[2013.01.21 00:26:53 | 115,113,506 | ---- | C] () -- C:\Users\Elvedin\Desktop\minecraft.rar
[2013.01.20 23:39:48 | 001,756,174 | ---- | C] () -- C:\Users\Elvedin\Desktop\mcpatcher-2.4.5_02.exe
[2013.01.20 18:50:51 | 000,001,024 | ---- | C] () -- C:\.rnd
[2013.01.18 16:55:12 | 006,649,277 | ---- | C] () -- C:\Users\Elvedin\Desktop\i39d come for you - nickelback - lyrics.mp4
[2013.01.18 12:33:29 | 000,179,387 | ---- | C] () -- C:\Users\Elvedin\Desktop\Kroatien ENC-Box.pdf
[2013.01.18 12:31:28 | 000,179,798 | ---- | C] () -- C:\Users\Elvedin\Desktop\Panorama Schlussrechnung.pdf
[2013.01.18 12:28:09 | 000,000,965 | ---- | C] () -- C:\Users\Elvedin\Desktop\Scan2PDF.lnk
[2013.01.16 00:12:38 | 023,743,675 | ---- | C] () -- C:\Users\Elvedin\Desktop\Taylor Swift - The Story Of Us.mp4
[2013.01.11 13:29:51 | 000,001,432 | ---- | C] () -- C:\Users\Elvedin\Desktop\Bus-Simulator 2012 (Basic-Version).lnk
[2013.01.11 13:29:51 | 000,001,425 | ---- | C] () -- C:\Users\Elvedin\Desktop\Bus-Simulator 2012 (High-Version).lnk
[2013.01.10 21:54:24 | 380,175,321 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.01.10 17:47:37 | 000,001,266 | ---- | C] () -- C:\Users\Elvedin\Desktop\Windows Update.lnk
[2013.01.04 23:23:53 | 000,000,531 | ---- | C] () -- C:\Windows\eReg.dat
[2013.01.04 14:58:48 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.04 13:48:37 | 000,003,088 | ---- | C] () -- C:\Users\Elvedin\AppData\Roaming\PData.MMM
[2013.01.04 13:48:37 | 000,003,088 | ---- | C] () -- C:\Users\Elvedin\AppData\Roaming\PData.MM1
[2013.01.03 21:09:39 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.10.19 04:19:59 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.28 17:44:14 | 000,179,271 | ---- | C] () -- C:\Windows\SysWow64\xlive.dll.cat
[2011.05.24 23:44:26 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.28 11:39:03 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\.minecraft
[2013.02.05 01:24:30 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\.terasology
[2013.01.04 13:48:37 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\AUTOSICH
[2013.01.09 03:08:55 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Blockscape
[2013.01.04 16:01:24 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Canon
[2013.01.07 23:18:57 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Leadertech
[2013.01.04 16:05:35 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Scan2PDF
[2013.01.25 09:30:59 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\SoftGrid Client
[2013.01.14 12:30:13 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\TomTom
[2013.01.04 15:00:17 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\TP
[2013.02.02 23:30:52 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\TS3Client
[2013.01.21 16:31:29 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\ts3overlay
[2013.01.21 16:31:37 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\ts3overlay_hook_win64
[2013.01.20 19:34:39 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Tunngle
[2013.02.07 20:08:01 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\uTorrent
[2013.02.06 22:56:04 | 000,000,000 | ---D | M] -- C:\Users\Elvedin\AppData\Roaming\Windows Live Writer
[2013.01.25 09:47:13 | 000,000,000 | ---D | M] -- C:\Users\Sicherung1\AppData\Roaming\Canon
[2013.01.25 09:50:33 | 000,000,000 | ---D | M] -- C:\Users\Sicherung1\AppData\Roaming\Scan2PDF
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0C9CD455

< End of report >
--- --- ---
__________________
Alt 08.02.2013, 13:43   #4
t'john
/// Helfer-Team
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?


Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL

DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found 
@Alternate Data Stream - 133 bytes -> C:\ProgramData\Temp:0C9CD455 
[2013.01.11 13:05:20 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Temp 

:Files 
C:\ProgramData\*.exe
C:\ProgramData\*.dll
C:\ProgramData\*.tmp
C:\ProgramData\TEMP
C:\Users\Elvedin\*.tmp
C:\Users\Elvedin\AppData\Local\Temp\*.exe
C:\Users\Elvedin\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[emptytemp]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!


danach:

Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Entpacke das Archiv auf deinem Desktop.
  • Im neu erstellten Ordner starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


danach:

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).
__________________
Mfg, t'john
Das TB unterstützen

Alt 08.02.2013, 23:08   #5
ElvedinZ
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?


Entschuldige dass ich frage aber, konnte man schon eventuelle Fehler am PC erkennen ???

Oder Ähnliches.... ???


Was bewirkt das Fixen ??


Alt 09.02.2013, 16:38   #6
t'john
/// Helfer-Team
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?


Das sichert vedaechtige Dateien.
__________________
--> Spionageattacke auf Rechner ?

Alt 16.04.2013, 17:00   #7
t'john
/// Helfer-Team
 
Spionageattacke auf Rechner ? - Standard

Spionageattacke auf Rechner ?


Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.
__________________
Mfg, t'john
Das TB unterstützen

Antwort

Themen zu Spionageattacke auf Rechner ?
benutzerkonto, c:\windows, code, data, datei, dns, file, final, folge, folgende, hängt, java, langsam, microsoft, msvcr80.dll, not, ntdll.dll, ordner, plötzlich, problem, rechner, sehr langsam, service, shell, spionage, spionage trojaner überwachung bespitzeln, system, system32, trojaner, usp10.dll, visual c++, windows, xcrpt


« GVU Trojaner "rty0_7z.exe" | Backdoor.Fynloski / Trojan.Agent / PUM.UserWLoad (msszfa.exe) lässt sicht nicht in Regedit löschen/ändern »


Ähnliche Themen: Spionageattacke auf Rechner ?


  1. Unsichere Dateien von Ubuntu Rechner auf Windows Rechner übertragen
    Alles rund um Mac OSX & Linux - 17.11.2015 (10)
  2. Rechner befallen? Wie sicherstellen/schützen, dass Rechner nicht ausspioniert werden?
    Plagegeister aller Art und deren Bekämpfung - 08.01.2015 (7)
  3. Eigener Rechner Auswertung. Rechner ist recht langsam.
    Log-Analyse und Auswertung - 04.08.2014 (11)
  4. Langsamer Rechner
    Log-Analyse und Auswertung - 02.03.2014 (7)
  5. Rechner surft "selbständig" nicht existierende Seiten an, Mahnschreiben Telekom über Hackingversuche von diesem Rechner aus
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (7)
  6. Der Rechbaran seinen Rechner, da der Rechner von einem Virus "Zahlundsaufforderung angeblich von der GVU" hat den Rechner
    Plagegeister aller Art und deren Bekämpfung - 30.04.2013 (2)
  7. Netzwerkproblem mit Windows7 - Rechner erkennt die anderen Rechner im Netz nicht mehr
    Alles rund um Windows - 19.04.2013 (0)
  8. GVU Trojaner auf Win 7 Rechner. Bin gerade im Ausland unterwegs und brauche meinen Rechner dringend
    Log-Analyse und Auswertung - 29.01.2013 (10)
  9. GVU-Virus, Rechner als Standardnutzer nicht mehr nutzbar, Rechner funktioniert nur als Admin oder im Abgesicherten Modus als Standardnutzer
    Log-Analyse und Auswertung - 22.01.2013 (31)
  10. Rechner spielte fremdes Audio ab. Rechner jetzt sauber?
    Log-Analyse und Auswertung - 03.09.2012 (1)
  11. Spyeye Befall Rechner A - Neuinstallation über Rechner B
    Log-Analyse und Auswertung - 19.10.2011 (5)
  12. XP REchner: kann nicht erkennen, ob ich immer noch Trojaner auf meinem Rechner habe
    Plagegeister aller Art und deren Bekämpfung - 13.09.2011 (43)
  13. Ein Rechner im Netzwerk hat langsame Internetverbindung, andere Rechner sind okay
    Alles rund um Windows - 18.02.2011 (4)
  14. Bei ICQ-Start startet Rechner neu. Dannach ist Rechner langsam
    Log-Analyse und Auswertung - 19.11.2007 (2)
  15. Rechner infiziert
    Plagegeister aller Art und deren Bekämpfung - 07.03.2007 (2)
  16. Rechner lahmt
    Plagegeister aller Art und deren Bekämpfung - 26.07.2005 (2)
  17. Rechner friert ein
    Netzwerk und Hardware - 25.02.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Spionageattacke auf Rechner ? - Ich denke dieses Mal bin ich wohl am wenigsten Schuld allerdings ist mir aufgefallen dass in letzter Zeit der Rechner meines Cousin ziemlich oft hängt bzw. sehr langsam reagiert. Wir - Spionageattacke auf Rechner ?...
Archiv
Du betrachtest: Spionageattacke auf Rechner ? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131