|
Log-Analyse und Auswertung: PC PerformerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
25.02.2013, 21:15 | #16 |
/// Malware-holic | PC Performer hi starte mal neu, drücke f8 wähle abgesicherter Modus. melde dich in deinem Konto an, versuchs da noch mal, wenn erledigt, neustarten in normal Modus und Log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
25.02.2013, 21:54 | #17 |
| PC Performer Ich hatte Panda nicht deaktiviert, habe es nun deinstalliert und hier der Logfile:
__________________Combofix Logfile: Code:
ATTFilter ComboFix 13-02-24.01 - *** 25.02.2013 21:22:44.1.4 - x64 Microsoft Windows 7 Home Premium 6.1.7600.0.1252.49.1031.18.3959.1793 [GMT 1:00] ausgeführt von:: c:\users\***\Downloads\ComboFix.exe SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\FullRemove.exe c:\users\***\4.0 c:\windows\wininit.ini . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-25 bis 2013-02-25 )))))))))))))))))))))))))))))) . . 2013-02-25 20:32 . 2013-02-25 20:32 -------- d-----w- c:\users\Noa\AppData\Local\temp 2013-02-25 20:32 . 2013-02-25 20:32 -------- d-----w- c:\users\Default\AppData\Local\temp 2013-02-25 20:19 . 2013-02-25 20:19 70 ----a-w- c:\windows\RAVTC.TMP 2013-02-25 18:26 . 2013-02-25 18:26 -------- d-----w- C:\_OTL 2013-02-24 12:34 . 2013-02-24 12:34 -------- d-----w- c:\users\***\AppData\Roaming\PerformerSoft 2013-02-24 12:08 . 2013-02-24 12:08 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes 2013-02-24 12:08 . 2013-02-24 12:08 -------- d-----w- c:\programdata\Malwarebytes 2013-02-24 12:08 . 2013-02-24 12:08 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware 2013-02-24 12:08 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys 2013-02-24 12:07 . 2013-02-24 12:07 -------- d-----w- c:\users\***\AppData\Local\Programs 2013-02-23 17:51 . 2013-02-23 17:51 -------- d-----w- c:\users\Noa\AppData\Roaming\Klett 2013-02-22 13:43 . 2013-02-08 00:28 9162192 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E151894-6353-438E-B94F-D29D33CEC5FB}\mpengine.dll 2013-02-19 21:26 . 2013-02-19 21:28 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird 2013-02-14 07:53 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-14 07:53 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-13 21:27 . 2013-01-04 05:41 1893224 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-13 21:27 . 2013-01-04 05:40 287576 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-13 21:25 . 2013-01-09 01:12 1392128 ----a-w- c:\windows\system32\wininet.dll 2013-02-13 19:33 . 2013-02-13 19:33 -------- d-----w- c:\users\Noa\AppData\Local\Adobe 2013-02-13 19:22 . 2013-02-19 19:44 -------- d-----w- c:\users\Noa\AppData\Roaming\Liteon 2013-02-10 13:49 . 2013-02-10 13:49 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll 2013-01-31 17:27 . 2013-01-31 17:27 -------- d-----w- c:\users\Noa\AppData\Local\Google 2013-01-30 07:31 . 2013-01-30 07:31 -------- d-----w- c:\program files (x86)\Common Files\Java 2013-01-30 07:14 . 2013-01-30 07:14 -------- d-----w- c:\users\***\AppData\Roaming\elsterformular 2013-01-30 07:14 . 2013-01-30 07:14 -------- d-----w- c:\programdata\elsterformular 2013-01-30 07:13 . 2013-01-30 07:13 -------- d-----w- c:\program files (x86)\ElsterFormular . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-25 20:40 . 2013-02-25 20:40 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2E151894-6353-438E-B94F-D29D33CEC5FB}\offreg.dll 2013-02-16 16:29 . 2012-04-10 15:13 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe 2013-02-16 16:29 . 2011-08-10 06:36 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl 2013-02-13 21:31 . 2011-03-08 08:17 70004024 ----a-w- c:\windows\system32\MRT.exe 2013-02-10 13:49 . 2012-09-06 06:42 861088 ----a-w- c:\windows\SysWow64\npdeployJava1.dll 2013-02-10 13:49 . 2011-03-05 18:08 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll 2013-01-17 00:28 . 2011-01-28 18:54 273840 ------w- c:\windows\system32\MpSigStub.exe 2013-01-04 04:43 . 2013-02-13 21:28 44032 ----a-w- c:\windows\apppatch\acwow64.dll 2012-12-16 16:52 . 2012-12-22 02:00 46080 ----a-w- c:\windows\system32\atmlib.dll 2012-12-16 14:40 . 2012-12-22 02:00 367616 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:25 . 2012-12-22 02:00 295424 ----a-w- c:\windows\SysWow64\atmfd.dll 2012-12-16 14:25 . 2012-12-22 02:00 34304 ----a-w- c:\windows\SysWow64\atmlib.dll 2012-12-07 05:41 . 2013-01-10 07:12 441856 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 05:35 . 2013-01-10 07:12 2745856 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 05:04 . 2013-01-10 07:12 308736 ----a-w- c:\windows\SysWow64\Wpc.dll 2012-12-07 04:57 . 2013-01-10 07:12 2576384 ----a-w- c:\windows\SysWow64\gameux.dll 2012-12-07 03:45 . 2013-01-10 07:12 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 03:45 . 2013-01-10 07:12 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 03:45 . 2013-01-10 07:12 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 03:45 . 2013-01-10 07:12 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 03:45 . 2013-01-10 07:12 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 03:45 . 2013-01-10 07:12 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 03:45 . 2013-01-10 07:12 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 03:45 . 2013-01-10 07:12 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 03:45 . 2013-01-10 07:12 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 03:45 . 2013-01-10 07:12 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 03:45 . 2013-01-10 07:12 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 03:45 . 2013-01-10 07:12 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 03:45 . 2013-01-10 07:12 51712 ----a-w- c:\windows\system32\esrb.rs 2012-12-07 03:45 . 2013-01-10 07:12 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 03:21 . 2013-01-10 07:12 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs 2012-12-07 03:21 . 2013-01-10 07:12 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs 2012-12-07 03:21 . 2013-01-10 07:12 43520 ----a-w- c:\windows\SysWow64\csrr.rs 2012-12-07 03:21 . 2013-01-10 07:12 30720 ----a-w- c:\windows\SysWow64\usk.rs 2012-12-07 03:21 . 2013-01-10 07:12 23552 ----a-w- c:\windows\SysWow64\oflc.rs 2012-12-07 03:21 . 2013-01-10 07:12 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs 2012-12-07 03:21 . 2013-01-10 07:12 20480 ----a-w- c:\windows\SysWow64\pegi.rs 2012-12-07 03:21 . 2013-01-10 07:12 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs 2012-12-07 03:21 . 2013-01-10 07:12 46592 ----a-w- c:\windows\SysWow64\fpb.rs 2012-12-07 03:21 . 2013-01-10 07:12 21504 ----a-w- c:\windows\SysWow64\grb.rs 2012-12-07 03:21 . 2013-01-10 07:12 51712 ----a-w- c:\windows\SysWow64\esrb.rs 2012-12-07 03:21 . 2013-01-10 07:12 55296 ----a-w- c:\windows\SysWow64\cero.rs 2012-12-07 03:21 . 2013-01-10 07:12 40960 ----a-w- c:\windows\SysWow64\cob-au.rs 2012-12-07 03:21 . 2013-01-10 07:12 15360 ----a-w- c:\windows\SysWow64\djctq.rs . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:40 120176 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x86\PSDProtect.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2010-07-13 39408] "NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696] "SuiteTray"="c:\program files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe" [2010-05-27 337264] "EgisUpdate"="c:\program files (x86)\EgisTec IPS\EgisUpdate.exe" [2010-03-11 201584] "EgisTecPMMUpdate"="c:\program files (x86)\EgisTec IPS\PmmUpdate.exe" [2010-03-11 407920] "Norton Online Backup"="c:\program files (x86)\Symantec\Norton Online Backup\NOBuClient.exe" [2010-06-01 1155928] "BackupManagerTray"="c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe" [2010-06-28 265984] "StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304] "LManager"="c:\program files (x86)\Launch Manager\LManager.exe" [2010-06-22 968272] "AppleSyncNotifier"="c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656] "APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280] "Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888] "iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-12-12 152544] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ WISO Mein Steuer-Sparbuch heute.lnk - c:\program files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe [2012-4-4 1380944] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows] "LoadAppInit_DLLs"=1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576] R3 cmnsusbser;Mobile Connector USB Device for Legacy Serial Communication LCT2053s;c:\windows\system32\DRIVERS\cmnsusbser.sys [2011-06-04 117888] R3 MWLService;MyWinLocker Service;c:\program files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [2010-05-27 305520] R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-06-17 246376] R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760] S1 mwlPSDFilter;mwlPSDFilter;c:\windows\system32\DRIVERS\mwlPSDFilter.sys [2009-06-03 22576] S1 mwlPSDNServ;mwlPSDNServ;c:\windows\system32\DRIVERS\mwlPSDNServ.sys [2009-06-03 20016] S1 mwlPSDVDisk;mwlPSDVDisk;c:\windows\system32\DRIVERS\mwlPSDVDisk.sys [2009-06-03 60464] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264] S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624] S2 DsiWMIService;Dritek WMI Service;c:\program files (x86)\Launch Manager\dsiwmis.exe [2010-06-22 321104] S2 ePowerSvc;Acer ePower Service;c:\program files\Acer\Acer ePower Management\ePowerSvc.exe [2010-06-11 868896] S2 GREGService;GREGService;c:\program files (x86)\Acer\Registration\GREGsvc.exe [2010-01-08 23584] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336] S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184] S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344] S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2010-05-04 503080] S2 NOBU;Norton Online Backup;c:\program files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe SERVICE [x] S2 NTI IScheduleSvc;NTI IScheduleSvc;c:\program files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [2010-06-28 255744] S2 OS Selector;Acronis OS Selector Activator;c:\program files (x86)\Acronis\DiskDirector\OSS\reinstall_svc.exe [2010-09-30 2155848] S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776] S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-18 2320920] S2 Updater Service;Updater Service;c:\program files\Acer\Acer Updater\UpdaterService.exe [2010-01-28 243232] S2 WTGService;WTGService;c:\program files (x86)\XSManager\WTGService.exe [2010-04-12 329168] S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344] S3 k57nd60a;Broadcom NetLink (TM) Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\k57nd60a.sys [2010-05-15 384040] S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376] S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 05195144 *NewlyCreated* - 11734263 *NewlyCreated* - 47720714 *Deregistered* - 05195144 *Deregistered* - 11734263 *Deregistered* - 47720714 *Deregistered* - PSINAflt *Deregistered* - PSINKNC *Deregistered* - PSINProt . Inhalt des "geplante Tasks" Ordners . 2013-02-25 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-10 16:29] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 22:08] . 2013-02-25 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-30 22:08] . 2013-02-24 c:\windows\Tasks\PC Performer_DEFAULT.job - c:\program files (x86)\PC Performer\PCPerformer.exe [2013-01-23 14:47] . 2013-01-23 c:\windows\Tasks\PC Performer_UPDATES.job - c:\program files (x86)\PC Performer\PCPerformer.exe [2013-01-23 14:47] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\egisPSDP] @="{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}" [HKEY_CLASSES_ROOT\CLSID\{30A0A3F6-38AC-4C53-BB8B-0D95238E25BA}] 2010-05-27 02:42 137584 ----a-w- c:\program files (x86)\EgisTec MyWinLocker\x64\PSDProtect.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "mwlDaemon"="c:\program files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe" [2010-05-27 349552] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-06-22 10920552] "Acer ePower Management"="c:\program files\Acer\Acer ePower Management\ePowerTray.exe" [2010-06-11 861216] "Zune Launcher"="c:\program files\Zune\ZuneLauncher.exe" [2011-08-05 163552] . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.google.com uLocal Page = c:\windows\system32\blank.htm mDefault_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108165l0454z1h5v47i2257q mStart Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108165l0454z1h5v47i2257q mLocal Page = c:\windows\SysWOW64\blank.htm uInternet Settings,ProxyOverride = *.local TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - prefs.js: keyword.URL - hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q= FF - prefs.js: network.proxy.type - 0 . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{F5D1CF73-C196-48F8-AAAC-B9181E22B4E6} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL ShellIconOverlayIdentifiers-{9AE343CB-BA45-4618-AF6A-0230EE6FC793} - c:\program files (x86)\Panda Security\Panda Cloud Antivirus\PSUNShell.DLL HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe,-101" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation] "Enabled"=dword:00000001 . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_149_ActiveX.exe" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Shockwave Flash Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus] @="0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID] @="ShockwaveFlash.ShockwaveFlash.11" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="ShockwaveFlash.ShockwaveFlash" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}] @Denied: (A 2) (Everyone) @="Macromedia Flash Factory Object" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx" "ThreadingModel"="Apartment" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID] @="FlashFactory.FlashFactory.1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32] @="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_149.ocx, 1" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib] @="{D27CDB6B-AE6D-11cf-96B8-444553540000}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version] @="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID] @="FlashFactory.FlashFactory" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}] @Denied: (A 2) (Everyone) @="IFlashBroker5" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32] @="{00020424-0000-0000-C000-000000000046}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib] @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}] @Denied: (A) (Everyone) "Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}" . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3] @Denied: (A) (Everyone) . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0] "Key"="ActionsPane3" "Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd" . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-25 21:51:03 ComboFix-quarantined-files.txt 2013-02-25 20:50 . Vor Suchlauf: 9 Verzeichnis(se), 72.996.249.600 Bytes frei Nach Suchlauf: 15 Verzeichnis(se), 72.630.718.464 Bytes frei . - - End Of File - - 42AC8B140287BCD448F35C31A60C8183 |
25.02.2013, 22:03 | #18 |
/// Malware-holic | PC Performer Hi,
__________________lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ |
27.02.2013, 09:28 | #19 |
| PC Performer Hallo, ich hoffe, ich habe es richtig gemacht... Acer Backup Manager NewTech Infosystems 04.09.2010 54,1MB 2.0.0.68 Unbekannt Acer Crystal Eye webcam Liteon 04.09.2010 3,22MB 1.0.4.0 Unbekannt Acer ePower Management Acer Incorporated 04.09.2010 5.00.3005 Unbekannt Acer eRecovery Management Acer Incorporated 13.07.2010 4.05.3013 Unbekannt Acer GameZone Console Oberon Media, Inc. 13.07.2010 31,0MB 6.1.0.9 Unbekannt Acer Registration Acer Incorporated 04.09.2010 1.03.3003 Unbekannt Acer ScreenSaver Acer Incorporated 04.09.2010 1.1.0707.2010 Unbekannt Acer Updater Acer Incorporated 13.07.2010 1.02.3001 Unbekannt Acrobat.com Adobe Systems Incorporated 13.07.2010 1,60MB 1.6.65 Unbekannt Acronis*Disk*Director*11*Home Acronis 30.12.2010 238MB 11.0.2121 Unbekannt Adobe AIR Adobe Systems Incorporated 30.08.2012 3.4.0.2540 Unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.02.2013 6,00MB 11.5.502.149 Notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 16.02.2013 6,00MB 11.6.602.168 Notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 19.08.2012 168MB 10.1.4 Notwendig Airport Mania First Flight Oberon Media 04.09.2010 Unbekannt Amazonia Oberon Media 04.09.2010 Unbekannt Apple Application Support Apple Inc. 20.12.2012 64,9MB 2.3.2 Unbekannt Apple Mobile Device Support Apple Inc. 20.12.2012 25,1MB 6.0.1.3 Unbekannt Apple Software Update Apple Inc. 04.07.2011 2,25MB 2.1.3.127 Unbekannt Ashampoo Burning Studio Elements 10.0.9 Ashampoo GmbH & Co. KG 13.12.2011 161MB 3.1.1 Notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 04.09.2010 22,3MB 3.0.778.0 Unbekannt Bonjour Apple Inc. 11.10.2011 2,00MB 3.0.0.10 Unbekannt Broadcom Gigabit NetLink Controller Broadcom Corporation 13.07.2010 448KB 14.0.2.3 Unbekannt Cake Mania Oberon Media 04.09.2010 Unbekannt CCleaner Piriform 25.02.2013 3.28 Notwendig CyberLink PowerDVD 9 CyberLink Corp. 04.09.2010 114MB 9.0.2829.50 Unbekannt Dream Day First Home Oberon Media 04.09.2010 Unbekannt eBay Worldwide OEM 30.12.2010 100KB 2.1.0901 Unbekannt ElsterFormular Landesfinanzdirektion Thüringen 30.01.2013 262MB 14.0.0.10960 Notwendig eSobi v2 esobi Inc. 13.07.2010 20,4MB 2.0.4.000274 Unbekannt Farm Frenzy 2 Oberon Media 04.09.2010 Unbekannt Galapago Oberon Media 04.09.2010 Unbekannt Google Toolbar for Internet Explorer Google Inc. 10.01.2013 Notwendig Heroes of Hellas Oberon Media 04.09.2010 Unbekannt Identity Card Acer Incorporated 04.09.2010 1.00.3003 Unbekannt Intel(R) Management Engine Components Intel Corporation 04.09.2010 6.0.0.1179 Unbekannt Intel(R) Rapid Storage Technology Intel Corporation 04.09.2010 9.6.2.1001 Unbekannt iTunes Apple Inc. 20.12.2012 191MB 11.0.1.12 Notwendig Java 7 Update 13 Oracle 10.02.2013 129MB 7.0.130 Notwendig Launch Manager Acer Inc. 04.09.2010 4.0.12 Unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 24.02.2013 18,4MB 1.70.0.1100 Notwendig Merriam Websters Spell Jam Oberon Media 04.09.2010 Unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 07.01.2011 38,8MB 4.0.30319 Unbekannt Microsoft Office 2010 Microsoft Corporation 04.09.2010 6,31MB 14.0.4763.1000 Notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 09.01.2011 14.0.4763.1000 Notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 09.01.2011 14.0.4763.1000 Notwendig Microsoft PowerPoint Viewer Microsoft Corporation 13.12.2012 196MB 14.0.6029.1000 Notwendig Microsoft Project Professional 2010 Microsoft Corporation 28.02.2012 14.0.6029.1000 Notwendig Microsoft Silverlight Microsoft Corporation 13.05.2012 188MB 4.1.10329.0 Notwendig Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 04.09.2010 1,72MB 3.1.0000 Notwendig Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 Notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.61001 Notwendig Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 07.01.2011 200KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 14.04.2011 598KB 9.0.30729.5570 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 13.07.2010 596KB 9.0.30729 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 07.01.2011 594KB 9.0.30729.4148 Notwendig Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 Notwendig MobileMe Control Panel Apple Inc. 04.07.2011 11,9MB 3.1.6.0 Unbekannt Mozilla Firefox 19.0 (x86 de) Mozilla 20.02.2013 44,9MB 19.0 Notwendig Mozilla Maintenance Service Mozilla 20.02.2013 330KB 19.0 Notwendig Mozilla Thunderbird 17.0.3 (x86 de) Mozilla 19.02.2013 43,3MB 17.0.3 Notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 22.01.2011 1,27MB 4.20.9870.0 Unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 22.01.2011 1,33MB 4.20.9876.0 Unbekannt MyWinLocker Suite Egis Technology Inc. 13.07.2010 2,20MB 3.1.212.0 Unbekannt Nero BurnLite 10 Nero AG 13.03.2011 56,3MB 10.0.10600 Notwendig Nero Update Nero AG 13.03.2011 1,43MB 1.0.0018 Notwendig Nokia Connectivity Cable Driver Nokia 29.11.2012 3,95MB 7.1.92.0 Notwendig Nokia Suite Nokia 29.11.2012 3.6.36.0 Notwendig Norton Online Backup Symantec Corporation 13.07.2010 6,19MB 2.1.17869 Notwendig NTI Media Maker 9 NTI Corporation 13.07.2010 1,60GB 9.0.2.8928 Unbekannt PC Connectivity Solution Nokia 29.11.2012 21,2MB 12.0.48.0 Unbekannt QuickTime Apple Inc. 23.09.2012 73,2MB 7.72.80.56 Unbekannt Realtek HDMI Audio Driver for ATI Realtek Semiconductor Corp. 04.09.2010 6.0.1.6034 Unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.09.2010 6.0.1.6141 Unbekannt Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 04.09.2010 6.1.7600.30122 Unbekannt simfy simfy AG 09.08.2012 1.6.9 Notwendig Spin & Win Oberon Media 04.09.2010 Unbekannt Synaptics Pointing Device Driver Synaptics Incorporated 04.09.2010 14.0.19.0 Unbekannt Welcome Center Acer Incorporated 04.09.2010 1.02.3002 Unbekannt Windows Live Anmelde-Assistent Microsoft Corporation 04.09.2010 1,93MB 5.000.818.5 Unbekannt Windows Live Essentials Microsoft Corporation 04.09.2010 14.0.8089.0726 Unbekannt Windows Live Sync Microsoft Corporation 04.09.2010 2,79MB 14.0.8089.726 Unbekannt Windows Live-Uploadtool Microsoft Corporation 04.09.2010 224KB 14.0.8014.1029 Unbekannt Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 29.11.2012 05/31/2012 7.1.2.0 Notwendig WISO Mein Geld 2012 Professional Buhl Data Service GmbH 19.01.2012 Notwendig WISO Sparbuch 2010 Buhl Data Service GmbH 07.01.2011 17.00.6531 Notwendig WISO Steuer-Sparbuch 2011 Buhl Data Service GmbH 05.04.2011 18.06.7056 Notwendig WISO Steuer-Sparbuch 2012 Buhl Data Service GmbH 04.04.2012 19.00.7303 Notwendig XMind XMind Ltd. 06.11.2011 3.2.1 Notwendig XSManager XSManager 04.06.2011 3.0 Unbekannt Zune Microsoft Corporation 20.01.2013 04.08.2345.00 Notwendig |
27.02.2013, 13:23 | #20 |
/// Malware-holic | PC Performer deinstaliere: Acronis Acrobat Adobe AIR Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Airport Amazonia Bonjour Cake CyberLink Dream eBay eSobi Farm Galapago Google Toolbar : finger weg von toolbars, sind ein zusatz Risiko und verlangsamen den Browser. Deinstaliere: Heroes Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Merriam MyWinLocker Spin Windows Live : alle von dir nicht genutzten Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 16:25 | #21 |
| PC Performer Hallo, die Oberon Programm konnte ich nicht deinstallieren.AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 27/02/2013 um 16:22:09 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium (64 bits) # Benutzer : *** - *** # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Downloads\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Windows\Tasks\PC Performer_DEFAULT.job Ordner Gelöscht : C:\Users\***\AppData\Roaming\PerformerSoft ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\PerformerSoft Schlüssel Gelöscht : HKLM\Software\PerformerSoft ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [21135 octets] - [23/01/2013 18:46:14] AdwCleaner[S2].txt - [3996 octets] - [24/02/2013 13:31:43] AdwCleaner[S3].txt - [1219 octets] - [27/02/2013 16:22:09] ########## EOF - C:\AdwCleaner[S3].txt - [1279 octets] ########## ... und der PCPerformer ist trotzdem wieder da... ;-( |
27.02.2013, 17:02 | #22 |
/// Malware-holic | PC Performer hi, lade hitmanpro: HitmanPro - Download - Filepony doppelklick, lizenz, testlizenz. auf Scan, nichts löschen. auf weiter Log als xml exportieren und posten bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 17:29 | #23 |
| PC Performer <?xml version="1.0"?> -<Log filesProcessed="25307" timeSpentInSecs="243" date="2013-02-27T17:20:44" version="3.7.2.189" scan="Normal" windows="6.1.0.7600.X64/4" computer=***PC">-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\cookies.sqlite:apmebf.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\cookies.sqlite:track.adform.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.360yield.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.ad-srv.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.adc-serv.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.adnet.de"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.dyntracker.de"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.yieldmanager.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ad.zanox.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ads.monetizingpartners.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:adserving.avazudsp.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:adtech.de"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:advertising.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:apmebf.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:at.atwola.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:atdmt.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:bs.serving-sys.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:casalemedia.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:collective-media.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:doubleclick.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:eas.apm.emediate.eu"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ero-advertising.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:exoclick.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:fastclick.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:gratisporntv.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:invitemedia.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:media6degrees.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:mediaplex.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:questionmarket.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:revsci.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:serving-sys.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:smartadserver.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:specificclick.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:statcounter.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:statse.webtrendslive.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:track.adform.net"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:track.effiliation.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:track.hubrus.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:track.zalando.de"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:tradedoubler.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:ww251.smartadserver.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:www.etracker.de"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:www.googleadservices.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:www.gratisporntv.com"/></Item>-<Item status="None" score="0.0" type="Cookie"><File path="C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\cookies.sqlite:xiti.com"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="C:\Windows\Installer\{069B290F-5398-4629-A009-85B4BCB4B1B9}\Claro.ico"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\c\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\2E4A8FA31C5CBF34AB8A9A1FEEC064D1\F092B960893592640A90584BCB4B1B9B"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{16466D47-74A8-4928-B8B2-07CD79ABFC9F}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{26D5CC0A-7A46-4D86-AF45-2EFA320B0C54}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2D13AC8F-037E-40C5-ADA6-231BA74EA2F4}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{322EDCF5-9E7D-4021-8C67-F3FFE4961A38}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{3E254398-828F-4D51-A39E-3F6B6D96A12C}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{442DAF0C-7EAD-48D9-ABEA-E0036470D6D5}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{58EB187D-24F8-4423-BD6C-655CE4C416BD}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{6BEB066C-A791-4A21-B934-7783533FE888}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A07612DF-B1DD-484F-A1C3-36CA4CE919D2}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{A76F97B2-2C56-456A-A29E-72741595C2E8}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{B19D9D96-E59C-4936-B283-8A831CDB3A53}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{DC8AAABA-3F8B-4866-8B3A-D9368133A478}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E15519AE-99BE-42DD-BE60-FFC3C183F443}\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\2E4A8FA31C5CBF34AB8A9A1FEEC064D1\F092B960893592640A90584BCB4B1B9B"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4B2468513CA2D6943A1A233CD3F88CE7\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A9FAC99E2D8280F4482F22004D09FBA2\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AE26D37B0FFFAE4559860C5C4D938B71\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\F092B960893592640A90584BCB4B1B9B\"/></Item>-<Item status="None" score="0.0" type="PUP"><File path="HKU\S-1-5-21-1785760054-1992657699-1986639588-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975}"/></Item></Log> |
27.02.2013, 17:33 | #24 |
/// Malware-holic | PC Performer ok, mal alles von hitmanpro löschen lassen, evtl. sind 2 durchläufe nötig. dann neues otl log bitte
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
27.02.2013, 17:55 | #25 |
| PC Performer OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.02.2013 17:43:33 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads 64bit- Home Premium Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,23 Gb Available Physical Memory | 57,71% Memory free 7,73 Gb Paging File | 5,97 Gb Available in Paging File | 77,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 143,54 Gb Total Space | 69,48 Gb Free Space | 48,41% Space Free | Partition Type: NTFS Drive E: | 141,45 Gb Total Space | 131,30 Gb Free Space | 92,83% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.19 22:27:04 | 000,389,016 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2013.01.24 11:10:30 | 001,380,944 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe PRC - [2013.01.23 18:53:03 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.10.13 01:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe PRC - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe PRC - [2012.10.03 15:50:46 | 000,148,888 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2010.06.28 14:23:12 | 000,265,984 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe PRC - [2010.06.28 14:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe PRC - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe PRC - [2010.06.22 07:34:48 | 000,305,744 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LMworker.exe PRC - [2010.06.22 07:34:46 | 000,968,272 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe PRC - [2010.05.27 03:41:24 | 000,349,552 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe PRC - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.04.13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.03.11 06:11:56 | 000,407,920 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 06:11:42 | 000,201,584 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) -- C:\Programme\Acer\Acer Updater\UpdaterService.exe PRC - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe ========== Modules (No Company Name) ========== MOD - [2013.02.19 22:27:07 | 002,243,480 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2013.02.19 22:27:07 | 000,158,104 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2013.02.19 22:27:07 | 000,022,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2013.02.14 09:07:20 | 011,824,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\a00aab40bdf5aed84b4d4294965cf20d\System.Web.ni.dll MOD - [2013.02.14 09:07:07 | 012,433,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\05682429807d34d6ff05a77ea153935f\System.Windows.Forms.ni.dll MOD - [2013.01.24 11:11:43 | 002,993,744 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wcore12.dll MOD - [2013.01.24 11:10:53 | 007,965,776 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wgui12.dll MOD - [2013.01.24 11:10:43 | 004,545,616 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wauff12.dll MOD - [2013.01.24 11:10:43 | 000,320,080 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsguiwinapi47.dll MOD - [2013.01.24 11:10:41 | 002,045,008 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wfvie12.dll MOD - [2013.01.24 11:10:40 | 000,275,536 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rscorewinapi47.dll MOD - [2013.01.24 11:10:34 | 001,552,464 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wsteu12.dll MOD - [2013.01.24 11:10:33 | 001,654,864 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\wreli12.dll MOD - [2013.01.24 11:10:30 | 001,380,944 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\mshaktuell.exe MOD - [2013.01.24 11:10:28 | 000,136,272 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsodbc47.dll MOD - [2013.01.24 11:10:27 | 000,028,672 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\rsdcom47.dll MOD - [2013.01.10 16:38:48 | 000,452,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\25ee48eb497e73b0eaad5b8b4c365992\IAStorUtil.ni.dll MOD - [2013.01.10 16:00:12 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\01b47a246b4ec7bfec31bf4503aceda1\System.Runtime.Remoting.ni.dll MOD - [2013.01.10 15:59:38 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\e2ee5d77ebe0bd025e7a7a317a43d677\System.Drawing.ni.dll MOD - [2013.01.10 15:59:24 | 003,325,952 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\82a4c4666ad83c3a375210247e69646b\WindowsBase.ni.dll MOD - [2013.01.10 15:59:19 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\10aba2c167cc1119b80159fd9ac71ca8\System.Xml.ni.dll MOD - [2013.01.10 15:59:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\96a3b737db1e72adaf32d2b350e50c23\System.Configuration.ni.dll MOD - [2013.01.10 15:59:14 | 007,974,400 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\c54750e64ba10d0fb7b6a636fb3695ca\System.ni.dll MOD - [2013.01.10 15:59:07 | 011,490,816 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\b0b8554c05f194f546a8ed531320760b\mscorlib.ni.dll MOD - [2012.11.26 19:46:17 | 000,866,816 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCLuceners47.dll MOD - [2012.10.13 01:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll MOD - [2012.10.13 01:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll MOD - [2012.10.13 01:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll MOD - [2012.10.13 01:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll MOD - [2012.10.13 01:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll MOD - [2012.10.13 01:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll MOD - [2012.10.13 01:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll MOD - [2012.10.13 01:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll MOD - [2012.10.13 01:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll MOD - [2012.10.13 01:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll MOD - [2012.10.13 01:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll MOD - [2012.10.13 01:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll MOD - [2012.10.13 01:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll MOD - [2012.10.13 01:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll MOD - [2012.10.13 01:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll MOD - [2012.10.13 01:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll MOD - [2012.10.13 01:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll MOD - [2012.10.13 01:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll MOD - [2012.10.13 01:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll MOD - [2012.10.13 01:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll MOD - [2012.10.13 01:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll MOD - [2012.10.13 01:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll MOD - [2012.01.25 10:01:03 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSqlrs47.dll MOD - [2011.11.04 12:47:18 | 000,271,872 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\phononrs47.dll MOD - [2011.11.04 12:47:16 | 011,163,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtWebKitrs47.dll MOD - [2011.11.04 12:47:14 | 000,108,544 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtTestrs47.dll MOD - [2011.11.04 12:47:12 | 001,340,416 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtScriptrs47.dll MOD - [2011.11.04 12:47:12 | 000,281,088 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtSvgrs47.dll MOD - [2011.11.04 12:47:10 | 008,934,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtGuirs47.dll MOD - [2011.11.04 12:47:10 | 002,395,648 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\Qt3Supportrs47.dll MOD - [2011.11.04 12:47:10 | 000,990,208 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtNetworkrs47.dll MOD - [2011.11.04 12:47:10 | 000,358,400 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtXmlrs47.dll MOD - [2011.11.04 12:47:08 | 002,356,736 | ---- | M] () -- C:\Program Files (x86)\WISO\Steuersoftware 2012\QtCorers47.dll MOD - [2011.06.24 21:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 21:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.09.04 15:40:10 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.09.04 15:40:05 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.06.28 14:20:54 | 000,465,576 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll MOD - [2009.05.20 07:02:04 | 000,072,200 | ---- | M] () -- C:\Program Files (x86)\Launch Manager\CdDirIo.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.05.27 05:59:42 | 000,203,264 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV - [2013.02.27 15:04:51 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.02.20 21:21:23 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.08.05 12:53:12 | 000,467,680 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneWlanCfgSvc.exe -- (ZuneWlanCfgSvc) SRV - [2011.08.05 12:53:12 | 000,306,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\WMZuneComm.exe -- (WMZuneComm) SRV - [2011.08.05 12:53:06 | 008,277,728 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Zune\ZuneNss.exe -- (ZuneNetworkSvc) SRV - [2010.12.21 06:38:22 | 000,350,720 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- winhttp.dll -- (WinHttpAutoProxySvc) SRV - [2010.07.13 12:59:30 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.06.28 14:23:06 | 000,255,744 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe -- (NTI IScheduleSvc) SRV - [2010.06.22 07:34:48 | 000,321,104 | ---- | M] (Dritek System Inc.) [Auto | Running] -- C:\Program Files (x86)\Launch Manager\dsiwmis.exe -- (DsiWMIService) SRV - [2010.06.11 13:27:26 | 000,868,896 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Acer\Acer ePower Management\ePowerSvc.exe -- (ePowerSvc) SRV - [2010.06.01 23:31:28 | 002,804,568 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe -- (NOBU) SRV - [2010.05.27 03:41:06 | 000,305,520 | ---- | M] (Egis Technology Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe -- (MWLService) SRV - [2010.05.04 12:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.04.13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.04.12 17:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 05:57:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.03.18 05:56:56 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.01.29 00:27:36 | 000,243,232 | ---- | M] (Acer Group) [Auto | Running] -- C:\Programme\Acer\Acer Updater\UpdaterService.exe -- (Updater Service) SRV - [2010.01.09 21:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.08 14:21:22 | 000,023,584 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Acer\Registration\GREGsvc.exe -- (GREGService) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2012.06.11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc) DRV:64bit: - [2012.06.11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd) DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt) DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev) DRV:64bit: - [2012.03.01 07:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 17:42:45 | 000,125,440 | ---- | M] () [Kernel | System | Stopped] -- C:\Windows\SysNative\drivers\acedrv07.sys -- (acedrv07) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.06.04 12:35:14 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2011.03.11 07:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.07.09 04:51:50 | 000,017,408 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper) DRV:64bit: - [2010.06.17 10:18:28 | 000,246,376 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.06.03 20:59:00 | 004,171,328 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.05.27 06:39:14 | 006,856,192 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.05.27 05:25:38 | 000,264,192 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.05.15 13:48:28 | 000,384,040 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) DRV:64bit: - [2010.04.20 03:35:14 | 000,018,432 | ---- | M] (NTI Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr) DRV:64bit: - [2010.04.13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.01.27 04:05:00 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService) DRV:64bit: - [2009.12.10 12:25:10 | 000,301,104 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.14 01:06:32 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.03 03:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2009.06.03 03:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2009.06.03 03:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108165l0454z1h5v47i2257q IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108165l0454z1h5v47i2257q IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0407&m=aspire_5742g&r=273612108165l0454z1h5v47i2257q IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_deDE412DE413 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.4.48 FF - prefs.js..extensions.enabledItems: {B821BF60-5C2D-41EB-92DC-3E4CCD3A22E4}:2.0 FF - prefs.js..extensions.enabledItems: widgetruntime@surfsecret.com:1.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..keyword.URL: "hxxp://www.google.com/search?rlz=1V2IPYX&ie=utf-8&q=" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_171.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_171.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:21:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 15:02:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.19 22:26:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_8.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_8.0 FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.20 21:21:26 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 15:02:23 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.19 22:26:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2011.01.11 12:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.01.11 12:34:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2013.02.24 13:02:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\1eq0uunc.default\extensions [2011.12.29 19:21:35 | 000,002,419 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1eq0uunc.default\searchplugins\englische-ergebnisse.xml [2011.12.29 19:21:35 | 000,010,525 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\1eq0uunc.default\searchplugins\gmx-suche.xml [2013.02.24 13:26:38 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.20 21:21:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.02.20 21:21:26 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.05 20:21:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.05 20:21:12 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.05 20:21:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.05 20:21:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.27 16:11:08 | 000,002,325 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\pandasecuritytb.xml [2012.09.05 20:21:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.05 20:21:12 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.02.25 21:32:46 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Acer\Acer ePower Management\ePowerTray.exe (Acer Incorporated) O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe (Egis Technology Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Zune Launcher] C:\Program Files\Zune\ZuneLauncher.exe (Microsoft Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe (NewTech Infosystems, Inc.) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.) O4 - HKLM..\Run: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe (Symantec Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SuiteTray] C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe (Egis Technology Inc.) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0017-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 1.7.0_13) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_13-windows-i586.cab (Java Plug-in 10.15.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E9794625-21AF-49E2-B5EA-1BD8E5EEB354}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FBE8EDFF-40B4-4F01-B66D-8CE039DB5E4E}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\dssrequest - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\dssrequest - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\sacore - No CLSID value found O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - mscoree.dll (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - Explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - SystemPropertiesPerformance.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O29:64bit: - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O29 - HKLM SecurityProviders - (credssp.dll) - credssp.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.27 17:19:15 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.02.27 16:23:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\PerformerSoft [2013.02.27 15:50:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2013.02.27 15:39:21 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.27 15:39:16 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.27 15:39:16 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.27 15:39:15 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.27 15:04:51 | 000,691,568 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 15:04:51 | 000,071,024 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.27 15:02:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Adobe [2013.02.27 08:59:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2013.02.27 08:59:53 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.02.26 11:51:22 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.02.25 21:20:43 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.02.25 21:20:43 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.02.25 21:20:43 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.02.25 20:54:59 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.02.25 20:54:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.02.25 19:26:15 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.24 13:08:24 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.02.24 13:08:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.24 13:08:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.24 13:08:18 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.24 13:08:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.24 13:07:48 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.02.20 21:21:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.19 22:26:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.13 22:28:21 | 005,500,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.02.13 22:28:20 | 003,957,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2013.02.13 22:28:20 | 003,902,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2013.02.13 22:28:05 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013.02.13 22:28:05 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013.02.13 22:28:05 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013.02.13 22:28:05 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013.02.13 22:28:05 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013.02.13 22:28:05 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013.02.13 22:28:05 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013.02.13 22:28:05 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013.02.13 22:28:05 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013.02.13 22:28:05 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013.02.13 22:28:05 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013.02.13 22:28:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 22:28:05 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013.02.13 22:28:04 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013.02.13 22:28:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013.02.13 22:28:04 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013.02.13 22:28:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013.02.13 22:28:04 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 22:28:04 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013.02.13 22:28:04 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013.02.13 22:28:04 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013.02.13 22:27:59 | 000,287,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.02.13 22:26:03 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013.02.13 22:26:03 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013.02.13 22:26:01 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013.02.13 22:26:01 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013.02.13 22:26:01 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013.02.13 22:26:01 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013.02.13 22:26:01 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013.02.13 22:26:01 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013.02.13 22:26:01 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013.02.13 22:26:00 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.02.13 22:26:00 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013.02.13 22:26:00 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.02.13 22:25:58 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.02.13 22:25:58 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.02.13 22:25:58 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013.01.30 08:14:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\elsterformular [2013.01.30 08:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular [2013.01.30 08:14:05 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular [2013.01.30 08:13:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular ========== Files - Modified Within 30 Days ========== [2013.02.27 17:26:49 | 000,034,956 | ---- | M] () -- C:\Users\***\Documents\HitmanPro_20130227_1726.xml [2013.02.27 17:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.27 17:22:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 17:22:49 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.27 17:15:39 | 000,000,374 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics [2013.02.27 17:15:24 | 000,000,292 | ---- | M] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.02.27 17:15:20 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.27 17:15:17 | 3113,254,912 | -HS- | M] () -- C:\hiberfil.sys [2013.02.27 15:39:08 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npdeployJava1.dll [2013.02.27 15:39:08 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.27 15:39:08 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.27 15:39:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.27 15:39:08 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.27 15:39:08 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.27 15:04:51 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.27 15:04:51 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.27 15:02:24 | 000,002,023 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.27 08:59:54 | 000,000,826 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.25 21:32:46 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2013.02.24 13:08:20 | 000,001,117 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.23 14:09:33 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.23 14:09:33 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.23 14:09:33 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.23 14:09:33 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.23 14:09:33 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.20 09:34:29 | 000,000,956 | ---- | M] () -- C:\Windows\wiso.ini [2013.02.14 09:05:59 | 000,283,016 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.10 14:51:47 | 000,000,001 | ---- | M] () -- C:\Users\***\.SIG_PINSTATUS_VOREINSTELLUNG [2013.02.10 14:51:47 | 000,000,001 | ---- | M] () -- C:\Users\***\.SIG_DIALOG_VOREINSTELLUNG [2013.02.10 14:23:59 | 000,003,634 | ---- | M] () -- C:\Users\***\Documents\Begrüßung_ElsterOnline1.pdf [2013.02.10 14:22:05 | 000,010,455 | ---- | M] () -- C:\Users\***\iris68_elster_2048.pfx [2013.01.30 08:14:06 | 000,001,237 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk ========== Files Created - No Company Name ========== [2013.02.27 17:26:49 | 000,034,956 | ---- | C] () -- C:\Users\***\Documents\HitmanPro_20130227_1726.xml [2013.02.27 16:27:01 | 000,000,292 | ---- | C] () -- C:\Windows\tasks\PC Performer_DEFAULT.job [2013.02.27 15:04:51 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.27 15:02:24 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.02.27 15:02:24 | 000,002,023 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2013.02.27 08:59:54 | 000,000,826 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.02.25 21:20:43 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.02.25 21:20:43 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.02.25 21:20:43 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.02.25 21:20:43 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.02.25 21:20:43 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.02.24 13:08:20 | 000,001,117 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.10 14:51:47 | 000,000,001 | ---- | C] () -- C:\Users\***\.SIG_PINSTATUS_VOREINSTELLUNG [2013.02.10 14:51:47 | 000,000,001 | ---- | C] () -- C:\Users\***\.SIG_DIALOG_VOREINSTELLUNG [2013.02.10 14:23:59 | 000,003,634 | ---- | C] () -- C:\Users\***\Documents\Begrüßung_ElsterOnline1.pdf [2013.02.10 14:21:56 | 000,010,455 | ---- | C] () -- C:\Users\***\iris68_elster_2048.pfx [2013.01.30 08:14:06 | 000,001,237 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk [2012.08.09 21:40:17 | 000,000,032 | ---- | C] () -- C:\Users\***\.simfy [2012.02.15 17:42:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\acedrv07.dll [2011.02.20 20:39:53 | 000,975,140 | ---- | C] () -- C:\Users\***\AppData\Roaming\PandaIDProtectHelp_de.chm ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:30:56 | 014,165,504 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:46:56 | 012,868,608 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 02:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== Alternate Data Streams ========== @Alternate Data Stream - 144 bytes -> C:\ProgramData\Temp:798A3728 @Alternate Data Stream - 123 bytes -> C:\ProgramData\Temp:E1F04E8D < End of report > |
27.02.2013, 17:57 | #26 |
/// Malware-holic | PC Performer ok, versuchen wir mal win updates. Bitte beginne damit, Windows Updates zu instalieren. Am besten geht dies, wenn du über Start, Suchen gehst, und dort Windows Updates eingibst. Prüfe unter "Einstellungen ändern" dass folgendes ausgewählt ist: - Updates automatisch Instalieren, - Täglich - Uhrzeit wählen - Bitte den gesammten rest anhaken, außer: - detailierte benachichtungen anzeigen, wenn neue Microsoft software verfügbar ist. Klicke jetzt die Schaltfläche "OK" Klicke jetzt "nach Updates suchen". Bitte instaliere zunächst wichtige Updates. Es wird nötig sein, den PC zwischendurch neu zu starten. falls dies der Fall ist, musst du erneut über Start, Suchen, Windows Update aufrufen, auf Updates suchen klicken und die nächsten instalieren. Mache das selbe bitte mit den optionalen Updates. prüfe dann unter rechtsklick computer, eigenschaften, ob das servicepack 1 instaliert wurde, wenn erledigt, melden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.02.2013, 09:01 | #27 |
| PC Performer Guten Morgen, service pack 1 ist installiert und PCPerformer ist immer noch da. Wie kommt sowas, das ist ja ziemlich hartnäckig, oder? Und wieder vielen Dank für Deine Unterstützung! |
28.02.2013, 17:49 | #28 |
/// Malware-holic | PC Performer kannst du noch mal adwcleaner nutzen? löschen und log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
01.03.2013, 18:45 | #29 |
| PC Performer Hallo,AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.113 - Datei am 01/03/2013 um 18:40:29 erstellt # Aktualisiert am 23/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits) # Benutzer : *** - *** # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Downloads\adwcleaner(2).exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Windows\Tasks\PC Performer_DEFAULT.job Ordner Gelöscht : C:\Users\***\AppData\Roaming\PerformerSoft Ordner Gelöscht : C:\Users\Noa\AppData\Roaming\PerformerSoft ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\PerformerSoft Schlüssel Gelöscht : HKLM\Software\PerformerSoft ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v19.0 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\1eq0uunc.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Noa\AppData\Roaming\Mozilla\Firefox\Profiles\ydwq8iuy.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [21135 octets] - [23/01/2013 18:46:14] AdwCleaner[S2].txt - [3996 octets] - [24/02/2013 13:31:43] AdwCleaner[S3].txt - [1348 octets] - [27/02/2013 16:22:09] AdwCleaner[S4].txt - [1355 octets] - [01/03/2013 18:40:29] ########## EOF - C:\AdwCleaner[S4].txt - [1415 octets] ########## |
03.03.2013, 20:27 | #30 |
/// Malware-holic | PC Performer Hi HitmanPro - Download - Filepony hitmanpro laden, doppelklick, Lizenz, Testlizenz. Auf Scan nichts löschen. Log als xml exportieren und posten, bzw packen und anhängen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu PC Performer |
adwcleaner, andere, anderen, anleitungen, appdatalow, beste, besten, claro, datei, deinstalliert, downloaden, eingefangen, erfolgreich, fenster, gefangen, gen, glaube, internet browser, pc performer, pcperformer, performer, poste, posten, registrierungsdatenbank, strang, thema |