| |
| |||||||
Log-Analyse und Auswertung: Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
10.04.2013, 21:10
| #1 |
 |  Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Durch Unaufmerksamkeit habe ich mir mit einem Schein-pdf einer gefakten Skype-Rechnung einen Plagegeist eingefangen. Ich wunderte mich, dass das pdf nach dem anklicken verschwunden war und sah, dass der Mailprovider einen Backdoor-Trojaner identifziert hatte. Zu spät. Als erstes habe ich dann folgendes gemacht:
Dann habe ich mich durch einschlägige Threads gelesen und einiges ausprobiert (Ergebnisse im Anhang) • AdwCleaner (1+2) • SpyRobot • Malwarebytes • CCleaner • ESET • Secunia PSI • avast! (hängte sich allerdings im aus gleichem Grunde mehrfach auf) Malwarebytes hat "Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\andrea~1\dxsxrr.exe -> Keine Aktion durchgeführt" gefunden. Ein Symptom (vielleicht ist es eins oder nicht): es geht beim Rechnerstart auf dem Desktop folgendes Fenster auf: Explorer.EXE (EXE großgeschrieben) mit einem gelben Achtung!-Dreieck, aber ohne Text (s. Anhang). Wenn ich dieses Fenster nicht zumache, geht die Sidebar nicht an. Sonst habe ich noch keine weiteren Aktivitäten bemerkt. Jetzt weiß ich nicht mehr weiter und möchte die Angelegenheit nicht verschlimmbessern, deswegen bitte ich hier um Eure Hilfe. Meinen Rechner komplett neu aufsetzen, wäre superarbeitsintensiv. Das explorer.exe-Fenster ist immer noch da … Nun habe ich noch das getan, was man als Hilfesuchender tun soll (OTL und Gmer). Die Extra.txt-Datei von OTL hat er mir beim Quickscan nicht gegeben, die anhängende ist von meinem Vollscan heute nachmittag. Meinen Klarnamen habe ich mit MEINNAME ersetzt, den Rechnernamen mit MEINRECHNER Für alle Hilfen schon jetzt meinen allerherzlichsten Dank! Die hilflose ansuno Code:
ATTFilter OTL logfile created on: 10.04.2013 20:02:38 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\MEINNAME\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 5,75 Gb Available Physical Memory | 74,61% Memory free 8,90 Gb Paging File | 7,07 Gb Available in Paging File | 79,42% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 53,05 Gb Free Space | 44,62% Space Free | Partition Type: NTFS Computer Name: MEINRECHNER | User Name: MEINNAME | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe PRC - [2013.04.10 13:22:52 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Update\realsched.exe PRC - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe PRC - [2013.02.20 03:21:43 | 000,896,512 | ---- | M] () -- C:\Users\MEINNAME\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe PRC - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe PRC - [2013.02.07 14:31:18 | 000,575,000 | ---- | M] (Secunia) -- C:\Program Files (x86)\Secunia\PSI\psi_tray.exe PRC - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe PRC - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.11.13 14:08:08 | 003,825,176 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe PRC - [2012.11.13 14:07:24 | 000,168,384 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe PRC - [2012.11.13 14:07:20 | 001,369,624 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe PRC - [2012.11.13 14:07:16 | 001,103,392 | ---- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe PRC - [2012.07.16 17:24:28 | 001,114,112 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe ========== Modules (No Company Name) ========== MOD - [2013.02.25 18:45:33 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll MOD - [2013.02.25 18:43:51 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll MOD - [2013.02.25 18:43:41 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll MOD - [2013.02.25 18:43:39 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll MOD - [2013.02.25 18:43:34 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll MOD - [2013.02.25 18:43:31 | 011,494,912 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll MOD - [2013.01.28 13:08:56 | 000,087,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2013.01.28 13:08:28 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2012.11.13 14:06:32 | 000,158,624 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl MOD - [2012.11.13 14:06:30 | 000,108,960 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl MOD - [2012.11.13 14:06:28 | 000,554,400 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl MOD - [2012.11.13 14:06:28 | 000,528,288 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl MOD - [2012.11.13 14:06:28 | 000,416,160 | ---- | M] () -- C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl MOD - [2012.09.14 00:04:06 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2012.05.30 08:51:08 | 000,699,280 | R--- | M] () -- C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll ========== Services (SafeList) ========== SRV:64bit: - [2013.02.02 10:21:45 | 000,467,456 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\netprofmsvc.dll -- (netprofm) SRV:64bit: - [2013.01.29 03:57:14 | 000,014,920 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend) SRV:64bit: - [2013.01.10 01:23:16 | 001,964,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wlidsvc.dll -- (wlidsvc) SRV:64bit: - [2013.01.10 01:22:35 | 000,438,272 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\lsm.dll -- (LSM) SRV:64bit: - [2012.12.06 06:23:00 | 000,170,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\TimeBrokerServer.dll -- (TimeBroker) SRV:64bit: - [2012.12.06 06:22:59 | 000,178,176 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\SystemEventsBrokerServer.dll -- (SystemEventsBroker) SRV:64bit: - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll -- (PrintNotify) SRV:64bit: - [2012.11.06 06:17:41 | 000,169,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\AudioEndpointBuilder.dll -- (AudioEndpointBuilder) SRV:64bit: - [2012.09.20 11:10:47 | 002,367,528 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\WSService.dll -- (WSService) SRV:64bit: - [2012.09.20 08:31:18 | 000,116,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\fhsvc.dll -- (fhsvc) SRV:64bit: - [2012.09.20 08:30:41 | 000,179,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\bisrv.dll -- (BrokerInfrastructure) SRV:64bit: - [2012.07.26 05:07:47 | 000,065,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\wiarpc.dll -- (WiaRpc) SRV:64bit: - [2012.07.26 05:07:42 | 000,263,680 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\SysNative\wcmsvc.dll -- (Wcmsvc) SRV:64bit: - [2012.07.26 05:07:40 | 000,283,648 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\vaultsvc.dll -- (VaultSvc) SRV:64bit: - [2012.07.26 05:07:25 | 000,012,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\svsvc.dll -- (svsvc) SRV:64bit: - [2012.07.26 05:06:34 | 000,743,936 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\netlogon.dll -- (Netlogon) SRV:64bit: - [2012.07.26 05:06:33 | 000,161,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\NcaSvc.dll -- (NcaSvc) SRV:64bit: - [2012.07.26 05:06:33 | 000,073,728 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\NcdAutoSetup.dll -- (NcdAutoSetup) SRV:64bit: - [2012.07.26 05:05:55 | 000,059,904 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\keyiso.dll -- (KeyIso) SRV:64bit: - [2012.07.26 05:05:34 | 000,037,376 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\efssvc.dll -- (EFS) SRV:64bit: - [2012.07.26 05:05:28 | 000,207,872 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\DeviceSetupManager.dll -- (DsmSvc) SRV:64bit: - [2012.07.26 05:05:24 | 000,342,016 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\das.dll -- (DeviceAssociationService) SRV:64bit: - [2012.07.26 05:05:08 | 000,122,368 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\AUInstallAgent.dll -- (AllUserInstallAgent) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicvss) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmictimesync) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicshutdown) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicrdv) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmickvpexchange) SRV:64bit: - [2012.07.26 02:24:02 | 000,336,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\icsvc.dll -- (vmicheartbeat) SRV - [2013.03.06 02:21:50 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service) SRV - [2013.02.28 19:25:34 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2013.02.20 03:21:43 | 000,896,512 | ---- | M] () [Auto | Running] -- C:\Users\MEINNAME\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe -- (AddonsHelper) SRV - [2013.02.07 14:31:22 | 001,223,704 | ---- | M] (Secunia) [Auto | Running] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2013.02.07 14:31:20 | 000,660,504 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent) SRV - [2012.12.24 05:33:29 | 000,144,520 | R--- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe -- (N360) SRV - [2012.12.18 21:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs) SRV - [2012.11.06 06:36:55 | 002,675,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll -- (PrintNotify) SRV - [2012.07.26 05:20:04 | 000,018,432 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysWOW64\StorSvc.dll -- (StorSvc) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.22 21:53:59 | 000,177,312 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS -- (SymEvent) DRV:64bit: - [2013.02.07 14:15:22 | 000,018,456 | ---- | M] (Secunia) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys -- (PSI) DRV:64bit: - [2013.02.07 06:09:56 | 000,069,864 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\pdc.sys -- (pdc) DRV:64bit: - [2013.02.02 13:19:44 | 000,446,184 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBHUB3.SYS -- (USBHUB3) DRV:64bit: - [2013.02.02 09:25:23 | 000,037,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys -- (BthAvrcpTg) DRV:64bit: - [2013.01.31 05:18:18 | 000,432,800 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys -- (SymNetS) DRV:64bit: - [2013.01.31 05:18:06 | 001,139,800 | ---- | M] (Symantec Corporation) [File_System | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys -- (SymEFA) DRV:64bit: - [2013.01.29 03:57:05 | 000,035,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdBoot.sys -- (WdBoot) DRV:64bit: - [2013.01.29 03:45:19 | 000,796,248 | ---- | M] (Symantec Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys -- (SRTSP) DRV:64bit: - [2013.01.29 03:45:19 | 000,036,952 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys -- (SRTSPX) DRV:64bit: - [2013.01.29 01:08:22 | 000,230,904 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WdFilter.sys -- (WdFilter) DRV:64bit: - [2013.01.22 04:15:33 | 000,493,656 | ---- | M] (Symantec Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys -- (SymDS) DRV:64bit: - [2013.01.11 20:02:34 | 000,064,624 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2013.01.10 03:53:32 | 000,028,904 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpiowin32.sys -- (msgpiowin32) DRV:64bit: - [2013.01.10 03:39:29 | 000,194,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2012.11.27 05:55:44 | 000,029,952 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\BthhfHid.sys -- (bthhfhid) DRV:64bit: - [2012.11.20 06:54:31 | 000,039,936 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hidi2c.sys -- (hidi2c) DRV:64bit: - [2012.11.16 04:22:01 | 000,224,416 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys -- (SymIRON) DRV:64bit: - [2012.11.16 04:18:04 | 000,168,096 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys -- (ccSet_N360) DRV:64bit: - [2012.11.06 05:55:44 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\fxppm.sys -- (FxPPM) DRV:64bit: - [2012.10.12 10:08:01 | 000,027,880 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.10.11 09:25:48 | 000,056,552 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\sdstor.sys -- (sdstor) DRV:64bit: - [2012.10.11 09:13:49 | 000,058,088 | ---- | M] (Microsoft Corporation) [Kernel | System | Stopped] -- C:\Windows\SysNative\Drivers\dam.sys -- (dam) DRV:64bit: - [2012.09.20 09:55:33 | 000,337,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\USBXHCI.SYS -- (USBXHCI) DRV:64bit: - [2012.09.20 09:55:33 | 000,212,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\UCX01000.SYS -- (UCX01000) DRV:64bit: - [2012.09.20 09:55:30 | 000,120,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\msgpioclx.sys -- (GPIOClx0101) DRV:64bit: - [2012.09.20 09:55:27 | 003,265,256 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2012.09.20 09:55:24 | 000,533,224 | ---- | M] (Broadcom Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2012.09.20 09:03:08 | 000,148,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tpm.sys -- (TPM) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.26 07:26:46 | 000,025,328 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.07.26 07:26:45 | 000,033,792 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\condrv.sys -- (condrv) DRV:64bit: - [2012.07.26 07:00:58 | 000,322,800 | ---- | M] (VIA Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS -- (VSTXRAID) DRV:64bit: - [2012.07.26 07:00:58 | 000,106,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\VerifierExt.sys -- (VerifierExt) DRV:64bit: - [2012.07.26 07:00:58 | 000,097,008 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\uaspstor.sys -- (UASPStor) DRV:64bit: - [2012.07.26 07:00:57 | 000,077,040 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\acpiex.sys -- (acpiex) DRV:64bit: - [2012.07.26 07:00:55 | 000,283,888 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\spaceport.sys -- (spaceport) DRV:64bit: - [2012.07.26 07:00:55 | 000,077,552 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\storahci.sys -- (storahci) DRV:64bit: - [2012.07.26 07:00:55 | 000,064,240 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\mvumis.sys -- (mvumis) DRV:64bit: - [2012.07.26 07:00:55 | 000,030,960 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2012.07.26 07:00:52 | 000,092,400 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2012.07.26 07:00:52 | 000,081,136 | ---- | M] (LSI Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\lsi_sss.sys -- (LSI_SSS) DRV:64bit: - [2012.07.26 07:00:52 | 000,064,752 | ---- | M] (Hewlett-Packard Company) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2012.07.26 07:00:51 | 000,113,904 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys -- (EhStorTcgDrv) DRV:64bit: - [2012.07.26 07:00:51 | 000,081,136 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\EhStorClass.sys -- (EhStorClass) DRV:64bit: - [2012.07.26 07:00:49 | 000,258,288 | ---- | M] (AMD Technologies Inc.) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2012.07.26 07:00:49 | 000,106,736 | ---- | M] (LSI) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\3ware.sys -- (3ware) DRV:64bit: - [2012.07.26 07:00:49 | 000,076,016 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2012.07.26 07:00:48 | 000,026,352 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2012.07.26 06:57:54 | 000,361,200 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\clfs.sys -- (CLFS) DRV:64bit: - [2012.07.26 06:54:34 | 000,096,496 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\wfplwfs.sys -- (WFPLWFS) DRV:64bit: - [2012.07.26 06:53:16 | 000,067,824 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vpci.sys -- (vpci) DRV:64bit: - [2012.07.26 05:17:38 | 000,036,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\terminpt.sys -- (terminpt) DRV:64bit: - [2012.07.26 04:29:14 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mshidumdf.sys -- (mshidumdf) DRV:64bit: - [2012.07.26 04:29:08 | 000,048,640 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicDisplay.sys -- (BasicDisplay) DRV:64bit: - [2012.07.26 04:29:03 | 000,024,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\HyperVideo.sys -- (HyperVideo) DRV:64bit: - [2012.07.26 04:28:52 | 000,029,696 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\BasicRender.sys -- (BasicRender) DRV:64bit: - [2012.07.26 04:27:58 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\vmgencounter.sys -- (gencounter) DRV:64bit: - [2012.07.26 04:27:41 | 000,018,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\kdnic.sys -- (kdnic) DRV:64bit: - [2012.07.26 04:27:37 | 000,010,752 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpitime.sys -- (acpitime) DRV:64bit: - [2012.07.26 04:27:33 | 000,023,552 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\npsvctrig.sys -- (npsvctrig) DRV:64bit: - [2012.07.26 04:27:29 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys -- (WpdUpFltr) DRV:64bit: - [2012.07.26 04:27:16 | 000,010,240 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\acpipagr.sys -- (acpipagr) DRV:64bit: - [2012.07.26 04:27:01 | 000,011,776 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\hyperkbd.sys -- (hyperkbd) DRV:64bit: - [2012.07.26 04:26:46 | 000,062,976 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SerCx.sys -- (SerCx) DRV:64bit: - [2012.07.26 04:26:43 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\SpbCx.sys -- (SpbCx) DRV:64bit: - [2012.07.26 04:26:34 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2012.07.26 04:26:13 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\bthhfenum.sys -- (BthHFEnum) DRV:64bit: - [2012.07.26 04:25:57 | 000,033,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\dmvsc.sys -- (dmvsc) DRV:64bit: - [2012.07.26 04:25:56 | 000,057,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.07.26 04:25:13 | 000,045,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\wpcfltr.sys -- (wpcfltr) DRV:64bit: - [2012.07.26 04:25:01 | 000,126,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys -- (NdisImPlatform) DRV:64bit: - [2012.07.26 04:23:53 | 000,068,608 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mslldp.sys -- (MsLldp) DRV:64bit: - [2012.07.26 04:23:42 | 000,097,792 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\Drivers\Ndu.sys -- (Ndu) DRV:64bit: - [2012.06.20 20:45:12 | 000,023,448 | R--- | M] (Symantec Corporation) [Kernel | Boot | Stopped] -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys -- (SymELAM) DRV:64bit: - [2012.06.02 16:31:56 | 000,589,824 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\Rt630x64.sys -- (RTL8168) DRV:64bit: - [2012.02.09 10:24:16 | 000,044,992 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\ISCTD64.sys -- (ISCT) DRV - [2013.03.22 03:52:21 | 001,387,608 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys -- (BHDrvx64) DRV - [2013.02.22 22:01:22 | 002,087,664 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130409.021\ex64.sys -- (NAVEX15) DRV - [2013.02.22 22:01:21 | 000,126,192 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130409.021\eng64.sys -- (NAVENG) DRV - [2013.02.21 17:50:58 | 000,513,184 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130406.001\IDSviA64.sys -- (IDSVia64) DRV - [2012.08.18 03:00:00 | 000,484,512 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys -- (eeCtrl) DRV - [2012.08.18 03:00:00 | 000,138,912 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv) DRV - [2003.07.03 17:53:26 | 000,028,160 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbccgp.sys -- (usbccgp) DRV - [2003.07.03 17:52:58 | 000,053,120 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbhub.sys -- (usbhub) DRV - [2003.07.03 17:51:46 | 000,019,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbuhci.sys -- (usbuhci) DRV - [2003.07.03 17:51:16 | 000,016,000 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\usbohci.sys -- (usbohci) DRV - [2003.07.03 17:50:46 | 000,025,216 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\usbehci.sys -- (usbehci) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 57 CA 49 DB 0E CE 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&k=0 IE - HKCU\..\SearchScopes\{08E831E0-63F4-4C5D-A912-63AE5B429055}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{696E239D-21FC-4DEF-8735-883C752844CC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKCU\..\SearchScopes\{7B50B11E-A19B-4362-BDC8-2D4ABFD36BBC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{8266E361-AF9E-46E1-99CB-7B881846ACB5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{C4C4172E-71F5-4F42-803A-6F83F3D2B70B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\..\SearchScopes\{D9750635-1F05-462A-95D8-ABB260077148}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.parfumo.de/" FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:7.3346.273.222 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.4.3 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\MEINNAME\AppData\Roaming\Helper [2013.02.20 03:38:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.22 21:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.10 16:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.10 19:24:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\components [2013.04.10 08:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.17 14:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Extensions [2013.04.10 17:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions [2013.04.10 08:37:24 | 000,000,000 | ---D | M] (WOT) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.05 23:38:36 | 001,190,001 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\readable@evernote.com.xpi [2013.02.17 14:20:42 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.03 07:36:04 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.17 14:20:42 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013.04.03 07:34:35 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.17 14:20:42 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2013.02.17 14:17:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 03:38:29 | 000,002,080 | ---- | M] () -- C:\Users\MEINNAME\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\searchplugins\7c9dbe2c-3ee2-46de-bf3e-380666a439a5.xml [2013.04.10 13:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 16:52:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN [2013.02.22 21:54:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN [2013.04.10 19:24:23 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TkBellExe] c:\program files\Update\realsched.exe (RealNetworks, Inc.) O4 - HKCU..\Run: [1&1 EasyLogin] C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) F3:64bit: - HKCU WinNT: Load - (c:\users\andrea~1\dxsxrr.exe) - File not found F3 - HKCU WinNT: Load - (c:\users\andrea~1\dxsxrr.exe) - File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A964C56F-DAD2-4CFC-A2AF-13162601EC96}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.10 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.10 17:47:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.10 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.10 16:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2013.04.10 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.10 13:57:06 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Malwarebytes [2013.04.10 13:56:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Programs [2013.04.10 13:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.10 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\RealNetworks [2013.04.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\templates [2013.04.10 13:23:13 | 000,045,184 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Filters [2013.04.10 13:23:01 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013.04.10 13:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Producer [2013.04.10 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\library [2013.04.10 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Secunia PSI [2013.04.10 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.04.09 16:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2013.04.09 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.04.08 10:19:00 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Die Einzelheiten Ihres Einkaufs [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Amazon MP3 [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2013.04.06 18:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.04.06 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.04.05 13:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labtec [2013.04.05 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.04.05 13:32:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.05 13:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.04 14:45:46 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Outlook-Dateien [2013.04.04 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\ORPALIS [2013.04.04 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Downloaded Installations [2013.04.02 19:16:31 | 000,000,000 | --SD | C] -- C:\Users\MEINNAME\Documents\Meine Shapes [2013.04.01 16:24:38 | 000,000,000 | R--D | C] -- C:\Users\MEINNAME\Documents\Scanned Documents [2013.04.01 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Fax [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Apple Computer [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Apple Computer [2013.04.01 01:07:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Apple [2013.04.01 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.31 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Skype [2013.03.31 20:39:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.31 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.31 07:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.03.31 07:57:31 | 001,931,472 | ---- | C] (Irfan Skiljan) -- C:\Users\MEINNAME\Desktop\iview435g_setup.exe [2013.03.31 07:54:53 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.03.30 08:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.30 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.30 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\AppData\Local\Google [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\extensions [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\defaults [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\components [2013.03.17 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\MEINNAME\Documents\Geburtstage etc [2013.03.14 11:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 11:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.02.27 22:19:28 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.02.27 22:19:28 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.02.27 22:19:28 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.02.27 22:19:28 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.02.27 22:19:27 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.02.27 22:19:27 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.02.27 22:19:27 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2013.02.27 22:19:27 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.02.27 22:19:27 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.02.27 22:19:27 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.02.27 22:19:27 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.02.27 22:19:27 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.02.27 22:19:27 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.02.27 22:19:27 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.02.27 22:19:27 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.02.27 22:19:26 | 003,303,936 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.02.27 22:19:26 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.02.27 22:19:22 | 000,384,088 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.02.27 22:19:22 | 000,355,416 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.02.27 22:19:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.02.27 22:19:21 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.02.27 22:19:21 | 000,136,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.02.27 22:19:21 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.02.27 22:19:21 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.02.27 22:19:20 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.02.27 22:19:16 | 000,112,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.02.27 22:19:16 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.02.27 22:19:16 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.02.27 22:19:16 | 000,071,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.02.27 22:19:16 | 000,030,816 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.02.27 22:19:15 | 000,501,328 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.02.27 22:19:15 | 000,017,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.02.27 22:19:15 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.02.26 16:38:49 | 017,887,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2013.02.26 16:38:49 | 002,954,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll [2013.02.26 16:38:49 | 000,812,440 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll [2013.02.26 16:38:49 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [2013.02.26 16:38:49 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2013.02.26 16:38:49 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll [2013.02.26 16:38:49 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2013.02.26 16:38:49 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2013.02.26 16:38:49 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2013.02.26 16:38:49 | 000,272,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2013.02.26 16:38:49 | 000,193,584 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe [2013.02.26 16:38:49 | 000,172,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2013.02.26 16:38:49 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe [2013.02.26 16:38:49 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2013.02.26 16:38:49 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2013.02.26 16:38:49 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll [2013.02.26 16:38:49 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe [2013.02.26 16:38:49 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2013.02.26 16:38:49 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe [2013.02.26 16:38:49 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2013.02.26 16:38:49 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2013.02.26 16:38:49 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll [2013.02.26 16:38:49 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2013.02.26 16:38:49 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2013.02.26 16:38:49 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2013.02.26 16:38:49 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2013.02.26 16:38:49 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll [2013.02.26 16:38:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll [2013.02.26 16:38:48 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll [2013.02.26 16:38:48 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2013.02.26 16:38:48 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2013.02.26 16:38:48 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll [2013.02.26 16:38:48 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll [2013.02.26 16:38:12 | 020,426,896 | ---- | C] (Mozilla) -- C:\Users\MEINNAME\Firefox Setup 19.0.exe [2013.02.25 21:29:10 | 001,646,288 | ---- | C] (Irfan Skiljan) -- C:\Users\MEINNAME\iview435_setup.exe [2013.02.22 21:46:38 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\MEINNAME\norton_360_setup.exe [2013.02.21 20:34:55 | 001,356,599 | ---- | C] (Wondersoft ) -- C:\Users\MEINNAME\pdfwriter_setup.exe [2013.02.21 02:51:33 | 006,325,760 | ---- | C] (TreeCardGames.com ) -- C:\Users\MEINNAME\free_spider_solitaire2010_v21_setup.exe [2013.02.20 03:24:04 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\8gadgetpacksetup-Downloader.exe [2013.02.20 03:20:57 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\vlc-2.0.5-win64-Downloader.exe [2013.02.19 22:58:20 | 006,020,336 | ---- | C] (1&1 Internet AG) -- C:\Program Files (x86)\EasyLogin_setup_DE.exe ========== Files - Modified Within 30 Days ========== [2013.04.10 19:40:59 | 000,000,000 | ---- | M] () -- C:\Users\MEINNAME\defogger_reenable [2013.04.10 19:35:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.10 19:31:54 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.10 19:31:54 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.10 19:31:54 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.10 19:31:54 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.10 19:31:54 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.10 19:26:59 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.10 19:25:34 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.10 19:24:58 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.10 19:24:57 | 2327,932,927 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 19:09:44 | 000,000,333 | ---- | M] () -- C:\Windows\BRCALIB.INI [2013.04.10 17:47:36 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\MEINNAME\Desktop\OTL.exe [2013.04.10 16:50:24 | 000,000,324 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 16:46:48 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 13:57:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:35 | 000,421,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:25:16 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 13:23:15 | 000,139,264 | ---- | M] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.04.10 13:23:14 | 002,041,072 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.04.10 13:23:14 | 001,115,376 | ---- | M] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.04.10 13:23:14 | 000,943,344 | ---- | M] (Gracenote) -- C:\Program Files\cddblink.dll [2013.04.10 13:23:14 | 000,119,808 | ---- | M] () -- C:\Program Files\waiting.avi [2013.04.10 13:23:14 | 000,027,278 | ---- | M] () -- C:\Program Files\frw.bmp [2013.04.10 13:23:14 | 000,002,851 | ---- | M] () -- C:\Program Files\cdroms.cfg [2013.04.10 13:23:13 | 003,303,936 | ---- | M] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.04.10 13:23:13 | 000,067,473 | ---- | M] () -- C:\Program Files\realplay.chm [2013.04.10 13:23:13 | 000,057,762 | ---- | M] () -- C:\Program Files\howto.chm [2013.04.10 13:23:13 | 000,016,296 | ---- | M] () -- C:\Program Files\realtfon.fon [2013.04.10 13:23:13 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:23:02 | 000,476,724 | ---- | M] () -- C:\Program Files\converter.vs [2013.04.10 13:23:01 | 000,390,384 | ---- | M] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:00 | 000,115,200 | ---- | M] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.04.10 13:23:00 | 000,045,428 | ---- | M] () -- C:\Program Files\sharemedia.vs [2013.04.10 13:23:00 | 000,001,209 | ---- | M] () -- C:\Program Files\flvplay.swf [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\RealNetworks License.html [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\playrlic.html [2013.04.10 13:22:58 | 001,109,362 | ---- | M] () -- C:\Program Files\normal.vs [2013.04.10 13:22:58 | 000,061,495 | ---- | M] () -- C:\Program Files\ssimages.vs [2013.04.10 13:22:58 | 000,000,480 | ---- | M] () -- C:\Program Files\keys.dat [2013.04.10 13:22:55 | 000,001,161 | ---- | M] () -- C:\Program Files\autoplaylist.dat [2013.04.10 13:22:55 | 000,000,043 | ---- | M] () -- C:\Program Files\strs23.dat [2013.04.10 13:22:55 | 000,000,013 | ---- | M] () -- C:\Program Files\strs26.dat [2013.04.10 13:22:53 | 000,427,405 | ---- | M] () -- C:\Program Files\calibrate.rv [2013.04.10 13:22:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.04.10 13:22:53 | 000,017,846 | ---- | M] () -- C:\Program Files\videotest.rm [2013.04.10 13:22:53 | 000,000,221 | ---- | M] () -- C:\Program Files\subscription.rnx [2013.04.10 13:22:53 | 000,000,177 | ---- | M] () -- C:\Program Files\freeoffers.rnx [2013.04.10 13:01:46 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.01 01:07:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | M] () -- C:\Users\MEINNAME\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | M] () -- C:\Users\MEINNAME\Desktop\IrfanView.lnk [2013.03.31 07:57:34 | 001,931,472 | ---- | M] (Irfan Skiljan) -- C:\Users\MEINNAME\Desktop\iview435g_setup.exe [2013.03.24 13:08:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ========== Files Created - No Company Name ========== [2013.04.10 19:40:59 | 000,000,000 | ---- | C] () -- C:\Users\MEINNAME\defogger_reenable [2013.04.10 17:47:36 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.10 17:47:36 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:46:48 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 14:35:11 | 000,000,324 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 13:56:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:32 | 000,421,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:23:13 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:01:46 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.10 13:01:46 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.04.01 01:07:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:07:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | C] () -- C:\Users\MEINNAME\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | C] () -- C:\Users\MEINNAME\Desktop\IrfanView.lnk [2013.03.30 08:30:59 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.30 08:30:58 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 13:08:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.03.02 11:23:26 | 000,054,769 | ---- | C] () -- C:\Program Files\blocklist.xml [2013.02.27 22:19:27 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2013.02.27 22:19:27 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2013.02.27 22:19:27 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2013.02.27 22:19:27 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2013.02.27 22:19:26 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2013.02.27 22:19:26 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm [2013.02.27 22:19:22 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2013.02.27 22:19:21 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2013.02.27 22:19:21 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2013.02.27 22:19:19 | 001,109,362 | ---- | C] () -- C:\Program Files\normal.vs [2013.02.27 22:19:19 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2013.02.27 22:19:19 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2013.02.27 22:19:16 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2013.02.27 22:19:16 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2013.02.27 22:19:16 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2013.02.27 22:19:15 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2013.02.27 22:19:15 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2013.02.27 22:19:15 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2013.02.27 22:19:15 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2013.02.26 16:38:49 | 009,643,305 | ---- | C] () -- C:\Program Files\omni.ja [2013.02.26 16:38:49 | 003,069,848 | ---- | C] () -- C:\Program Files\mozjs.dll [2013.02.26 16:38:49 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files [2013.02.26 16:38:49 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete [2013.02.26 16:38:49 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk [2013.02.26 16:38:49 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2013.02.26 16:38:49 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini [2013.02.26 16:38:48 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini [2013.02.26 16:38:48 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2013.02.26 16:38:48 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini [2013.02.26 16:38:48 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list [2013.02.21 14:33:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.02.20 03:21:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.20 03:04:46 | 009,539,515 | ---- | C] () -- C:\Program Files (x86)\Minianwendungen-fuer-Windows-8-DE-x64.zip [2013.02.20 00:22:51 | 097,375,792 | ---- | C] () -- C:\Program Files (x86)\MM82-G-319.exe [2013.02.19 22:04:17 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.31 06:22:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.31 06:22:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.07.29 03:20:07 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.02.20 00:34:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.20 00:16:02 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\1&1 [2013.04.06 18:16:21 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Amazon [2013.04.10 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\IrfanView [2013.04.10 19:24:22 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\MyPhoneExplorer [2013.02.20 03:21:42 | 000,000,000 | ---D | M] -- C:\Users\MEINNAME\AppData\Roaming\Opera ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-10 20:27:18
Windows 6.2.9200 x64 \Device\Harddisk0\DR0 -> \Device\0000002f SanDisk_SDSSDP128G rev.2.0.0 119,24GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\ANDREA~1\AppData\Local\Temp\ugdoqpob.sys
---- Kernel code sections - GMER 2.1 ----
.text C:\Windows\System32\win32k.sys!W32pServiceTable fffff96000063d00 7 bytes [40, A9, 82, 01, 00, 51, F2]
.text C:\Windows\System32\win32k.sys!W32pServiceTable + 8 fffff96000063d08 7 bytes [01, BA, C1, FF, 00, 58, DC]
---- User code sections - GMER 2.1 ----
.text C:\Windows\Explorer.EXE[2624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bb0177a 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bb01782 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 742 000007ff433d1b32 4 bytes [3D, 43, FF, 07]
.text C:\Windows\Explorer.EXE[2624] C:\Windows\SYSTEM32\WSOCK32.dll!recvfrom + 750 000007ff433d1b3a 4 bytes [3D, 43, FF, 07]
.text C:\Windows\System32\igfxpers.exe[3856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 306 000007ff4bb0177a 4 bytes [B0, 4B, FF, 07]
.text C:\Windows\System32\igfxpers.exe[3856] C:\Windows\system32\PSAPI.DLL!GetProcessImageFileNameA + 314 000007ff4bb01782 4 bytes [B0, 4B, FF, 07]
---- Threads - GMER 2.1 ----
Thread C:\Windows\system32\csrss.exe [476:3020] fffff9600078d5e8
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\Control\Session Manager\Kernel\RNG@RNGAuxiliarySeed -773498795
---- Files - GMER 2.1 ----
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\25ihsq2lfizbndwhuavhp5dzz.js 4373 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\all.js 148543 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\n2chdrnc2i5zrj3qac552l2vr.js 16692 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\ngvgb3wfmmzyvkftzlyyj4xxt.js 16942 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\r32gctn0fu3vjkpge2mjhij3q.js 104294 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\rtm.js 7554 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\vxdx1ixzaq1ihlzdim0txtfb2.js 40860 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\4 Mercedes-Benz 16 Zoll Radkappen 2044000325 121 _ eBay-Dateien\xfaqvdsp124hnino3kp5t1klv.js 342077 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\all.js 148543 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\eBayISAPI.dll 11 bytes
File C:\System Volume Information\SystemRestore\FRStaging\Users\MEINNAME\AppData\Local\Microsoft\Windows\FileHistory\Data\9\C\Users\MEINNAME\Documents\Work\ASNVerw\ASNBUFÜ\BuFü\2013\ER\Rohrreinigungswelle 1,40m Abflussreiniger Spirale Top Abfluß Reinigung Welle _ eBay-Dateien\rtm.js 19128 bytes
---- EOF - GMER 2.1 ----
Geändert von ansuno (10.04.2013 um 21:46 Uhr) |
| Themen zu Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. |
| backdoor trojaner bublik.b, defender, error, gamarue.i, harddisk, logfile, neu aufsetzen, pum.userwload, realplayer, registry, safer networking, security, software, symantec, system volume information, temp, trojan:win32/bublik.b, win32/adware.1clickdownload, win32/adware.toolplugin.a, win32k.sys, windows, winlogon, worm:win32/gamarue.i |
Baum-Darstellung