Drweb-cureit findet "dloader.trojan"

spikehansley · 02.04.2013, 12:06

Code:

ATTFilter

# AdwCleaner v2.115 - Datei am 02/04/2013 um 12:20:05 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : spike - SPIKE-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\spike\Downloads\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\searchplugins\delta.xml
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\Users\spike\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\extensions\ffxtlbr@babylon.com
Ordner Gelöscht : C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\extensions\staged
Ordner Gelöscht : C:\Users\spike\AppData\Roaming\OpenCandy

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\BabylonToolbar
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\DataMngr_Toolbar
Schlüssel Gelöscht : HKCU\Software\52eded1e169b840
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{C26644C4-2A12-4CA6-8F2E-0EDE6CF018F3}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\delta.deltaHlpr.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\52eded1e169b840
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCB4630-2A1C-4AA1-B422-345E8DC8A6DE}

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16446

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.delta-search.com/?affID=121561&tt=190313_wo2&babsrc=HP_ss&mntrId=980800241D7CBD47 --> hxxp://www.google.com

-\\ Mozilla Firefox v18.0.2 (de)

Datei : C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\prefs.js

C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\user.js ... Gelöscht !

Gelöscht : user_pref("avg.install.userSPSettings", "Delta Search");
Gelöscht : user_pref("browser.search.selectedEngine", "Delta Search");
Gelöscht : user_pref("browser.startup.homepage", "hxxp://www.delta-search.com/?affID=121561&tt=190313_wo2&babsr[...]

-\\ Google Chrome v26.0.1410.43

Datei : C:\Users\spike\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.1936] : homepage = "hxxp://www.delta-search.com/?affID=121561&tt=190313_wo2&babsrc=HP_ss&mntrId=98080024[...]

*************************

AdwCleaner[R1].txt - [3464 octets] - [02/04/2013 12:19:10]
AdwCleaner[S2].txt - [3369 octets] - [02/04/2013 12:20:05]

########## EOF - C:\AdwCleaner[S2].txt - [3429 octets] ##########

[CODE].
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.DDS Logfile:

Code:

ATTFilter

DDS (Ver_2012-11-20.01)
.
Microsoft Windows 7 Professional 
Boot Device: \Device\HarddiskVolume1
Install Date: 22.10.2009 14:37:01
System Uptime: 02.04.2013 12:28:35 (0 hours ago)
.
Motherboard: Gigabyte Technology Co., Ltd. |  | GA-MA790XT-UD4P
Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3200/200mhz
.
==== Disk Partitions =========================
.
A: is Removable
C: is FIXED (NTFS) - 932 GiB total, 603,318 GiB free.
D: is CDROM ()
E: is FIXED (NTFS) - 298 GiB total, 73,673 GiB free.
H: is FIXED (NTFS) - 1 GiB total, 0,926 GiB free.
T: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
U: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
V: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
W: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
X: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
Y: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
Z: is NetworkDisk (NTFS) - 2742 GiB total, 306,778 GiB free.
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP331: 26.03.2013 18:30:14 - Geplanter Prüfpunkt
RP333: 30.03.2013 07:22:05 - SPTD setup V1.83
RP334: 30.03.2013 07:26:15 - Removed Windows Phone Engineering Flashing Tool
RP335: 30.03.2013 07:30:03 - Removed EOSInfo
RP336: 30.03.2013 07:30:54 - Removed Bonjour
RP337: 02.04.2013 08:35:31 - Removed ocxinstall
RP338: 02.04.2013 08:48:15 - Nitro Reader 3 wurde entfernt
RP339: 02.04.2013 08:49:20 - Removed MKV2AC3 - 1.02.02
RP340: 02.04.2013 11:31:35 - Removed Java(TM) 6 Update 29
.
==== Installed Programs ======================
.
7-Zip 9.20 (x64 edition)
Acer eDisplay Management
Advertising Center
Amazon MP3-Downloader 1.0.17
AMD Dual-Core Optimizer
Apple Application Support
Apple Mobile Device Support
Apple Software Update
Assassin's Creed
AVM FRITZ!Box Dokumentation
AVM FRITZ!Box Druckeranschluss
B1315AppGuid
Battlefield 2(TM)
bl
Blender
CAESAR IV
Call of Duty(R) 2
Call of Duty(R) 2 Patch 1.3
Call of Duty(R) 4 - Modern Warfare(TM)
Canon IJ Network Scan Utility
Canon IJ Network Tool
CANON iMAGE GATEWAY Task for ZoomBrowser EX
Canon Inkjet Printer/Scanner/Fax Extended Survey Program
Canon Internet Library for ZoomBrowser EX
Canon Kurzwahlprogramm
Canon MOV Decoder
Canon MOV Encoder
Canon MovieEdit Task for ZoomBrowser EX
Canon MP Navigator EX 3.1
Canon MX870 series Benutzerregistrierung
Canon MX870 series MP Drivers
Canon Setup Utility 2.4
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities Digital Photo Professional 3.6
Canon Utilities Easy-PhotoPrint EX
Canon Utilities EOS Utility
Canon Utilities My Printer
Canon Utilities MyCamera
Canon Utilities PhotoStitch
Canon Utilities Picture Style Editor
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities Solution Menu
Canon Utilities WFT-E1/E2/E3/E4 Utility
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CloneCD
CloneDVD2
CorelDRAW Graphics Suite X5 - Windows Shell Extension 64 Bit
Crysis(R)
Crysis® 2
Crystal Reports Runtime XI
D3DX10
DATEV Infragistics Runtime V.3.2
Dropbox
EASEUS Partition Master 9.1.0 Home Edition
Empire Earth
EVEREST Home Edition v2.20
Evernote v. 4.6.3
Far Cry
FileMaker Password Recovery v1.0e (remove only)
FileMaker Pro 11
FileMaker Pro 12
FileZilla Client 3.5.3
Fotogalerie
GameSpy Arcade
GameSpy Comrade
Google Chrome
Google Update Helper
Gothic III
HandBrake 0.9.8
Hotfix für Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946040)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946308)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB946344)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947540)
Hotfix for Microsoft Visual Studio 2007 Tools for Applications - ENU (KB947789)
ImgBurn
iTunes
Jalbum
Java 7 Update 7
Java Auto Updater
Junk Mail filter update
Kaspersky Internet Security 2012
Logitech Desktop Messenger
Medal of Honor (TM)
Metro 2033
Microsoft .NET Framework 1.1
Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack
Microsoft .NET Framework 4 Extended
Microsoft .NET Framework 4 Extended DEU Language Pack
Microsoft Application Error Reporting
Microsoft Games for Windows - LIVE Redistributable
Microsoft Games for Windows Marketplace
Microsoft Office 2010 Primary Interop Assemblies
Microsoft Office Access MUI (German) 2010
Microsoft Office Excel MUI (German) 2010
Microsoft Office File Validation Add-In
Microsoft Office Groove MUI (German) 2010
Microsoft Office InfoPath MUI (German) 2010
Microsoft Office Live Add-in 1.5
Microsoft Office Office 32-bit Components 2010
Microsoft Office Office Subscription (German) 2010
Microsoft Office OneNote MUI (German) 2010
Microsoft Office Outlook MUI (German) 2010
Microsoft Office PowerPoint MUI (German) 2010
Microsoft Office Professional Plus 2010
Microsoft Office Professional Plus Subscription 2010
Microsoft Office Proof (English) 2010
Microsoft Office Proof (French) 2010
Microsoft Office Proof (German) 2010
Microsoft Office Proof (Italian) 2010
Microsoft Office Proofing (German) 2010
Microsoft Office Publisher MUI (German) 2010
Microsoft Office Shared 32-bit MUI (German) 2010
Microsoft Office Shared MUI (German) 2010
Microsoft Office Word MUI (German) 2010
Microsoft Online Services-Anmeldeassistent
Microsoft Silverlight
Microsoft SkyDrive
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft SQL Server 2008 R2 (64-bit)
Microsoft SQL Server 2008 R2 Native Client
Microsoft SQL Server 2008 R2 RsFx Driver
Microsoft SQL Server 2008 R2 Setup (English)
Microsoft SQL Server 2008 Setup Support Files 
Microsoft SQL Server Browser
Microsoft SQL Server Native Client
Microsoft SQL Server VSS Writer
Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2005 Redistributable (x64)
Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual Studio Tools for Applications 2.0 - ENU
Microsoft Visual Studio Tools for Applications 2.0 Language Pack - DEU
Microsoft Visual Studio Tools for Applications 2.0 Runtime
Microsoft Visual Studio Tools for Applications 2.0 Runtime Language Pack - DEU
Microsoft XML Parser
Microsoft_VC80_ATL_x86
Microsoft_VC80_ATL_x86_x64
Microsoft_VC80_CRT_x86
Microsoft_VC80_CRT_x86_x64
Microsoft_VC80_MFC_x86
Microsoft_VC80_MFC_x86_x64
Microsoft_VC80_MFCLOC_x86
Microsoft_VC80_MFCLOC_x86_x64
Microsoft_VC90_ATL_x86
Microsoft_VC90_ATL_x86_x64
Microsoft_VC90_CRT_x86
Microsoft_VC90_CRT_x86_x64
Microsoft_VC90_MFC_x86
Microsoft_VC90_MFC_x86_x64
Microsoft_VC90_MFCLOC_x86
Microsoft_VC90_MFCLOC_x86_x64
Movie Maker
Mozilla Firefox 18.0.2 (x86 de)
Mozilla Maintenance Service
MSVC80_x64_v2
MSVC80_x86_v2
MSVC90_x64
MSVC90_x86
MSVCRT
MSVCRT_amd64
MSVCRT110
MSVCRT110_amd64
MSXML 4.0 SP2 (KB954430)
MSXML 4.0 SP2 (KB973688)
MSXML 4.0 SP3 Parser
MSXML 4.0 SP3 Parser (KB973685)
MySQL Connector/ODBC 3.51
Nero 9 Essentials
Nero BurnRights
Nero BurnRights Help
Nero ControlCenter
Nero DiscSpeed
Nero DiscSpeed Help
Nero DriveSpeed
Nero DriveSpeed Help
Nero InfoTool
Nero InfoTool Help
Nero Installer
Nero Online Upgrade
Nero StartSmart
Nero StartSmart Help
neroxml
nLite 1.4.9.1
Nokia Ovi Suite
Notepad++
Nur Deinstallierung der CopyTrans Suite möglich.
NVIDIA Display Control Panel
NVIDIA Drivers
NVIDIA PhysX
Origin
Ovi Desktop Sync Engine
OviMPlatform
PDF Settings CS5
PDF Settings CS6
PE Builder 3.1.10a
ph
Phase 5 HTML-Editor
Photo Common
Photo Gallery
Pivot Pro Plugin
Portal
Print Server Utilities
PunkBuster Services
PVSonyDll
Remote Control USB Driver
RESIDENT EVIL 5
SAMSUNG USB Driver for Mobile Phones
SDK
Security Update for Microsoft .NET Framework 4 Client Profile (KB2160841)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405)
Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827)
Service Pack 1 for SQL Server 2008 R2 (KB2528583) (64-bit)
Sony TapeTool
SpeedFan (remove only)
SQL Server 2008 R2 SP1 Common Files
SQL Server 2008 R2 SP1 Database Engine Services
SQL Server 2008 R2 SP1 Database Engine Shared
SQL Server 2008 R2 SP1 Full text search
Sql Server Customer Experience Improvement Program
SQLXML4
Steam
Suite Specific
TeamViewer 7
Tom Clancy's Splinter Cell Chaos Theory
Tomb Raider: Legend 1.0
Tomb Raider: Underworld 1.1
True Image 2013
Update for Microsoft .NET Framework 4 Client Profile (KB2468871)
Update for Microsoft .NET Framework 4 Client Profile (KB2473228)
Update for Microsoft .NET Framework 4 Client Profile (KB2533523)
Update for Microsoft .NET Framework 4 Client Profile (KB2600217)
Update for Microsoft .NET Framework 4 Extended (KB2468871)
VLC media player 2.0.5
WinDFT
Windows 7 USB/DVD Download Tool
Windows Live Communications Platform
Windows Live Essentials
Windows Live Family Safety
Windows Live ID Sign-in Assistant
Windows Live Installer
Windows Live Mail
Windows Live Messenger
Windows Live MIME IFilter
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
Windows Live Writer
Windows Live Writer Resources
WinFuture xp-Iso-Builder 3.0.8
WinRAR
WinSetupFromUSB
XAMPP 1.7.4
Z-DATDump
Z-DBackup
zebNet Windows Keyfinder 2012 R2
.
==== End Of File ===========================

Code:

ATTFilter

DDS (Ver_2012-11-20.01) - NTFS_AMD64 
Internet Explorer: 9.0.8112.16446  BrowserJavaVersion: 10.7.2
Run by spike at 12:33:18 on 2013-04-02
Microsoft Windows 7 Professional   6.1.7601.1.1252.49.1031.18.6142.4069 [GMT 2:00]
.
AV: Kaspersky Internet Security *Enabled/Updated* {2EAA32A5-1EE1-1B22-95DA-337730C6E984}
SP: Kaspersky Internet Security *Enabled/Updated* {95CBD341-38DB-14AC-AF6A-08054B41A339}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Kaspersky Internet Security *Enabled* {1691B380-548E-1A7A-BE85-9A42CE15AEFF}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\system32\nvvsvc.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe
C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskhost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osaui.exe
C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
C:\Users\spike\AppData\Roaming\Dropbox\bin\Dropbox.exe
C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe
C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
C:\Program Files (x86)\iTunes\iTunesHelper.exe
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe
C:\DATEV\PROGRAMM\B0001442\PSNTSERV.EXE
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\dtsrvc.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE
C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe
C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSvcm.exe
c:\xampp\mysql\bin\mysqld.exe
C:\Windows\SysWOW64\NLSSRV32.EXE
C:\Windows\SysWOW64\NMSAccess32.exe
C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe
C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
C:\Windows\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\wmi64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdhost.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files (x86)\TeamViewer\Version7\TeamViewer.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_w32.exe
C:\Program Files (x86)\TeamViewer\Version7\tv_x64.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\SysWOW64\DllHost.exe
C:\Windows\SysWOW64\rundll32.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com
mWinlogon: Userinit = userinit.exe
BHO: SparweltGutscheinAlarm.Sparwelt_Gutschein_Tool: {10945114-b19f-4614-8450-b25e444a1020} - 
BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
BHO: Microsoft-Konto-Anmelde-Hilfsprogramm: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
BHO: Evernote extension: {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
TB: DMS Schnellsuche: {bbfc5b4d-6bcd-4f13-ad6e-f6364f9dc621} - 
uRun: [Samsung_AppInst] H:\SamsungSoftware\AppInst.exe
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
uRun: [Google Update] "C:\Users\spike\AppData\Local\Google\Update\GoogleUpdate.exe" /c
uRun: [OfficeSyncProcess] "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE"
uRun: [AdobeBridge] <no file>
mRun: [amd_dc_opt] "C:\Program Files (x86)\AMD\amd_dc_opt\amd_dc_opt.exe"
mRun: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe
mRun: [AVP] "C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe"
mRun: [TrueImageMonitor.exe] "C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe"
mRun: [AcronisTibMounterMonitor] C:\Program Files (x86)\Common Files\Acronis\TibMounter\TibMounterMonitor.exe
mRun: [iTunesHelper] "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
StartupFolder: C:\Users\spike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\Dropbox.lnk - C:\Users\spike\AppData\Roaming\Dropbox\bin\Dropbox.exe
StartupFolder: C:\Users\spike\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\EvernoteClipper.lnk - C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe
StartupFolder: C:\PROGRA~4\MICROS~1\Windows\STARTM~1\Programs\Startup\Basisschnittstelle Office Initialisierung.lnk - C:\DATEV\PROGRAMM\BSoffice\service\OfficeDiag.exe
uPolicies-Explorer: NoDriveTypeAutoRun = dword:145
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-Explorer: NoResolveTrack = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:0
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableLUA = dword:0
mPolicies-System: EnableUIADesktopToggle = dword:0
mPolicies-System: PromptOnSecureDesktop = dword:0
IE: An OneNote s&enden - Q:\office 2010\Office14\ONBttnIE.dll/105
IE: Append Link Target to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Auswahl speichern - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=3
IE: Convert Link Target to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Diese Seite ausschneiden - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=1
IE: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ie_banner_deny.htm
IE: Nach Microsoft E&xcel exportieren - Q:\office 2010\Office14\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: URL notieren - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html?clipAction=0
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\ievkbd.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
IE: {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\klwtbbho.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
TCP: NameServer = 10.1.2.1
TCP: Interfaces\{74AA11C2-CDD0-46B1-957B-314514D5B3D2} : DHCPNameServer = 10.1.2.1
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files (x86)\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL
LSA: Security Packages =  kerberos msv1_0 schannel wdigest tspkg pku2u livessp msoidssp
x64-BHO: IEVkbdBHO Class: {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-BHO: Groove GFS Browser Helper: {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
x64-BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-BHO: FilterBHO Class: {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Run: [Acronis Scheduler2 Service] "C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe"
x64-Run: [OfficeSubscriptionAgent] "C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osaui.exe"
x64-Run: [BCSSync] "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices
x64-Run: [AdobeAAMUpdater-1.0] "C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe"
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\ievkbd.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\x64\klwtbbho.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - <orphaned>
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-Notify: klogon - C:\Windows\System32\klogon.dll
x64-SSODL: WebCheck - <orphaned>
x64-SEH: Groove GFS Stub Execution Hook - {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@Kaspersky.ru\components\abhelperxpcom.dll
FF - component: C:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\kavlinkfilter.dll
FF - component: C:\Program Files (x86)\Nokia\Nokia Ovi Suite\Connectors\Bookmarks Connector\FirefoxExtension\components\FirefoxExtension.dll
FF - component: C:\Users\spike\AppData\Roaming\Mozilla\Firefox\Profiles\bfpltw22.default\extensions\DTToolbar@toolbarnet.com\components\DTToolbarFF.dll
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin10174.dll
FF - plugin: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL
FF - plugin: C:\Program Files (x86)\Canon\ZoomBrowser EX\Program\NPCIG.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrlui.dll
FF - plugin: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
FF - plugin: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
FF - plugin: C:\Users\spike\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll
FF - plugin: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
FF - plugin: C:\Windows\SysWOW64\npDeployJava1.dll
FF - plugin: C:\Windows\SysWOW64\npmproxy.dll
.
============= SERVICES / DRIVERS ===============
.
R?2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
R0 fltsrv;Acronis Storage Filter Management;C:\Windows\System32\drivers\fltsrv.sys [2012-10-14 155272]
R0 PxHlpa64;PxHlpa64;C:\Windows\System32\drivers\PxHlpa64.sys [2013-2-23 56208]
R0 tib_mounter;Acronis TIB Mounter;C:\Windows\System32\drivers\tib_mounter.sys [2012-10-14 1093256]
R0 vididr;Acronis Virtual Disk;C:\Windows\System32\drivers\vididr.sys [2012-10-14 228488]
R0 vidsflt;Acronis Disk Storage Filter;C:\Windows\System32\drivers\vidsflt.sys [2012-10-14 166024]
R1 kl2;kl2;C:\Windows\System32\drivers\kl2.sys [2011-3-4 11864]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\System32\drivers\klim6.sys [2010-4-22 29488]
R1 sx64ait;sx64ait;C:\Windows\System32\drivers\sx64ait.sys [2007-2-28 17408]
R2 afcdpsrv;Acronis Nonstop Backup Service;C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-10-14 3729400]
R2 AVP;Kaspersky Anti-Virus Service;C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r --> C:\Program Files (x86)\Kaspersky Lab\Kaspersky Internet Security 2012\avp.exe -r [?]
R2 DatevPrintService;DATEV Druckservice;C:\DATEV\PROGRAMM\B0001442\PSNTServ.exe [2012-6-14 87040]
R2 msoidsvc;Microsoft Online Services Sign-in Assistant;C:\Program Files\Common Files\Microsoft Shared\Microsoft Online Services\MSOIDSVC.EXE [2012-5-17 2079520]
R2 MSSQL$DATEV_DBENGINE;SQL Server (DATEV_DBENGINE);C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\sqlservr.exe [2011-6-17 62111072]
R2 nlsX86cc;Nalpeiron Licensing Service;C:\Windows\SysWOW64\NLSSRV32.EXE [2012-10-10 69640]
R2 osubsvc;Microsoft Office 2010-Abonnement-Agent;C:\Program Files\Common Files\Microsoft Shared\OFFICE14\osa.exe [2011-11-16 607048]
R2 PdiService;Portrait Displays SDK Service;C:\Program Files (x86)\Common Files\Portrait Displays\Drivers\pdisrvc.exe [2013-2-7 113456]
R2 syncagentsrv;Acronis Sync Agent Service;C:\Program Files (x86)\Common Files\Acronis\SyncAgent\syncagentsrv.exe [2012-8-18 7027752]
R2 TeamViewer7;TeamViewer 7;C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-4-11 2754984]
R3 afcdp;afcdp;C:\Windows\System32\drivers\afcdp.sys [2012-10-14 367200]
R3 AmdTools64;AMD Special Tools Driver;C:\Windows\System32\drivers\AmdTools64.sys [2010-8-28 47616]
R3 busenum;Synology Virtual USB Hub;C:\Windows\System32\drivers\busenum.sys [2012-8-3 55776]
R3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\System32\drivers\klmouflt.sys [2009-11-2 22544]
R3 MSSQLFDLauncher$DATEV_DBENGINE;SQL Full-text Filter Daemon Launcher (DATEV_DBENGINE);C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\fdlauncher.exe [2010-4-3 32096]
R3 RTL8167;Realtek 8167 NT Driver;C:\Windows\System32\drivers\Rt64win7.sys [2009-3-1 187392]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S2 Datev.Framework.RemoteServiceModel.EnablerService;DATEV DFL-Service-Manager;C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single --> C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServiceModel.EnablerService -SvcRunLevel=9999 -Single [?]
S2 XAMPP;XAMPP Service;C:\xampp\service.exe [2007-12-21 60928]
S3 DATEV Update-Service;DATEV Update-Service;C:\DATEV\PROGRAMM\Install\DvInesASDSvc.Exe [2012-7-3 157792]
S3 Datev.Database.Conserve;DATEV Connection Service;C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 --> C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Database.Conserve SvcRunLevel=1000 [?]
S3 Datev.Framework.RemoteServices;DATEV DFL Infrastruktur-Dienst;C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single --> C:\DATEV\SYSTEM\Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Framework.RemoteServices -SvcRunLevel=1000 -Single [?]
S3 Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn;DATEV Schnittstellensystem pro V0300;Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn --> Datev.Framework.RemoteServiceModel.GenericService2010.exe Datev.Unternehmen.SystemComponents.ServiceBus.V0300.PlugIn [?]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\Windows\System32\drivers\ssudbus.sys [2013-3-9 99384]
S3 epmntdrv;epmntdrv;C:\Windows\System32\epmntdrv.sys [2012-3-4 16776]
S3 EuGdiDrv;EuGdiDrv;C:\Windows\System32\EuGdiDrv.sys [2012-3-4 9096]
S3 fssfltr;fssfltr;C:\Windows\System32\drivers\fssfltr.sys [2013-1-30 57856]
S3 fsssvc;Windows Live Family Safety Service;C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe [2012-9-12 1512448]
S3 HTCAND64;HTC Device Driver;C:\Windows\System32\drivers\androidusb.sys [2010-4-29 32768]
S3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-1-9 174440]
S3 pwdrvio;pwdrvio;C:\Windows\System32\pwdrvio.sys [2010-4-9 19936]
S3 pwdspio;pwdspio;C:\Windows\System32\pwdspio.sys [2010-4-9 13280]
S3 SaiHFF0C;SaiHFF0C;C:\Windows\System32\drivers\SaiHFF0C.sys [2007-5-1 171144]
S3 SaiUFF0C;SaiUFF0C;C:\Windows\System32\drivers\SaiUFF0C.sys [2007-5-1 34304]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\Windows\System32\drivers\ssudmdm.sys [2013-3-9 203320]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 SwitchBoard;SwitchBoard;C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-2-19 517096]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2011-7-14 59392]
S3 USBAAPL64;Apple Mobile USB Driver;C:\Windows\System32\drivers\usbaapl64.sys [2012-7-9 52736]
S3 WMSVC;Webverwaltungsdienst;C:\Windows\System32\inetsrv\WMSvc.exe [2009-7-14 10752]
S4 ftpsvc;Microsoft-FTP-Dienst;C:\Windows\System32\svchost.exe -k ftpsvc [2009-7-14 27136]
S4 MSSQLServerADHelper100;SQL Active Directory Helper Service;C:\Program Files\Microsoft SQL Server\100\Shared\sqladhlp.exe [2010-4-3 59744]
S4 RsFx0151;RsFx0151 Driver;C:\Windows\System32\drivers\RsFx0151.sys [2011-6-17 313696]
S4 SQLAgent$DATEV_DBENGINE;SQL Server Agent (DATEV_DBENGINE);C:\Program Files\Microsoft SQL Server\MSSQL10_50.DATEV_DBENGINE\MSSQL\Binn\SQLAGENT.EXE [2011-6-17 431456]
.
=============== File Associations ===============
.
ShellExec: dreamweaver.exe: Open="C:\Program Files (x86)\Adobe\Adobe Dreamweaver CS6\dreamweaver.exe", "%1"
.
=============== Created Last 30 ================
.
2013-03-30 06:49:33	--------	d-----w-	C:\Users\spike\Doctor Web
2013-03-29 06:17:02	--------	d-----w-	C:\Users\spike\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
2013-03-21 07:26:41	--------	d-----w-	C:\Program Files (x86)\WinDFT
2013-03-20 04:18:46	9162192	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{BC50221D-6891-41E8-9BF2-F9AD93B4969C}\mpengine.dll
2013-03-19 05:26:29	--------	d-----w-	C:\Program Files (x86)\Convar
2013-03-18 16:22:27	--------	d-----w-	C:\Program Files (x86)\Western Digital Corporation
2013-03-18 10:44:21	--------	d-----w-	C:\Users\spike\AppData\Roaming\TrafficMonitor
2013-03-18 10:44:02	--------	d-----w-	C:\ProgramData\TrafficMonitor
2013-03-13 16:09:24	--------	d-----w-	C:\Program Files (x86)\CamStudio 2.7
2013-03-13 08:08:44	--------	d-----w-	C:\Users\spike\AppData\Roaming\Malwarebytes
2013-03-13 08:08:36	--------	d-----w-	C:\ProgramData\Malwarebytes
2013-03-12 14:34:32	--------	d-----w-	C:\Users\spike\Untitled_Projecthh
2013-03-12 14:01:50	--------	d-----w-	C:\Users\spike\ergerg
2013-03-09 10:25:42	99384	----a-w-	C:\Windows\System32\drivers\ssudbus.sys
2013-03-09 10:25:42	203320	----a-w-	C:\Windows\System32\drivers\ssudmdm.sys
2013-03-09 07:21:46	178688	----a-w-	C:\Windows\SysWow64\unrar.dll
2013-03-09 06:46:58	--------	d-----w-	C:\Users\spike\AppData\Roaming\Neuer Ordner
2013-03-09 06:45:02	--------	d-----w-	C:\Users\spike\AppData\Roaming\AACS
2013-03-06 07:10:20	--------	d-----w-	C:\Program Files (x86)\MakeMKV
2013-03-04 14:01:42	139352	----a-w-	C:\Windows\SysWow64\drivers\AnyDVD.sys
2013-03-04 14:01:42	139352	----a-w-	C:\Windows\System32\drivers\AnyDVD.sys
2013-03-04 12:24:27	40344	----a-w-	C:\Windows\System32\drivers\ElbyCDIO.sys
2013-03-04 09:21:40	97176	----a-w-	C:\Windows\SysWow64\ElbyCDIO.dll
.
==================== Find3M  ====================
.
2013-03-30 06:22:35	564824	----a-w-	C:\Windows\System32\drivers\sptd.sys
2013-03-17 07:53:18	73432	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-17 07:53:18	693976	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-01-17 00:28:58	273840	------w-	C:\Windows\System32\MpSigStub.exe
.
============= FINISH: 12:34:35,62 ===============

--- --- ---

Drweb-cureit findet "dloader.trojan"

Plagegeister aller Art und deren Bekämpfung: Drweb-cureit findet "dloader.trojan"

Drweb-cureit findet "dloader.trojan"

Ähnliche Themen: Drweb-cureit findet "dloader.trojan"