Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
BKA Trojaner weißer Desktop

BKA Trojaner weißer Desktop


Log-Analyse und Auswertung: BKA Trojaner weißer Desktop

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 14.04.2013, 21:20   #16
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Okay ich hab den OTL Quick Scan ausgeführt.OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 14.04.2013 22:02:22 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benjasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,51 Gb Available Physical Memory | 62,81% Memory free
7,99 Gb Paging File | 6,33 Gb Available in Paging File | 79,28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 276,38 Gb Free Space | 60,88% Space Free | Partition Type: NTFS
 
Computer Name: BENJAMIN-PC | User Name: Benjasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.13 01:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
PRC - [2013.04.12 08:40:19 | 000,990,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013.03.13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.02.25 13:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2011.05.10 11:44:36 | 026,285,920 | ---- | M] (SlimWare Utilities, Inc.) -- C:\Program Files (x86)\SlimDrivers\SlimDrivers.exe
PRC - [2010.09.03 00:42:56 | 000,862,208 | ---- | M] (Siliten) -- C:\Program Files (x86)\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe
PRC - [2010.07.02 12:07:02 | 007,041,024 | ---- | M] () -- C:\Program Files (x86)\USIM Editor\iconcs2189692.exe
PRC - [2010.01.26 22:58:06 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.12.03 15:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009.11.21 01:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.18 18:30:32 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.11.18 18:30:14 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.11.02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.10.22 19:35:08 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.10.22 19:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe
PRC - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 03:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2009.03.17 10:49:00 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\DC Software\DL10XP.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.30 09:24:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\SilverCrest GML807 Driver\UniFunc.dll
MOD - [2010.07.02 12:07:02 | 007,041,024 | ---- | M] () -- C:\Program Files (x86)\USIM Editor\iconcs2189692.exe
MOD - [2009.11.21 01:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.03.17 10:49:00 | 000,380,928 | ---- | M] () -- C:\Program Files (x86)\DC Software\DL10XP.exe
MOD - [2009.02.03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
MOD - [2008.03.31 09:07:04 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\DC Software\imghdlr.dll
MOD - [2004.05.11 11:38:20 | 000,061,952 | ---- | M] () -- C:\Program Files (x86)\DC Software\zlib.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 08:40:19 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.02.25 13:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 22:58:06 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.12.16 04:18:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.18 18:30:14 | 000,305,448 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -- (MWLService)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.14 21:36:51 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013.04.12 08:40:19 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.02.26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.02.14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.06 17:54:56 | 000,019,968 | ---- | M] (Siliten) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c)
DRV:64bit: - [2010.04.09 12:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2010.03.08 22:20:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.07.11 16:57:08 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007.07.11 12:07:36 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007.07.11 12:04:40 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2000.01.01 02:00:00 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = DOLLARKURS | Euro Dollar Wechselkurs | EUR/USD | aktueller Kurs | finanzen.net
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{20E025A1-E275-4670-8A5C-F107B713E40E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE382
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benjasmin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.04 21:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.03.12 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.03.12 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 10:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.04 21:47:35 | 000,000,000 | ---D | M]
 
[2010.06.27 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Extensions
[2010.06.27 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013.04.10 23:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Firefox\Profiles\d3d3hsr5.default\extensions
[2013.04.10 23:20:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Firefox\Profiles\d3d3hsr5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.19 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.14 20:54:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Launch SilverCrest GML807] C:\Program Files (x86)\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs2189692.exe ()
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000..\Run: [Facebook Update] C:\Users\Benjasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Benjasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{867F18B4-90FB-4472-ADFE-74E4F0AC7B49}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9303A6B-F7AB-451D-9EE9-52E0EA50BBF0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9BA50EF-97C8-4C30-AF96-1E571E0DB1CE}: NameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.14 21:37:02 | 000,000,000 | R--D | C] -- C:\Users\Benjasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.04.14 21:11:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.14 20:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.14 20:31:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.14 20:31:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.14 20:31:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.14 20:30:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.14 20:29:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.14 20:18:56 | 005,052,676 | R--- | C] (Swearware) -- C:\Users\Benjasmin\Desktop\ComboFix.exe
[2013.04.14 19:09:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
[2013.04.14 00:01:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.12 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\LumacDaemon
[2013.04.12 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Local\Firstload
[2013.04.12 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac
[2013.04.10 23:27:22 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\dwhelper
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Umox
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Ocbyo
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Apoz
[2010.01.27 21:12:01 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Users\Benjasmin\daemon4304-lite.exe
[2 C:\Users\Benjasmin\Desktop\*.tmp files -> C:\Users\Benjasmin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.14 21:43:41 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 21:43:41 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.14 21:38:49 | 000,078,054 | ---- | M] () -- C:\Users\Benjasmin\Desktop\Fehlermeldung.png
[2013.04.14 21:37:57 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.04.14 21:36:51 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013.04.14 21:36:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.14 21:35:44 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.14 21:35:33 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.14 21:32:55 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.14 21:14:06 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259796694-2473700428-155409205-1000UA.job
[2013.04.14 21:00:53 | 003,897,358 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.14 21:00:53 | 001,596,324 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.14 21:00:53 | 001,168,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.14 21:00:53 | 001,042,596 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.14 21:00:53 | 000,005,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.14 20:54:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.14 20:14:06 | 005,052,676 | R--- | M] (Swearware) -- C:\Users\Benjasmin\Desktop\ComboFix.exe
[2013.04.14 20:13:12 | 000,613,083 | ---- | M] () -- C:\Users\Benjasmin\Desktop\adwcleaner.exe
[2013.04.13 18:14:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259796694-2473700428-155409205-1000Core.job
[2013.04.13 17:44:57 | 000,000,216 | ---- | M] () -- C:\Users\Benjasmin\defogger_reenable
[2013.04.13 17:43:12 | 000,377,856 | ---- | M] () -- C:\Users\Benjasmin\Desktop\gmer.exe
[2013.04.13 01:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
[2013.04.12 08:40:39 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.12 08:40:19 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.04.10 21:45:10 | 000,030,922 | ---- | M] () -- C:\Users\Benjasmin\AppData\Roaming\wklnhst.dat
[2013.04.01 11:08:20 | 000,874,246 | ---- | M] () -- C:\Users\Benjasmin\Documents\Investitionstheorie 2011.pdf
[2013.03.31 18:06:26 | 000,046,995 | ---- | M] () -- C:\Users\Benjasmin\Documents\607_2012-12-09.pdf
[2013.03.21 20:53:28 | 000,538,052 | ---- | M] () -- C:\Users\Benjasmin\Documents\Licht.pdf
[2 C:\Users\Benjasmin\Desktop\*.tmp files -> C:\Users\Benjasmin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.14 21:38:18 | 000,078,054 | ---- | C] () -- C:\Users\Benjasmin\Desktop\Fehlermeldung.png
[2013.04.14 20:31:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.14 20:31:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.14 20:31:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.14 20:31:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.14 20:31:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.14 20:18:54 | 000,613,083 | ---- | C] () -- C:\Users\Benjasmin\Desktop\adwcleaner.exe
[2013.04.13 17:49:40 | 000,377,856 | ---- | C] () -- C:\Users\Benjasmin\Desktop\gmer.exe
[2013.04.13 17:44:57 | 000,000,216 | ---- | C] () -- C:\Users\Benjasmin\defogger_reenable
[2013.04.12 10:39:26 | 000,002,763 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk
[2013.04.12 08:40:39 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.01 11:08:20 | 000,874,246 | ---- | C] () -- C:\Users\Benjasmin\Documents\Investitionstheorie 2011.pdf
[2013.03.31 18:06:26 | 000,046,995 | ---- | C] () -- C:\Users\Benjasmin\Documents\607_2012-12-09.pdf
[2013.03.21 20:53:28 | 000,538,052 | ---- | C] () -- C:\Users\Benjasmin\Documents\Licht.pdf
[2011.10.19 16:11:30 | 000,011,264 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 08:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.05 02:31:01 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI
[2011.05.04 23:20:43 | 000,000,000 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\{04ABFE4E-36B7-4DE4-AB9F-67EFD117EEE3}
[2011.05.04 21:44:21 | 000,182,044 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011.05.04 21:44:21 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.02.08 20:45:19 | 000,030,922 | ---- | C] () -- C:\Users\Benjasmin\AppData\Roaming\wklnhst.dat
[2010.02.06 15:19:40 | 000,001,125 | ---- | C] () -- C:\Users\Benjasmin\Dokumente - Verknüpfung.lnk
[2010.01.25 19:09:07 | 000,007,607 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.04.01 10:36:16 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Apoz
[2011.10.19 16:10:46 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Ashampoo
[2012.10.16 10:08:51 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\AVG2013
[2011.05.05 20:59:48 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\bewerbung
[2010.01.27 21:12:54 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\DAEMON Tools Lite
[2012.10.03 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoft
[2013.04.12 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Firstload
[2013.03.12 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\FreemakeVideoDownloader
[2010.01.22 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\GameConsole
[2013.02.28 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\GrabPro
[2010.02.15 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LG Electronics
[2013.04.14 21:38:28 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LimeWire
[2013.04.12 10:40:52 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LumacDaemon
[2013.04.01 10:35:44 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Ocbyo
[2013.03.04 20:58:44 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Orbit
[2013.02.28 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\ProgSense
[2010.02.08 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Template
[2012.10.16 10:06:00 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\TuneUp Software
[2013.04.01 10:36:16 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Umox
[2013.04.12 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\UseNeXT
[2010.08.24 18:24:59 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Vodafone
[2013.03.18 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\WinHost
[2012.10.25 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.25 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA

< End of report >
--- --- ---
Alt 14.04.2013, 21:47   #17
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hi,

gut, jetzt noch 2 Signaturenscanner.
Wie läuft der Rechner?


Warnung: Infostealer

Aus deinen Logs ist ersichtlich, dass du Malware eingefangen hast, die es speziell auf deine sensitiven Daten (Benutzernamen, Passwörter, Onlinebankingzugangsdaten, etc.) abgesehen hat.
Man kann nicht genau wissen, was alles mitgeloggt wurde, aber sicherheitshalber würd ich alle auf diesem Rechner eingegebenen Daten und Passwörter als bekannt voraussetzen.

Ich würde dir daher raten, zum Schluss oder von einem sauberen Rechner aus sämtliche Zugangsdaten, welche an diesem Rechner verwendet wurden, zu ändern.



Schritt 1
  • Starte bitte die OTL.exe.
  • Kopiere nun den folgenden Inhalt aus der Codebox in die Textbox.
    Wichtig: Falls du deinen Benutzernamen im Log unkenntlich gemacht hast (z.B. durch ***), dann mach das hier wieder rückgängig.
Code:
ATTFilter
:OTL
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Umox
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Ocbyo
[2013.04.01 10:35:44 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Apoz
@Alternate Data Stream - 122 bytes -> C:\ProgramData\Temp:AB689DEA

:commands
[emptytemp]
  • Schliesse nun bitte alle anderen Programme.
  • Klicke jetzt auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
  • Nach dem Neustart findest du ein Textdokument auf deinem Desktop.
    (Auch zu finden unter C:\_OTL\MovedFiles\<date_time>.log)
  • Kopiere nun dessen Inhalt hier in deinen Thread.



Schritt 2

Downloade dir bitte Malwarebytes Anti-Malware .
  • Installiere das Programm in den vorgegebenen Pfad.
  • Starte nun Malwarebytes Anti-Malware.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke auf Aktualisierung --> Suche nach Aktualisierung.
  • Wenn das Update beendet wurde, aktiviere im Reiter Suchlauf die Option Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan fertig ist, klicke auf Ergebnisse anzeigen.
  • Versichere dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter dem Reiter Logdateien finden.



Schritt 3

Lade das Setup des ESET Online Scanners herunter und speichere es auf den Desktop.
  • Schliesse evtl. vorhandene externe Festplatten und USB-Sticks an den Rechner an.
  • Deaktiviere jetzt temporär für diesen Scan dein Antivirenprogramm und die Firewall.
    (Danach nicht vergessen, sie wieder einzuschalten.)
  • Starte nun die heruntergeladene esetsmartinstaller_enu.exe.
  • Setze den Haken bei Yes, I accept the Terms of Use und drücke Start.
  • Warte bis die Komponenten heruntergeladen sind.
  • Setze den Haken bei Scan archives.
  • Gehe sicher, dass bei Remove found Threats kein Haken gesetzt ist.
  • Drücke dann auf Start.
  • Die Signaturen werden heruntergeladen und der Scan startet automatisch.
    Hinweis: Dieser Scan kann unter Umständen ziemlich lange dauern!
  • Falls nach Beendigung des Scans Funde angezeigt werden, dann:
    • Drücke auf List of found threats.
    • Klicke dann auf Export to text file... und speichere die Textdatei als ESET.txt auf den Desktop.
    • Drücke danach auf << Back.
  • Schliesse nun den Scanner mit einem Klick auf Finish.
Poste bitte den Inhalt der ESET.txt oder teile mir mit, wenn es keine Funde gegeben hat.



Schritt 4

Downloade dir bitte SecurityCheck (Link 2).
  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Wenn der Scan beendet wurde, sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.



Schritt 5

Starte bitte die OTL.exe.
  • Setze den Haken bei Scan all Users.
  • Drücke auf den Quick Scan Button.
  • Poste den Inhalt von OTL.txt hier in den Thread.



Bitte poste in deiner nächsten Antwort:
  • Fixlog von OTL
  • Log von MBAM
  • Log von ESET
  • Log von SecurityCheck
  • Log von OTL
__________________

__________________
Alt 15.04.2013, 17:08   #18
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Grüß dich Leo,

Zitat:
Wie läuft der Rechner?
Ich habe noch nicht soviel mit dem betroffenem Rechner gearbeitet aber mir ist aufgefallen das er keine Verbindung mehr mit dem W-LAN herstellen kann. In der Fehlermeldung heißt es "Die Konnektivität... ist derzeit eingeschränkt".

Kann das durch eines der Programme passiert sein oder hat das eventuell mit der Meldung zutun die ich als Anhang geshickt hatte?

Zitat:
OTL kann gegebenfalls einen Neustart verlangen. Diesen bitte zulassen.
Der Pc hat bestimmt 10min lang im Schritt "Abmelden" festgehangen. Ich habe ihn, weil nichts mehr passiert ist, kurz vom Strom getrennt, was wahrscheinlich allgemein schon nicht gut ist. Eine Log Datei gibt es trotzdem.

Sollte ich den Schritt aufgrund dessen nocheinmal wiederholen oder wie beschrieben fortfahren?

All processes killed
========== OTL ==========
C:\Users\Benjasmin\AppData\Roaming\Umox folder moved successfully.
C:\Users\Benjasmin\AppData\Roaming\Ocbyo folder moved successfully.
C:\Users\Benjasmin\AppData\Roaming\Apoz folder moved successfully.
ADS C:\ProgramData\Temp:AB689DEA deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Benjasmin
->Temp folder emptied: 11962 bytes
->Temporary Internet Files folder emptied: 4656482 bytes
->Java cache emptied: 15100340 bytes
->FireFox cache emptied: 556974684 bytes
->Flash cache emptied: 11185 bytes

User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Public
->Temp folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 29249 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36045869 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 584,00 mb


OTL by OldTimer - Version 3.2.69.0 log created on 04152013_173659

Files\Folders moved on Reboot...
C:\Users\Benjasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...
__________________
Alt 15.04.2013, 17:49   #19
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hallo,

Zitat:
Sollte ich den Schritt aufgrund dessen nocheinmal wiederholen oder wie beschrieben fortfahren?
Du kannst mit dem nächsten Schritt fortfahren.
Das andere Problem können zum Schluss angehen, wenn das Thema "Malware" ganz abgeschlossen ist, ok?
__________________
cheers,
Leo

Alt 15.04.2013, 18:29   #20
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Zitat:

Das andere Problem können zum Schluss angehen, wenn das Thema "Malware" ganz abgeschlossen ist, ok?
Das ist ok. Ich wollte keine Schritte vorziehen oder so.

Aber wenn ich das richtig sehen braucht man für Schritt 3 also den ESET Online Scanners eine Internetverbing oder?


Gruß

Benjamin


Alt 15.04.2013, 18:40   #21
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hallo Benjamin,

Zitat:
braucht man für Schritt 3 also den ESET Online Scanners eine Internetverbing oder?
Ja, das ist korrekt. Du kommst also auch per LAN-Kabel nicht mehr ins Internet (oder hast diese Möglichkeit nicht)?
__________________
--> BKA Trojaner weißer Desktop

Alt 19.04.2013, 15:15   #22
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hi,

ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe?

Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.

Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen.
__________________
cheers,
Leo

Alt 20.04.2013, 18:48   #23
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hallo Leo,

Zitat:
Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos.
Ich hoffe das hast du noch nicht !

Ich bräuchte durchaus noch weiter deine Hilfe und würde auch dankbar sein diese zu erhalten. Dummerweise bin ich seit deinem letzten Tipp noch nicht weiter, ich habe dein Tipp versucht mit dem LAN Kabel ins Internet zu gelangen.
Zu gegeben das hört sich jetzt dumm an, aber seit wir unsere Fritzbox auf eine WLAN variante gewechselt haben war ich nicht mehr per LAN Kabel drin und die Zugangsdaten der Breitbandverbindung sind nicht gespeichert und ich weiß sie nicht mehr wo sie stehen.Daher der Stillstand.

Könnte man den Schritt mit dem ESET Scanner theoretisch überspringe oder würde das zuviel der Malware "unberührt" lassen?

Gruß

Benjamin

Alt 20.04.2013, 18:50   #24
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Ok, dann überspring diesen Schritt mal.
__________________
cheers,
Leo

Alt 24.04.2013, 07:28   #25
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hallo Leo,

die Log vom ersten Schritt hatte ich ja schon gepostet, hier nun Schritt 2, 4 & 5.

Malwarebytes Anti-Malware 1.75.0.1300
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.04.04.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Benjasmin :: BENJAMIN-PC [Administrator]

15.04.2013 18:39:24
MBAM-log-2013-04-15 (19-12-44).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 226869
Laufzeit: 6 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Benjasmin\Favorites\FREE.JP.URL (Rogue.Link) -> Keine Aktion durchgeführt.
C:\EXTRACTED\password.txt (Malware.Trace) -> Keine Aktion durchgeführt.

(Ende)




Results of screen317's Security Check version 0.99.62
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
AVG AntiVirus Free Edition 2013
Antivirus out of date!
`````````Anti-malware/Other Utilities Check:`````````
Malwarebytes Anti-Malware Version 1.75.0.1300
CCleaner (remove only)
Java(TM) 6 Update 32
Java version out of Date!
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 15.0.1 Firefox out of Date!
````````Process Check: objlist.exe by Laurent````````
AVG avgwdsvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 23.04.2013 22:54:58 - Run 3
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Benjasmin\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,64 Gb Available Physical Memory | 65,98% Memory free
7,99 Gb Paging File | 6,51 Gb Available in Paging File | 81,53% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 453,94 Gb Total Space | 276,90 Gb Free Space | 61,00% Space Free | Partition Type: NTFS
 
Computer Name: BENJAMIN-PC | User Name: Benjasmin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.13 01:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
PRC - [2013.04.12 08:40:19 | 000,990,896 | ---- | M] () -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe
PRC - [2013.03.13 17:15:00 | 004,394,032 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe
PRC - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
PRC - [2013.02.25 13:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe
PRC - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
PRC - [2012.07.15 18:09:40 | 000,138,096 | ---- | M] (Facebook Inc.) -- C:\Users\Benjasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe
PRC - [2010.09.03 00:42:56 | 000,862,208 | ---- | M] (Siliten) -- C:\Program Files (x86)\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe
PRC - [2010.07.02 12:07:02 | 007,041,024 | ---- | M] () -- C:\Program Files (x86)\USIM Editor\iconcs2189692.exe
PRC - [2010.01.26 22:58:06 | 000,066,872 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2009.12.03 15:32:54 | 000,600,688 | ---- | M] (Chicony) -- C:\Program Files (x86)\Video Web Camera\traybar.exe
PRC - [2009.11.21 01:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
PRC - [2009.11.18 18:30:32 | 000,349,480 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe
PRC - [2009.11.18 18:30:14 | 000,305,448 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe
PRC - [2009.11.02 01:39:48 | 001,094,736 | ---- | M] (Dritek System Inc.) -- C:\Program Files (x86)\Launch Manager\LManager.exe
PRC - [2009.10.22 19:35:08 | 000,401,192 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe
PRC - [2009.10.22 19:34:56 | 000,200,488 | ---- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe
PRC - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
PRC - [2009.08.21 03:26:02 | 000,262,912 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe
PRC - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe
PRC - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe
PRC - [2009.06.05 05:03:32 | 000,186,904 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe
PRC - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe
PRC - [2009.04.16 00:52:06 | 000,091,432 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe
PRC - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2010.08.30 09:24:38 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\SilverCrest GML807 Driver\UniFunc.dll
MOD - [2010.07.02 12:07:02 | 007,041,024 | ---- | M] () -- C:\Program Files (x86)\USIM Editor\iconcs2189692.exe
MOD - [2009.11.21 01:34:06 | 000,200,704 | ---- | M] () -- C:\Windows\PLFSetI.exe
MOD - [2009.02.03 03:33:56 | 000,460,199 | ---- | M] () -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\sqlite3.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2013.04.12 08:40:19 | 000,990,896 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\15.0.0\ToolbarUpdater.exe -- (vToolbarUpdater15.0.0)
SRV - [2013.02.27 23:42:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013.02.25 13:37:30 | 000,009,216 | ---- | M] (Ellora Assets Corp.) [Auto | Running] -- C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe -- (FreemakeVideoCapture)
SRV - [2013.02.19 04:02:02 | 000,282,624 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.26 22:58:06 | 000,066,872 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2009.12.16 04:18:35 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009.11.18 18:30:14 | 000,305,448 | ---- | M] (Egis Technology Inc.) [Auto | Running] -- C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\MWLService.exe -- (MWLService)
SRV - [2009.09.30 15:44:58 | 000,844,320 | ---- | M] (Acer Incorporated) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Power Management\ePowerSvc.exe -- (ePowerSvc)
SRV - [2009.08.29 03:05:56 | 000,044,312 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Packard Bell GameZone\GameConsole\OberonGameConsoleService.exe -- (OberonGameConsoleService)
SRV - [2009.08.28 11:38:58 | 001,150,496 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Packard Bell\Registration\GregHSRW.exe -- (Greg_Service)
SRV - [2009.08.25 19:38:06 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2009.08.24 22:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 6\DfSdkS.exe -- (DfSdkS)
SRV - [2009.08.21 03:25:50 | 000,062,720 | ---- | M] (NewTech Infosystems, Inc.) [Auto | Running] -- C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\IScheduleSvc.exe -- (NTI IScheduleSvc)
SRV - [2009.08.18 13:48:02 | 002,291,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2009.07.04 03:47:12 | 000,240,160 | ---- | M] (Acer) [Auto | Running] -- C:\Programme\Packard Bell\Packard Bell Updater\UpdaterService.exe -- (Updater Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.05 05:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2008.12.08 16:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.04.14 21:36:51 | 000,015,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SWDUMon.sys -- (SWDUMon)
DRV:64bit: - [2013.04.12 08:40:19 | 000,039,768 | ---- | M] (AVG Technologies) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtpx64.sys -- (avgtp)
DRV:64bit: - [2013.02.26 23:40:46 | 000,246,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2013.02.14 03:52:46 | 000,239,416 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2013.02.08 04:37:56 | 000,116,536 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2013.02.08 04:37:54 | 000,311,096 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga)
DRV:64bit: - [2013.02.08 04:37:50 | 000,071,480 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2013.02.08 04:37:42 | 000,206,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2013.02.08 04:37:40 | 000,045,880 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.08.06 17:54:56 | 000,019,968 | ---- | M] (Siliten) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\InputFilter_FlexDef2c.sys -- (InputFilter_Hid_FlexDef2c)
DRV:64bit: - [2010.04.09 12:24:48 | 000,059,392 | ---- | M] (Generic USB smartcard reader) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\MHIKEY10x64.sys -- (MHIKEY10)
DRV:64bit: - [2010.03.08 22:20:00 | 000,834,544 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\Windows\SysNative\drivers\sptd.sys -- (sptd)
DRV:64bit: - [2009.09.15 22:40:42 | 006,952,960 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64)
DRV:64bit: - [2009.08.11 22:59:50 | 000,686,080 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:47:48 | 000,023,104 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 14:35:00 | 000,317,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a)
DRV:64bit: - [2009.06.20 04:09:57 | 000,054,272 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\L1E62x64.sys -- (L1E)
DRV:64bit: - [2009.06.10 23:01:11 | 001,485,312 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTDPV6.SYS -- (SrvHsfV92)
DRV:64bit: - [2009.06.10 23:01:11 | 000,740,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTCNXT6.SYS -- (SrvHsfWinac)
DRV:64bit: - [2009.06.10 23:01:11 | 000,292,864 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VSTAZL6.SYS -- (SrvHsfHDA)
DRV:64bit: - [2009.06.10 22:37:05 | 006,108,416 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.05 04:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.06.05 02:46:50 | 000,216,064 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV:64bit: - [2009.06.02 19:15:30 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk)
DRV:64bit: - [2009.06.02 19:15:30 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter)
DRV:64bit: - [2009.06.02 19:15:30 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ)
DRV:64bit: - [2009.05.25 05:57:42 | 000,243,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2009.05.06 02:46:08 | 000,018,432 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV:64bit: - [2009.05.06 02:46:08 | 000,016,896 | ---- | M] (NewTech Infosystems Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\UBHelper.sys -- (UBHelper)
DRV:64bit: - [2009.04.09 13:38:26 | 000,167,424 | ---- | M] (ZTE Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnet.sys -- (ZTEusbnet)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\zteusbvoice.sys -- (ZTEusbvoice)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,784 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,150,656 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k)
DRV:64bit: - [2009.04.09 13:38:26 | 000,011,776 | R--- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter)
DRV:64bit: - [2008.06.16 04:00:00 | 000,055,024 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2007.07.11 16:57:08 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2007.07.11 12:07:36 | 000,029,696 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2007.07.11 12:04:40 | 000,016,896 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2000.01.01 02:00:00 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = iGoogle Redirect
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = iGoogle Redirect
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
 
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - No CLSID value found
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = DOLLARKURS | Euro Dollar Wechselkurs | EUR/USD | aktueller Kurs | finanzen.net
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{20E025A1-E275-4670-8A5C-F107B713E40E}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACPW_deDE382
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.2.0.1
FF - prefs.js..extensions.enabledAddons: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.9.14
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.11.2571: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.1739: C:\Program Files (x86)\K-Lite Codec Pack\Real\browser\plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:  File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Benjasmin\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.04 21:47:35 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\fmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\fmdownloader@gmail.com\ [2013.03.12 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\ytfmdownloader@gmail.com: C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\ytfmdownloader@gmail.com\ [2013.03.12 17:23:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.19 10:17:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2011.05.04 21:47:35 | 000,000,000 | ---D | M]
 
[2010.06.27 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Extensions
[2010.06.27 17:07:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Extensions\mozswing@mozswing.org
[2013.04.10 23:20:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Firefox\Profiles\d3d3hsr5.default\extensions
[2013.04.10 23:20:38 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Benjasmin\AppData\Roaming\mozilla\Firefox\Profiles\d3d3hsr5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012.09.19 10:17:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.2.0.1
[2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.04.14 20:54:06 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll File not found
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll File not found
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files (x86)\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3:64bit: - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [Acer ePower Management] C:\Programme\Packard Bell\Packard Bell Power Management\ePowerTray.exe (Acer Incorporated)
O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.)
O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [mwlDaemon] C:\Program Files (x86)\EgisTec\MyWinLocker 3\x86\mwlDaemon.exe (Egis Technology Inc.)
O4:64bit: - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [BackupManagerTray] C:\Program Files (x86)\NewTech Infosystems\Packard Bell MyBackup\BackupManagerTray.exe (NewTech Infosystems, Inc.)
O4 - HKLM..\Run: [Camera Assistant Software] C:\Program Files (x86)\Video Web Camera\traybar.exe (Chicony)
O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.)
O4 - HKLM..\Run: [Launch SilverCrest GML807] C:\Program Files (x86)\SilverCrest GML807 Driver\MouClient_FD2_1001RL.exe (Siliten)
O4 - HKLM..\Run: [LManager] C:\Program Files (x86)\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PDVD8LanguageShortcut] c:\Program Files (x86)\CyberLink\PowerDVD8\Language\Language.exe (CyberLink Corp.)
O4 - HKLM..\Run: [RemoteControl8] c:\Program Files (x86)\CyberLink\PowerDVD8\PDVD8Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [USBestCR] C:\Program Files (x86)\USIM Editor\iconcs2189692.exe ()
O4 - HKLM..\Run: [vProt] "C:\Program Files (x86)\AVG Secure Search\vprot.exe" File not found
O4 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000..\Run: [Facebook Update] C:\Users\Benjasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - Startup: C:\Users\Benjasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\LimeWire On Startup.lnk = C:\Program Files (x86)\LimeWire\LimeWire.exe (Lime Wire, LLC)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: Free YouTube Download - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm File not found
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation)
O13 - gopher Prefix: missing
O15 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKU\S-1-5-21-2259796694-2473700428-155409205-1000\..Trusted Ranges: Range1 ([*] in Local intranet)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{867F18B4-90FB-4472-ADFE-74E4F0AC7B49}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9303A6B-F7AB-451D-9EE9-52E0EA50BBF0}: DhcpNameServer = 139.7.30.125 139.7.30.126
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A9BA50EF-97C8-4C30-AF96-1E571E0DB1CE}: NameServer = 208.67.222.222 208.67.220.220
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll File not found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.23 22:19:31 | 000,000,000 | R--D | C] -- C:\Users\Benjasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 8
[2013.04.15 19:15:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.04.15 19:14:11 | 002,347,384 | ---- | C] (ESET) -- C:\Users\Benjasmin\Desktop\esetsmartinstaller_enu.exe
[2013.04.15 18:33:05 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\Malwarebytes
[2013.04.15 18:32:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.04.15 18:32:36 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.15 18:32:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.04.15 18:32:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.04.15 18:32:21 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Local\Programs
[2013.04.15 18:32:12 | 010,285,040 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\Benjasmin\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.15 17:36:59 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.14 21:11:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.14 20:54:10 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.04.14 20:31:05 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.14 20:31:05 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.14 20:31:05 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.14 20:30:29 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.14 20:29:44 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.14 20:18:56 | 005,052,676 | R--- | C] (Swearware) -- C:\Users\Benjasmin\Desktop\ComboFix.exe
[2013.04.14 19:09:02 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
[2013.04.14 00:01:40 | 000,000,000 | ---D | C] -- C:\FRST
[2013.04.12 10:40:51 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Roaming\LumacDaemon
[2013.04.12 10:40:43 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\AppData\Local\Firstload
[2013.04.12 10:39:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lumac
[2013.04.10 23:27:22 | 000,000,000 | ---D | C] -- C:\Users\Benjasmin\dwhelper
[2010.01.27 21:12:01 | 007,658,952 | ---- | C] (DT Soft Ltd.) -- C:\Users\Benjasmin\daemon4304-lite.exe
[2 C:\Users\Benjasmin\Desktop\*.tmp files -> C:\Users\Benjasmin\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.23 22:46:59 | 003,956,526 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.23 22:46:59 | 001,614,172 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.23 22:46:59 | 001,187,378 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.23 22:46:59 | 001,059,676 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.23 22:46:59 | 000,005,390 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.23 22:45:29 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.23 22:24:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 22:24:21 | 000,017,600 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.23 22:16:33 | 3217,235,968 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.23 20:04:40 | 000,890,815 | ---- | M] () -- C:\Users\Benjasmin\Desktop\SecurityCheck.exe
[2013.04.16 23:17:25 | 000,030,922 | ---- | M] () -- C:\Users\Benjasmin\AppData\Roaming\wklnhst.dat
[2013.04.15 18:32:37 | 000,001,081 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.15 18:30:04 | 002,347,384 | ---- | M] (ESET) -- C:\Users\Benjasmin\Desktop\esetsmartinstaller_enu.exe
[2013.04.15 18:29:10 | 010,285,040 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\Benjasmin\Desktop\mbam-setup-1.75.0.1300.exe
[2013.04.14 22:59:16 | 000,000,418 | ---- | M] () -- C:\Windows\tasks\SlimDrivers Startup.job
[2013.04.14 22:26:17 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.14 21:38:49 | 000,078,054 | ---- | M] () -- C:\Users\Benjasmin\Desktop\Fehlermeldung.png
[2013.04.14 21:36:51 | 000,015,672 | ---- | M] () -- C:\Windows\SysNative\drivers\SWDUMon.sys
[2013.04.14 21:36:44 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.14 21:14:06 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259796694-2473700428-155409205-1000UA.job
[2013.04.14 20:54:06 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.04.14 20:14:06 | 005,052,676 | R--- | M] (Swearware) -- C:\Users\Benjasmin\Desktop\ComboFix.exe
[2013.04.14 20:13:12 | 000,613,083 | ---- | M] () -- C:\Users\Benjasmin\Desktop\adwcleaner.exe
[2013.04.13 18:14:00 | 000,001,132 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-2259796694-2473700428-155409205-1000Core.job
[2013.04.13 17:44:57 | 000,000,216 | ---- | M] () -- C:\Users\Benjasmin\defogger_reenable
[2013.04.13 17:43:12 | 000,377,856 | ---- | M] () -- C:\Users\Benjasmin\Desktop\gmer.exe
[2013.04.13 01:28:56 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Benjasmin\Desktop\OTL.exe
[2013.04.12 08:40:39 | 000,000,953 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.12 08:40:19 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys
[2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.04.01 11:08:20 | 000,874,246 | ---- | M] () -- C:\Users\Benjasmin\Documents\Investitionstheorie 2011.pdf
[2013.03.31 18:06:26 | 000,046,995 | ---- | M] () -- C:\Users\Benjasmin\Documents\607.pdf
[2 C:\Users\Benjasmin\Desktop\*.tmp files -> C:\Users\Benjasmin\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.04.23 22:46:43 | 000,890,815 | ---- | C] () -- C:\Users\Benjasmin\Desktop\SecurityCheck.exe
[2013.04.15 18:32:37 | 000,001,081 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.04.14 21:38:18 | 000,078,054 | ---- | C] () -- C:\Users\Benjasmin\Desktop\Fehlermeldung.png
[2013.04.14 20:31:05 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.14 20:31:05 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.14 20:31:05 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.14 20:31:05 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.14 20:31:05 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.04.14 20:18:54 | 000,613,083 | ---- | C] () -- C:\Users\Benjasmin\Desktop\adwcleaner.exe
[2013.04.13 17:49:40 | 000,377,856 | ---- | C] () -- C:\Users\Benjasmin\Desktop\gmer.exe
[2013.04.13 17:44:57 | 000,000,216 | ---- | C] () -- C:\Users\Benjasmin\defogger_reenable
[2013.04.12 10:39:26 | 000,002,763 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lumac.lnk
[2013.04.12 08:40:39 | 000,000,953 | ---- | C] () -- C:\Users\Public\Desktop\AVG 2013.lnk
[2013.04.01 11:08:20 | 000,874,246 | ---- | C] () -- C:\Users\Benjasmin\Documents\Investitionstheorie 2011.pdf
[2013.03.31 18:06:26 | 000,046,995 | ---- | C] () -- C:\Users\Benjasmin\Documents\607.pdf
[2011.10.19 16:11:30 | 000,011,264 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.07.21 08:44:32 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.06.05 02:31:01 | 000,000,041 | ---- | C] () -- C:\Windows\SysWow64\SUPPORT.INI
[2011.05.04 23:20:43 | 000,000,000 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\{04ABFE4E-36B7-4DE4-AB9F-67EFD117EEE3}
[2011.05.04 21:44:21 | 000,182,044 | ---- | C] () -- C:\Windows\hpoins28.dat
[2011.05.04 21:44:21 | 000,000,442 | ---- | C] () -- C:\Windows\hpomdl28.dat
[2010.02.08 20:45:19 | 000,030,922 | ---- | C] () -- C:\Users\Benjasmin\AppData\Roaming\wklnhst.dat
[2010.02.06 15:19:40 | 000,001,125 | ---- | C] () -- C:\Users\Benjasmin\Dokumente - Verknüpfung.lnk
[2010.01.25 19:09:07 | 000,007,607 | ---- | C] () -- C:\Users\Benjasmin\AppData\Local\Resmon.ResmonCfg
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 12:44:25 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 10:59:38 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.10.19 16:10:46 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Ashampoo
[2012.10.16 10:08:51 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\AVG2013
[2011.05.05 20:59:48 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\bewerbung
[2010.01.27 21:12:54 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\DAEMON Tools Lite
[2012.10.03 12:53:16 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\DVDVideoSoft
[2013.04.12 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Firstload
[2013.03.12 17:35:19 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\FreemakeVideoDownloader
[2010.01.22 20:11:40 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\GameConsole
[2013.02.28 14:56:14 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\GrabPro
[2010.02.15 18:53:18 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LG Electronics
[2013.04.23 22:19:46 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LimeWire
[2013.04.12 10:40:52 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\LumacDaemon
[2013.03.04 20:58:44 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Orbit
[2013.02.28 14:56:18 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\ProgSense
[2010.02.08 20:45:23 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Template
[2012.10.16 10:06:00 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\TuneUp Software
[2013.04.12 16:48:42 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\UseNeXT
[2010.08.24 18:24:59 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\Vodafone
[2013.03.18 20:51:35 | 000,000,000 | ---D | M] -- C:\Users\Benjasmin\AppData\Roaming\WinHost
[2012.10.25 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software
[2012.10.25 18:54:58 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---




Gruß

Benjamin

Alt 24.04.2013, 10:17   #26
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Downloade dir bitte Farbars Service Scanner und speichere es auf den Desktop.
  • Starte das Tool mit Doppelklick auf FSS.exe.
  • Gehe sicher, dass folgende Optionen angehakt sind:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center/Action Center
    • Windows Update
    • Windows Defender
    • Other Services
  • Klicke auf Scan.
  • Wenn das Tool fertig ist, wird es eine FSS.txt auf dem Desktop erstellen.
Poste bitte dessen Inhalt hier.
__________________
cheers,
Leo

Alt 25.04.2013, 21:25   #27
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Guten Abend,


hier der FSS Log.


Farbar Service Scanner Version: 14-04-2013
Ran by Benjasmin (administrator) on 25-04-2013 at 22:23:04
Running from "C:\Users\Benjasmin\Desktop"
Windows 7 Home Premium Service Pack 1 (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============
Dhcp Service is not running. Checking service configuration:
The start type of Dhcp service is OK.
The ImagePath of Dhcp service is OK.
The ServiceDll of Dhcp service is OK.

afd Service is not running. Checking service configuration:
Checking Start type: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking ImagePath: ATTENTION!=====> Unable to open afd registry key. The service key does not exist.
Checking LEGACY_afd: ATTENTION!=====> Unable to open LEGACY_afd\0000 registry key. The key does not exist.


Connection Status:
==============
Localhost is accessible.
LAN connected.
Attempt to access Google IP returned error.
Attempt to access Google.com returned error: Other errors
Attempt to access Yahoo IP returned error.
Attempt to access Yahoo.com returned error: Other errors


Windows Firewall:
=============

Firewall Disabled Policy:
==================
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall"=DWORD:0


System Restore:
============

System Restore Disabled Policy:
========================


Action Center:
============

Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is OK.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.

BITS Service is not running. Checking service configuration:
The start type of BITS service is set to Demand. The default start type is Auto.
The ImagePath of BITS service is OK.
The ServiceDll of BITS service is OK.


Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
The ServiceDll of WinDefend service is OK.


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => MD5 is legit
C:\Windows\System32\drivers\nsiproxy.sys => MD5 is legit
C:\Windows\System32\dhcpcore.dll => MD5 is legit
C:\Windows\System32\drivers\afd.sys
[2012-02-18 23:13] - [2013-04-14 21:35] - 0079672 ____A (AVG Technologies CZ, s.r.o.) 044333531FF88AE5C80C981A33649396

ATTENTION!=====> C:\Windows\System32\drivers\afd.sys IS INFECTED AND SHOULD BE REPLACED.

C:\Windows\System32\drivers\tdx.sys => MD5 is legit
C:\Windows\System32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\System32\dnsrslvr.dll => MD5 is legit
C:\Windows\System32\mpssvc.dll => MD5 is legit
C:\Windows\System32\bfe.dll => MD5 is legit
C:\Windows\System32\drivers\mpsdrv.sys => MD5 is legit
C:\Windows\System32\SDRSVC.dll => MD5 is legit
C:\Windows\System32\vssvc.exe => MD5 is legit
C:\Windows\System32\wscsvc.dll => MD5 is legit
C:\Windows\System32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\System32\wuaueng.dll => MD5 is legit
C:\Windows\System32\qmgr.dll => MD5 is legit
C:\Windows\System32\es.dll => MD5 is legit
C:\Windows\System32\cryptsvc.dll => MD5 is legit
C:\Program Files\Windows Defender\MpSvc.dll => MD5 is legit
C:\Windows\System32\ipnathlp.dll => MD5 is legit
C:\Windows\System32\iphlpsvc.dll => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit


**** End of log ****





Gruß

Benjamin

Alt 26.04.2013, 17:45   #28
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Hallo Benjamin,

da passt etwas anscheinend noch nicht so ganz...
Mal schauen, was für eine Version des Treibers uns hier aufgetischt (oder vorgegaukelt) wird..


Bitte gehe zu Virustotal und lass dort folgendermassen eine Datei überprüfen:
  • Klicke auf Wählen Sie eine.
  • Kopiere dann Folgendes in das Eingabefeld für den Dateinamen
    Code:
    ATTFilter
    C:\Windows\System32\drivers\afd.sys
    und klicke auf Öffnen.
  • Klicke auf Scannen!.
  • Solltest du folgende Meldung bekommen:
    Zitat:
    Datei wurde bereits analysiert - Diese Datei wurde bereits von VirusTotal analysiert am ...
    dann klicke auf Neu analysieren.
  • Warte, bis die Analyse beendet ist, und kopiere dann die URL aus deiner Adresszeile und poste sie hier.
__________________
cheers,
Leo

Alt 26.04.2013, 19:17   #29
Brock88
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Gut das werde ich machen.

Bitte wunder dich nicht falls ich etwas länger zum antworten brauche, ich muss erstmal nach meinen Zugangsdaten über LAN fahnden.


Gruß

Benjamin

Alt 26.04.2013, 20:15   #30
aharonov
/// TB-Ausbilder
 
BKA Trojaner weißer Desktop - Standard

BKA Trojaner weißer Desktop


Ok, alles klar.
__________________
cheers,
Leo

Antwort
Seite 2 von 3 1 2 3

Themen zu BKA Trojaner weißer Desktop
abbild, anmelden, ausdrucksweise, besten, bka - trojaner, desktop, eingabe, eingabeaufforderung, erschein, erscheint, fehler, interne, internetverbindung, melde, melden, otl ! was soll ich jetzt tun?, passwort, scan, sonstiges, starte, subsystem, taskmanager, troja, trojaner, verbindung, weiße, weißer, weißer bildschirm, weißer desktop


« weißer Bildschirm beim Start von Windows vista 64bit | Polizei Trojaner Schweiz »


Ähnliche Themen: BKA Trojaner weißer Desktop


  1. laptop, win7, nach start nur noch weißer desktop
    Log-Analyse und Auswertung - 14.12.2013 (1)
  2. weißer Bildschirm statt Desktop
    Log-Analyse und Auswertung - 26.10.2013 (5)
  3. Nur noch Desktop Hintergrund-Bild oder weißer Bildschirm zu sehen
    Plagegeister aller Art und deren Bekämpfung - 07.07.2013 (9)
  4. Bundesinnenministerium! Desktop gesperrt, weißer Bildschirm, 100€ Strafzahlungsaufforderung
    Plagegeister aller Art und deren Bekämpfung - 25.06.2013 (13)
  5. BKA trojaner, weißer desktop beim start
    Log-Analyse und Auswertung - 03.06.2013 (8)
  6. weißer Desktop nach Anmeldung
    Plagegeister aller Art und deren Bekämpfung - 23.03.2013 (23)
  7. Windows XP fährt hoch, zeigt erst Desktop Bild, dann weißer Bildschirm
    Plagegeister aller Art und deren Bekämpfung - 28.01.2013 (21)
  8. Nach Win7-Benutzer Anmeldung, kurz Desktop. dann weißer Bildschirm mit Cursor
    Plagegeister aller Art und deren Bekämpfung - 28.11.2012 (23)
  9. weißer Bildschirm bei Windows-Login (Desktop nicht sichtbar)
    Plagegeister aller Art und deren Bekämpfung - 13.10.2012 (5)
  10. Weißer Desktop ... kein taskmaneger möglich
    Plagegeister aller Art und deren Bekämpfung - 29.09.2012 (3)
  11. "Weißer Bildschirm Trojaner", Nach dem Windowsstart nur weißer Bildschirm!
    Log-Analyse und Auswertung - 01.09.2012 (1)
  12. Weißer Hintergrund anstatt Desktop!
    Log-Analyse und Auswertung - 26.04.2012 (31)
  13. Verknüpfungen von Desktop gelöscht/ Desktop schwarz und keinen Zugriff auf Dateien
    Plagegeister aller Art und deren Bekämpfung - 27.03.2012 (1)
  14. weißer bildschirm, doch komme nicht mal bis zum reatogo-desktop
    Plagegeister aller Art und deren Bekämpfung - 20.03.2012 (1)
  15. GEMA-Trojaner: zwar wohl entfernt (c't Desinfect), aber desktop.ini fehlerhaft: leerer Desktop...
    Plagegeister aller Art und deren Bekämpfung - 14.01.2012 (2)
  16. Desktop Warning Spyware keine Kontrolle mehr über Desktop Einstellungen uvw...
    Plagegeister aller Art und deren Bekämpfung - 04.09.2008 (5)
  17. Dialer !? Komplett weißer Desktop. Symbole da, kein DFÜ Symbol im TASK neben der Uhr
    Plagegeister aller Art und deren Bekämpfung - 14.01.2005 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema BKA Trojaner weißer Desktop - Okay ich hab den OTL Quick Scan ausgeführt.OTL Logfile: Code: Alles auswählen Aufklappen ATTFilter OTL logfile created on: 14.04.2013 22:02:22 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder - BKA Trojaner weißer Desktop...
Archiv
Du betrachtest: BKA Trojaner weißer Desktop auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131