Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Rootkit, Trojaner, die Nadel im Heuhaufen

Rootkit, Trojaner, die Nadel im Heuhaufen


Log-Analyse und Auswertung: Rootkit, Trojaner, die Nadel im Heuhaufen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Seite 2 von 3 1 2 3
Alt 29.05.2013, 22:45   #16
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Stell mal den Avast-Scan ab nach Anleitung, immer noch Abstürze?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 29.05.2013, 22:52   #17
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


ok solang ich deinen Vorschlag mal befolge hier die anderen zwei logs
__________________
Alt 29.05.2013, 23:03   #18
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


nicht müde werden, als weiter im Text
__________________
__________________
Alt 29.05.2013, 23:25   #19
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


bin dabei bin dabei .. hier die nächste file

Alt 30.05.2013, 06:28   #20
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


fehlen noch ESET und der Rest

__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 10:40   #21
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


ok hier der anchschub..eset hat ja ziemlich lang gedauert ..ne mehr als ne stunde ..naja hat mich echt gewundert das der Pc nicht während des Vorgangs abgestürzt ist.. aber dafür war der ziemlich erfolgreich der Scanner hat 11 Threats erkannt hab dir hier mal die eset file im anhang die security check kommt noch

Alt 30.05.2013, 10:42   #22
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


ok, poste das dann zusammen mit dem frischen scan-Logfile, dann machen wir nen letzen Fix
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 19:29   #23
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


brauch aber ziemlich lange dieses security check ... :/

Alt 30.05.2013, 19:31   #24
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Kann vorkommen.
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 21:50   #25
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


ok..geschafft das waren dann alle oder täusch ich mich da ?

Alt 30.05.2013, 21:52   #26
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Frisches OTL log fehlt noch. Wie läuft der Rechner?
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 30.05.2013, 22:22   #27
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


bisher keine merkwürdigen Geräusche mehr und auch keine abstürze.. aber irgendwie Vertrau ich dem ganzen noch nicht so sehr ..

hier ..die otl...was mir auch auffällt mein browser brauch ziemlich lange zum laden .. und die I-Net Verbindung war paar mal kurz abgebrochen .. is auch eher suspekt .. kommt bei mir so gut wie nie vor..

Code:
ATTFilter
vertraue ich meinemOTL Logfile:


	
Code: 

 
ATTFilter


  

	
OTL logfile created on: 30.05.2013 23:21:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RDD\Desktop\Analyse
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 68,02% Memory free
15,92 Gb Paging File | 12,00 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 89,89 Gb Free Space | 60,35% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 267,00 Gb Free Space | 89,57% Space Free | Partition Type: NTFS
Drive E: | 1,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 99,00 Mb Total Space | 85,24 Mb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 433,30 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
 
Computer Name: DIEMASCHINE | User Name: RDD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.26 16:25:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RDD\Desktop\Analyse\OTL (1).exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.02 11:31:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013.04.30 08:50:32 | 004,081,160 | ---- | M] (Nitro PDF) -- C:\PROGRA~2\Nitro\PRO8~1\NitroPDF.exe
PRC - [2013.04.26 22:58:02 | 001,280,808 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013.04.26 22:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.04.26 22:57:04 | 000,390,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.04.26 22:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.03.29 22:56:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 22:55:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\RDD\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.03 13:55:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.11 17:20:12 | 001,330,008 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2012.09.28 16:23:00 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011.12.21 12:46:46 | 004,704,256 | ---- | M] (Egisca Corporation) -- C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe
PRC - [2009.12.15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.30 14:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 14:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.30 00:01:56 | 000,557,056 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pysqlite2._sqlite.pyd
MOD - [2013.05.30 00:01:56 | 000,320,512 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32com.shell.shell.pyd
MOD - [2013.05.30 00:01:56 | 000,128,512 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_elementtree.pyd
MOD - [2013.05.30 00:01:56 | 000,098,816 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32api.pyd
MOD - [2013.05.30 00:01:56 | 000,070,656 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._html2.pyd
MOD - [2013.05.30 00:01:56 | 000,044,032 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_socket.pyd
MOD - [2013.05.30 00:01:56 | 000,026,624 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_multiprocessing.pyd
MOD - [2013.05.30 00:01:56 | 000,022,528 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32ts.pyd
MOD - [2013.05.30 00:01:55 | 001,022,416 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\windows._cacheinvalidation.pyd
MOD - [2013.05.30 00:01:55 | 000,805,888 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._gdi_.pyd
MOD - [2013.05.30 00:01:55 | 000,735,232 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._misc_.pyd
MOD - [2013.05.30 00:01:55 | 000,364,544 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pythoncom27.dll
MOD - [2013.05.30 00:01:55 | 000,110,080 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pywintypes27.dll
MOD - [2013.05.30 00:01:55 | 000,087,040 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_ctypes.pyd
MOD - [2013.05.30 00:01:55 | 000,017,408 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32profile.pyd
MOD - [2013.05.30 00:01:55 | 000,011,264 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32crypt.pyd
MOD - [2013.05.30 00:01:54 | 001,175,040 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._core_.pyd
MOD - [2013.05.30 00:01:54 | 001,153,024 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_ssl.pyd
MOD - [2013.05.30 00:01:54 | 000,711,680 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_hashlib.pyd
MOD - [2013.05.30 00:01:54 | 000,108,544 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32security.pyd
MOD - [2013.05.30 00:01:54 | 000,035,840 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32process.pyd
MOD - [2013.05.30 00:01:54 | 000,025,600 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32pdh.pyd
MOD - [2013.05.30 00:01:53 | 000,811,008 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._windows_.pyd
MOD - [2013.05.30 00:01:53 | 000,122,368 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._wizard.pyd
MOD - [2013.05.30 00:01:53 | 000,119,808 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32file.pyd
MOD - [2013.05.30 00:01:52 | 001,062,400 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._controls_.pyd
MOD - [2013.05.30 00:01:52 | 000,686,080 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\unicodedata.pyd
MOD - [2013.05.30 00:01:52 | 000,127,488 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pyexpat.pyd
MOD - [2013.05.30 00:01:52 | 000,038,912 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32inet.pyd
MOD - [2013.05.30 00:01:52 | 000,018,432 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32event.pyd
MOD - [2013.05.30 00:01:52 | 000,010,240 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\select.pyd
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.04.30 08:50:52 | 002,673,672 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_core_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,682,504 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_adv_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,481,288 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_xrc_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,450,056 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_html_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 001,145,864 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 001,145,864 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\wxbase28u_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 000,123,400 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_xml_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 000,123,400 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\wxbase28u_xml_vc_pro8.dll
MOD - [2013.04.30 08:50:24 | 000,555,016 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\js32.dll
MOD - [2013.04.30 08:49:42 | 000,824,840 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\idrskrn14.dll
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.07.06 18:00:18 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Nexus Radio\Search.lib
MOD - [2009.12.15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2002.08.29 16:28:32 | 000,132,350 | ---- | M] () -- C:\Program Files (x86)\Nexus Radio\CurlLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.16 04:56:42 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.10 08:24:16 | 009,723,392 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.15 08:23:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013.04.30 08:50:36 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2013.04.26 22:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.04.26 22:57:04 | 000,390,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.04.26 22:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.04.24 21:29:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.03.29 22:56:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 22:55:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.03 13:55:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.09.30 14:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 14:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.29 20:11:11 | 000,162,008 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV:64bit: - [2013.05.29 20:10:56 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013.04.24 21:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.04.24 21:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.03.29 22:56:07 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 22:56:07 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 22:56:07 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.16 08:22:44 | 011,612,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.02.16 04:29:24 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.01.15 12:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.16 09:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011.06.15 15:11:20 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2012.12.27 22:09:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=92341C6F65806AF8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {AE125D68-A76C-4be3-88DF-84A14E589705}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8CE323EC-9B8F-4501-B416-EC674B866844}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{AE125D68-A76C-4be3-88DF-84A14E589705}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre1.7.0_10\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.28 14:23:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.28 14:23:20 | 000,000,000 | ---D | M]
 
[2012.12.28 00:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google-Suche = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Add Tasks to Do It (Tomorrow) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\1.2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Do It (Tomorrow) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.1.0_0\
CHR - Extension: Google Mail = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.29 21:38:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.7.0_10\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.7.0_10\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Nexus Radio] C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
O4 - Startup: C:\Users\RDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RDD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02AE8936-7DB5-45BF-948E-77C61148086F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A6A9D28-93AD-4B0C-8649-879BA9713683}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 11:57:26 | 000,000,000 | ---D | C] -- C:\Users\RDD\Desktop\Neuer Ordner
[2013.05.30 00:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.30 00:14:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 00:14:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.29 21:46:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.29 21:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.29 21:05:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.29 21:05:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.29 21:05:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.29 21:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.29 21:04:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.29 20:45:27 | 005,075,099 | R--- | C] (Swearware) -- C:\Users\RDD\Desktop\ComboFix.exe
[2013.05.29 20:11:11 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.05.28 20:03:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.26 18:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.26 18:49:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.26 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\RDD\Desktop\Analyse
[2013.05.15 21:46:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 21:46:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 21:46:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 21:46:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 21:46:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 21:46:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 21:46:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 21:46:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 21:46:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 21:46:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 21:46:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 21:46:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 21:46:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 21:46:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 21:46:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 21:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2013.05.15 21:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeAlarmClock
[2013.05.15 07:21:47 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 07:21:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 07:21:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 07:21:27 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 07:21:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 07:21:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 07:21:27 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.07 13:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formoid
[2013.05.07 13:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Formoid
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\Nitro
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\FileOpen
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013.05.03 12:48:11 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.05.03 12:48:11 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013.05.03 12:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013.05.03 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\Downloaded Installations
[2013.05.02 11:31:23 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.01 03:02:51 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.01 03:02:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.01 03:02:51 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.01 03:02:51 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.01 03:02:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.01 03:02:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.01 03:02:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.01 03:02:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.01 03:02:50 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 03:02:50 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 03:02:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.01 03:02:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.01 03:02:50 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.01 03:02:50 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.01 03:02:50 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.01 03:02:50 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.01 03:02:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.01 03:02:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.01 03:02:50 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.01 03:02:50 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 03:02:50 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 03:02:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.01 03:02:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.01 03:02:50 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 03:02:50 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.01 03:02:50 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.01 03:02:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.01 03:02:50 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.01 03:02:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.01 03:02:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 03:02:50 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.01 03:02:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.01 03:02:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.01 03:02:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.01 03:02:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.01 03:02:50 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.01 03:02:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.01 03:02:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.01 03:02:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.01 03:02:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 03:02:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.01 03:02:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.01 03:02:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.01 03:02:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.01 03:02:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.01 03:02:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 03:02:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.01 03:02:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.01 03:02:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.01 03:02:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.01 03:02:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.01 03:02:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.01 03:02:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[13 C:\Users\RDD\Desktop\*.tmp files -> C:\Users\RDD\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 23:23:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 23:11:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 21:28:29 | 002,420,544 | ---- | M] () -- C:\Users\RDD\Desktop\tummy.gif
[2013.05.30 20:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 18:52:17 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.30 00:12:14 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 00:12:14 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 00:01:08 | 2115,624,959 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 21:38:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.29 21:04:27 | 005,075,099 | R--- | M] (Swearware) -- C:\Users\RDD\Desktop\ComboFix.exe
[2013.05.29 20:11:11 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.05.29 20:10:56 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.05.28 20:31:32 | 000,002,252 | ---- | M] () -- C:\Users\RDD\Desktop\mobile examination (mex).lnk
[2013.05.26 19:05:37 | 503,057,048 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.25 14:29:04 | 000,579,653 | ---- | M] () -- C:\Users\RDD\Desktop\Bonds_Weekly_KW_21-2013.pdf
[2013.05.25 14:20:53 | 000,007,598 | ---- | M] () -- C:\Users\RDD\AppData\Local\Resmon.ResmonCfg
[2013.05.21 07:22:58 | 000,332,116 | ---- | M] () -- C:\Users\RDD\Desktop\DE_LR_DellSW_NGFW_Eval_Guide_US.pdf
[2013.05.16 06:32:23 | 000,450,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 21:49:42 | 000,804,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 21:49:42 | 000,654,390 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 21:49:42 | 000,129,972 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 21:49:42 | 000,008,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 21:49:42 | 000,005,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 08:23:37 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 08:23:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.11 11:05:15 | 000,189,301 | ---- | M] () -- C:\Users\RDD\Desktop\Mind_map_of_information_security.svg
[2013.05.09 16:51:36 | 000,003,212 | ---- | M] () -- C:\Users\RDD\AppData\Local\recently-used.xbel
[2013.05.08 20:39:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.08 20:39:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.08 20:38:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.02 11:31:11 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.01 03:02:51 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.01 03:02:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.01 03:02:51 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.01 03:02:51 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.01 03:02:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.01 03:02:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.01 03:02:51 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.01 03:02:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.01 03:02:50 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 03:02:50 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 03:02:50 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.01 03:02:50 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.01 03:02:50 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.01 03:02:50 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.01 03:02:50 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.01 03:02:50 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.01 03:02:50 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.01 03:02:50 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.01 03:02:50 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.01 03:02:50 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 03:02:50 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 03:02:50 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.01 03:02:50 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.01 03:02:50 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 03:02:50 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.01 03:02:50 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.01 03:02:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.01 03:02:50 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.01 03:02:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.01 03:02:50 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 03:02:50 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.01 03:02:50 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.01 03:02:50 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.01 03:02:50 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.01 03:02:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.01 03:02:50 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.01 03:02:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:02:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.01 03:02:50 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.01 03:02:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.01 03:02:49 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.01 03:02:49 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 03:02:49 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.01 03:02:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.01 03:02:49 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.01 03:02:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.01 03:02:49 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.01 03:02:49 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 03:02:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.01 03:02:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.01 03:02:49 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.01 03:02:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.01 03:02:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.01 03:02:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.01 03:02:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[13 C:\Users\RDD\Desktop\*.tmp files -> C:\Users\RDD\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.30 21:28:29 | 002,420,544 | ---- | C] () -- C:\Users\RDD\Desktop\tummy.gif
[2013.05.29 21:05:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.29 21:05:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.29 21:05:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.29 21:05:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.29 21:05:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.29 20:10:56 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.05.25 14:29:03 | 000,579,653 | ---- | C] () -- C:\Users\RDD\Desktop\Bonds_Weekly_KW_21-2013.pdf
[2013.05.25 14:20:53 | 000,007,598 | ---- | C] () -- C:\Users\RDD\AppData\Local\Resmon.ResmonCfg
[2013.05.21 07:22:56 | 000,332,116 | ---- | C] () -- C:\Users\RDD\Desktop\DE_LR_DellSW_NGFW_Eval_Guide_US.pdf
[2013.05.16 21:50:38 | 002,443,590 | ---- | C] () -- C:\Users\RDD\Desktop\effective-communication-skills.pdf
[2013.05.16 21:50:20 | 002,350,300 | ---- | C] () -- C:\Users\RDD\Desktop\strategicmanagement.pdf
[2013.05.11 11:05:14 | 000,189,301 | ---- | C] () -- C:\Users\RDD\Desktop\Mind_map_of_information_security.svg
[2013.05.09 16:51:36 | 000,003,212 | ---- | C] () -- C:\Users\RDD\AppData\Local\recently-used.xbel
[2013.05.03 12:48:03 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013.05.01 03:02:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:02:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.19 22:34:46 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.19 22:34:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.11 23:00:37 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.11 23:00:14 | 000,000,238 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.12.28 14:18:47 | 000,224,262 | ---- | C] () -- C:\Windows\hpoins16.dat
[2012.12.28 14:18:47 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2012.12.27 23:45:47 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.12.27 23:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.27 22:09:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.12.02 09:38:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.02 09:38:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.08.26 23:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012.08.21 05:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012.08.21 05:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.08.21 05:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012.08.21 05:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012.08.21 05:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012.08.21 05:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012.08.21 05:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012.08.21 05:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012.08.21 05:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012.08.21 05:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012.07.19 20:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012.07.19 20:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012.07.19 20:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012.07.19 20:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012.07.19 20:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012.07.19 20:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012.07.19 20:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
 
--- --- ---
Geändert von ElJimador (30.05.2013 um 23:12 Uhr)

Alt 30.05.2013, 23:15   #28
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Code:
ATTFilter
vertraue ich meinemOTL Logfile:


	
Code: 

 
ATTFilter


  

	
OTL logfile created on: 30.05.2013 23:21:16 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\RDD\Desktop\Analyse
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,96 Gb Total Physical Memory | 5,41 Gb Available Physical Memory | 68,02% Memory free
15,92 Gb Paging File | 12,00 Gb Available in Paging File | 75,38% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 148,95 Gb Total Space | 89,89 Gb Free Space | 60,35% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 267,00 Gb Free Space | 89,57% Space Free | Partition Type: NTFS
Drive E: | 1,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 99,00 Mb Total Space | 85,24 Mb Free Space | 86,11% Space Free | Partition Type: NTFS
Drive G: | 465,76 Gb Total Space | 433,30 Gb Free Space | 93,03% Space Free | Partition Type: NTFS
 
Computer Name: DIEMASCHINE | User Name: RDD | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.26 16:25:50 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\RDD\Desktop\Analyse\OTL (1).exe
PRC - [2013.05.23 07:44:09 | 000,825,808 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
PRC - [2013.05.02 11:31:02 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.04.30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) -- C:\Windows\SysWOW64\NLSSRV32.EXE
PRC - [2013.04.30 08:50:32 | 004,081,160 | ---- | M] (Nitro PDF) -- C:\PROGRA~2\Nitro\PRO8~1\NitroPDF.exe
PRC - [2013.04.26 22:58:02 | 001,280,808 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpntray.exe
PRC - [2013.04.26 22:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe
PRC - [2013.04.26 22:57:04 | 000,390,440 | ---- | M] () -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe
PRC - [2013.04.26 22:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe
PRC - [2013.04.16 16:10:44 | 019,662,744 | ---- | M] (Google) -- C:\Program Files (x86)\Google\Drive\googledrivesync.exe
PRC - [2013.03.29 22:56:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2013.03.29 22:55:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\RDD\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.03.03 13:55:18 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2012.12.11 17:20:12 | 001,330,008 | ---- | M] (Comfort Software Group) -- C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe
PRC - [2012.09.28 16:23:00 | 000,393,216 | ---- | M] (AMD) -- C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe
PRC - [2011.12.21 12:46:46 | 004,704,256 | ---- | M] (Egisca Corporation) -- C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe
PRC - [2009.12.15 14:47:00 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.09.30 14:02:50 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.09.30 14:02:48 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.30 00:01:56 | 000,557,056 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pysqlite2._sqlite.pyd
MOD - [2013.05.30 00:01:56 | 000,320,512 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32com.shell.shell.pyd
MOD - [2013.05.30 00:01:56 | 000,128,512 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_elementtree.pyd
MOD - [2013.05.30 00:01:56 | 000,098,816 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32api.pyd
MOD - [2013.05.30 00:01:56 | 000,070,656 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._html2.pyd
MOD - [2013.05.30 00:01:56 | 000,044,032 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_socket.pyd
MOD - [2013.05.30 00:01:56 | 000,026,624 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_multiprocessing.pyd
MOD - [2013.05.30 00:01:56 | 000,022,528 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32ts.pyd
MOD - [2013.05.30 00:01:55 | 001,022,416 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\windows._cacheinvalidation.pyd
MOD - [2013.05.30 00:01:55 | 000,805,888 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._gdi_.pyd
MOD - [2013.05.30 00:01:55 | 000,735,232 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._misc_.pyd
MOD - [2013.05.30 00:01:55 | 000,364,544 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pythoncom27.dll
MOD - [2013.05.30 00:01:55 | 000,110,080 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pywintypes27.dll
MOD - [2013.05.30 00:01:55 | 000,087,040 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_ctypes.pyd
MOD - [2013.05.30 00:01:55 | 000,017,408 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32profile.pyd
MOD - [2013.05.30 00:01:55 | 000,011,264 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32crypt.pyd
MOD - [2013.05.30 00:01:54 | 001,175,040 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._core_.pyd
MOD - [2013.05.30 00:01:54 | 001,153,024 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_ssl.pyd
MOD - [2013.05.30 00:01:54 | 000,711,680 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\_hashlib.pyd
MOD - [2013.05.30 00:01:54 | 000,108,544 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32security.pyd
MOD - [2013.05.30 00:01:54 | 000,035,840 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32process.pyd
MOD - [2013.05.30 00:01:54 | 000,025,600 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32pdh.pyd
MOD - [2013.05.30 00:01:53 | 000,811,008 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._windows_.pyd
MOD - [2013.05.30 00:01:53 | 000,122,368 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._wizard.pyd
MOD - [2013.05.30 00:01:53 | 000,119,808 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32file.pyd
MOD - [2013.05.30 00:01:52 | 001,062,400 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\wx._controls_.pyd
MOD - [2013.05.30 00:01:52 | 000,686,080 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\unicodedata.pyd
MOD - [2013.05.30 00:01:52 | 000,127,488 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\pyexpat.pyd
MOD - [2013.05.30 00:01:52 | 000,038,912 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32inet.pyd
MOD - [2013.05.30 00:01:52 | 000,018,432 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\win32event.pyd
MOD - [2013.05.30 00:01:52 | 000,010,240 | ---- | M] () -- C:\Users\RDD\AppData\Local\Temp\_MEI24162\select.pyd
MOD - [2013.05.23 07:44:07 | 000,393,168 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
MOD - [2013.05.23 07:44:06 | 013,136,336 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
MOD - [2013.05.23 07:43:59 | 004,051,408 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
MOD - [2013.05.23 07:43:06 | 000,599,504 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libglesv2.dll
MOD - [2013.05.23 07:43:05 | 000,124,368 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\libegl.dll
MOD - [2013.05.23 07:43:03 | 001,597,392 | ---- | M] () -- C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ffmpegsumo.dll
MOD - [2013.04.30 08:50:52 | 002,673,672 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_core_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,682,504 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_adv_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,481,288 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_xrc_vc_pro8.dll
MOD - [2013.04.30 08:50:52 | 000,450,056 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxmsw28u_html_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 001,145,864 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 001,145,864 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\wxbase28u_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 000,123,400 | ---- | M] () -- C:\Program Files (x86)\Nitro\Pro 8\wxbase28u_xml_vc_pro8.dll
MOD - [2013.04.30 08:50:50 | 000,123,400 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\wxbase28u_xml_vc_pro8.dll
MOD - [2013.04.30 08:50:24 | 000,555,016 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\js32.dll
MOD - [2013.04.30 08:49:42 | 000,824,840 | ---- | M] () -- C:\PROGRA~2\Nitro\PRO8~1\idrskrn14.dll
MOD - [2013.03.22 16:08:36 | 002,520,016 | ---- | M] () -- c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll
MOD - [2011.10.05 04:52:30 | 000,756,048 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSPTLS.DLL
MOD - [2011.07.06 18:00:18 | 000,276,992 | ---- | M] () -- C:\Program Files (x86)\Nexus Radio\Search.lib
MOD - [2009.12.15 14:49:20 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.12.15 14:46:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
MOD - [2002.08.29 16:28:32 | 000,132,350 | ---- | M] () -- C:\Program Files (x86)\Nexus Radio\CurlLib.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2013.02.16 04:56:42 | 000,240,640 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2012.12.10 08:24:16 | 009,723,392 | ---- | M] () [Auto | Stopped] -- C:\Program Files\MySQL\MySQL Server 5.5\bin\mysqld.exe -- (MySQL55)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.05.15 08:23:37 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.04.30 08:50:46 | 000,070,152 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\Windows\SysWOW64\NLSSRV32.EXE -- (nlsX86cc)
SRV - [2013.04.30 08:50:36 | 000,230,408 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro\Pro\8.0\NitroPDFDriverService8x64.exe -- (NitroDriverReadSpool8)
SRV - [2013.04.26 22:57:24 | 000,570,664 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\openvpnas.exe -- (hshld)
SRV - [2013.04.26 22:57:04 | 000,390,440 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\bin\hsswd.exe -- (HssWd)
SRV - [2013.04.26 22:56:48 | 000,463,656 | ---- | M] (AnchorFree Inc.) [Auto | Running] -- C:\Program Files (x86)\Hotspot Shield\HssWPR\hsssrv.exe -- (HssSrv)
SRV - [2013.04.24 21:29:56 | 000,078,512 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Hotspot Shield\bin\HssTrayService.EXE -- (HssTrayService)
SRV - [2013.03.29 22:56:05 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.03.29 22:55:58 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.03.03 13:55:18 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2012.07.17 16:14:44 | 002,292,480 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.05.14 15:02:54 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD9\NavFilter\kmsvc.exe -- (CLKMSVC10_9EC60124)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.09.30 14:02:50 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.09.30 14:02:48 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.05.29 20:11:11 | 000,162,008 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamswissarmy.sys -- (mbamswissarmy)
DRV:64bit: - [2013.05.29 20:10:56 | 000,036,680 | ---- | M] () [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbamchameleon.sys -- (mbamchameleon)
DRV:64bit: - [2013.04.24 21:28:08 | 000,042,184 | ---- | M] (Anchorfree Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\taphss6.sys -- (taphss6)
DRV:64bit: - [2013.04.24 21:18:34 | 000,046,792 | ---- | M] (AnchorFree Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\hssdrv6.sys -- (HssDRV6)
DRV:64bit: - [2013.03.29 22:56:07 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2013.03.29 22:56:07 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2013.03.29 22:56:07 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2013.02.16 08:22:44 | 011,612,672 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2013.02.16 04:29:24 | 000,576,000 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2013.01.15 12:11:26 | 000,096,768 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.12.13 14:50:36 | 000,054,784 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.08.23 16:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 16:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 14:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.03.26 15:50:12 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.09.29 11:30:34 | 000,646,248 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.09.16 09:12:58 | 000,032,360 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtVlan620.sys -- (RTVLANPT)
DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (TEAM)
DRV:64bit: - [2011.06.15 15:11:20 | 000,058,472 | ---- | M] (Realtek Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtTeam60.sys -- (RTTEAMPT)
DRV:64bit: - [2011.06.15 15:11:20 | 000,027,136 | ---- | M] (Realtek                                            ) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\RtNdPt60.sys -- (RtNdPt60)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.05.06 11:21:46 | 000,125,456 | ---- | M] (ATI Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtiHdmi.sys -- (AtiHdmiService)
DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.01.17 17:51:44 | 000,018,816 | ---- | M] (Razer USA Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Lycosa.sys -- (Lycosa)
DRV - [2012.12.27 22:09:34 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=92341C6F65806AF8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes,DefaultScope = {AE125D68-A76C-4be3-88DF-84A14E589705}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{8CE323EC-9B8F-4501-B416-EC674B866844}: "URL" = hxxp://www.google.com/custom?client=pub-3794288947762788&forid=1&channel=1975384696&ie=UTF-8&oe=UTF-8&safe=active&cof=GALT%3A%23008000%3BGL%3A1%3BDIV%3A%23336699%3BVLC%3A663399%3BAH%3Acenter%3BBGC%3AFFFFFF%3BLBGC%3A336699%3BALC%3A0000FF%3BLC%3A0000FF%3BT%3A000000%3BGFNT%3A0000FF%3BGIMP%3A0000FF%3BFORID%3A1&hl=de&q={searchTerms}
IE - HKCU\..\SearchScopes\{AE125D68-A76C-4be3-88DF-84A14E589705}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBD
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.10.2: C:\Program Files\Java\jre1.7.0_10\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi:  File not found
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=2.1.3: C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro\Pro 8\npnitromozilla.dll (Nitro PDF)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.28 14:23:20 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.28 14:23:20 | 000,000,000 | ---D | M]
 
[2012.12.28 00:14:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\27.0.1453.94\pdf.dll
CHR - plugin: Microsoft\u00AE Windows Media Player Firefox Plugin (Enabled) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\np-mswmp.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.3 (Enabled) = C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll
CHR - plugin: ESN Launch Mozilla Plugin (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\2.1.3\npesnlaunch.dll
CHR - plugin: ESN Sonar API (Enabled) = C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll
CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U17 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll
CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Java Deployment Toolkit 7.0.170.2 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll
CHR - Extension: Google Drive = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Firebug Lite for Google Chrome\u2122 = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\bmagokdooijbeehmkpknfglimnifench\1.4.0.11967_0\
CHR - Extension: Google-Suche = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: Add Tasks to Do It (Tomorrow) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\eimhlfnbjllicocigjdalpodkokffbmm\1.2.1_0\
CHR - Extension: Windows Media Player Extension for HTML5 = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\hokdglbhghcebcopdbanieangmcamaak\1.0_0\
CHR - Extension: Do It (Tomorrow) = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfagjoblnoeagfhfhohcdklnddjaiglo\1.1.0_0\
CHR - Extension: Google Mail = C:\Users\RDD\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2013.05.29 21:38:18 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre1.7.0_10\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre1.7.0_10\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePPShortCut] C:\Program Files (x86)\CyberLink\PowerProducer\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\CyberLink\Blu-ray Disc Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [FreeAC] C:\Program Files (x86)\FreeAlarmClock\FreeAlarmClock.exe (Comfort Software Group)
O4 - HKCU..\Run: [GoogleDriveSync] C:\Program Files (x86)\Google\Drive\googledrivesync.exe (Google)
O4 - HKCU..\Run: [HydraVisionDesktopManager] C:\Program Files (x86)\ATI Technologies\HydraVision\HydraDM.exe (AMD)
O4 - HKCU..\Run: [Nexus Radio] C:\Program Files (x86)\Nexus Radio\Nexus Radio.exe (Egisca Corporation)
O4 - Startup: C:\Users\RDD\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\RDD\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{02AE8936-7DB5-45BF-948E-77C61148086F}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4A6A9D28-93AD-4B0C-8649-879BA9713683}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\261249~1.132\{c16c1~1\browse~1.dll) - c:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll ()
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.30 11:57:26 | 000,000,000 | ---D | C] -- C:\Users\RDD\Desktop\Neuer Ordner
[2013.05.30 00:22:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.05.30 00:14:14 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.05.30 00:14:07 | 000,000,000 | ---D | C] -- C:\JRT
[2013.05.29 21:46:51 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.05.29 21:41:49 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2013.05.29 21:05:17 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.05.29 21:05:17 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.05.29 21:05:17 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.05.29 21:05:07 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.05.29 21:04:42 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.05.29 20:45:27 | 005,075,099 | R--- | C] (Swearware) -- C:\Users\RDD\Desktop\ComboFix.exe
[2013.05.29 20:11:11 | 000,162,008 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.05.28 20:03:46 | 000,000,000 | ---D | C] -- C:\FRST
[2013.05.26 18:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes' Anti-Malware (portable)
[2013.05.26 18:49:42 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.05.26 18:38:49 | 000,000,000 | ---D | C] -- C:\Users\RDD\Desktop\Analyse
[2013.05.15 21:46:16 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.05.15 21:46:15 | 000,526,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.05.15 21:46:15 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll
[2013.05.15 21:46:15 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013.05.15 21:46:15 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesetup.dll
[2013.05.15 21:46:15 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll
[2013.05.15 21:46:15 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe
[2013.05.15 21:46:15 | 000,039,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iernonce.dll
[2013.05.15 21:46:15 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll
[2013.05.15 21:46:14 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.05.15 21:46:14 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll
[2013.05.15 21:46:14 | 000,089,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\RegisterIEPKEYs.exe
[2013.05.15 21:46:13 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013.05.15 21:46:13 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013.05.15 21:46:13 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013.05.15 21:45:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Free Alarm Clock
[2013.05.15 21:45:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeAlarmClock
[2013.05.15 07:21:47 | 000,265,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dxgmms1.sys
[2013.05.15 07:21:47 | 000,144,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdd.dll
[2013.05.15 07:21:40 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wwanprotdim.dll
[2013.05.15 07:21:27 | 001,930,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll
[2013.05.15 07:21:27 | 001,796,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll
[2013.05.15 07:21:27 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\shdocvw.dll
[2013.05.15 07:21:27 | 000,111,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\consent.exe
[2013.05.07 13:43:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Formoid
[2013.05.07 13:43:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Formoid
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\Nitro
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\FileOpen
[2013.05.03 12:49:14 | 000,000,000 | ---D | C] -- C:\ProgramData\FileOpen
[2013.05.03 12:48:11 | 000,029,704 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalmon2.dll
[2013.05.03 12:48:11 | 000,017,928 | ---- | C] (Nitro PDF Software) -- C:\Windows\SysNative\nitrolocalui2.dll
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nitro
[2013.05.03 12:48:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nitro
[2013.05.03 12:47:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Nitro
[2013.05.03 12:46:30 | 000,000,000 | ---D | C] -- C:\Users\RDD\AppData\Roaming\Downloaded Installations
[2013.05.02 11:31:23 | 000,083,160 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.01 03:02:51 | 001,054,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.01 03:02:51 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.01 03:02:51 | 000,226,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.01 03:02:51 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.01 03:02:51 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.01 03:02:51 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.01 03:02:51 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.01 03:02:51 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.01 03:02:50 | 001,509,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 03:02:50 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 03:02:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.01 03:02:50 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.01 03:02:50 | 000,905,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.01 03:02:50 | 000,762,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.01 03:02:50 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.01 03:02:50 | 000,452,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.01 03:02:50 | 000,441,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.01 03:02:50 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.01 03:02:50 | 000,281,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.01 03:02:50 | 000,235,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 03:02:50 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 03:02:50 | 000,216,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.01 03:02:50 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.01 03:02:50 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 03:02:50 | 000,125,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.01 03:02:50 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.01 03:02:50 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.01 03:02:50 | 000,102,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.01 03:02:50 | 000,081,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.01 03:02:50 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 03:02:50 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.01 03:02:50 | 000,069,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.01 03:02:50 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.01 03:02:50 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.01 03:02:50 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.01 03:02:50 | 000,027,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.01 03:02:50 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.01 03:02:50 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.01 03:02:49 | 000,599,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.01 03:02:49 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 03:02:49 | 000,167,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.01 03:02:49 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.01 03:02:49 | 000,144,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.01 03:02:49 | 000,136,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.01 03:02:49 | 000,135,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.01 03:02:49 | 000,097,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 03:02:49 | 000,092,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.01 03:02:49 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.01 03:02:49 | 000,062,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.01 03:02:49 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.01 03:02:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.01 03:02:49 | 000,013,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.01 03:02:49 | 000,012,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[13 C:\Users\RDD\Desktop\*.tmp files -> C:\Users\RDD\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.30 23:23:55 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.30 23:11:01 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.30 21:28:29 | 002,420,544 | ---- | M] () -- C:\Users\RDD\Desktop\tummy.gif
[2013.05.30 20:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.30 18:52:17 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.30 00:12:14 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 00:12:14 | 000,014,752 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.30 00:01:08 | 2115,624,959 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.29 21:38:18 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.05.29 21:04:27 | 005,075,099 | R--- | M] (Swearware) -- C:\Users\RDD\Desktop\ComboFix.exe
[2013.05.29 20:11:11 | 000,162,008 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbamswissarmy.sys
[2013.05.29 20:10:56 | 000,036,680 | ---- | M] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.05.28 20:31:32 | 000,002,252 | ---- | M] () -- C:\Users\RDD\Desktop\mobile examination (mex).lnk
[2013.05.26 19:05:37 | 503,057,048 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.05.25 14:29:04 | 000,579,653 | ---- | M] () -- C:\Users\RDD\Desktop\Bonds_Weekly_KW_21-2013.pdf
[2013.05.25 14:20:53 | 000,007,598 | ---- | M] () -- C:\Users\RDD\AppData\Local\Resmon.ResmonCfg
[2013.05.21 07:22:58 | 000,332,116 | ---- | M] () -- C:\Users\RDD\Desktop\DE_LR_DellSW_NGFW_Eval_Guide_US.pdf
[2013.05.16 06:32:23 | 000,450,720 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.15 21:49:42 | 000,804,880 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.15 21:49:42 | 000,654,390 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.15 21:49:42 | 000,129,972 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.15 21:49:42 | 000,008,228 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.15 21:49:42 | 000,005,838 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.15 08:23:37 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.05.15 08:23:37 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.05.11 11:05:15 | 000,189,301 | ---- | M] () -- C:\Users\RDD\Desktop\Mind_map_of_information_security.svg
[2013.05.09 16:51:36 | 000,003,212 | ---- | M] () -- C:\Users\RDD\AppData\Local\recently-used.xbel
[2013.05.08 20:39:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2013.05.08 20:39:53 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.05.08 20:38:55 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2013.05.02 11:31:11 | 000,083,160 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avnetflt.sys
[2013.05.01 03:02:51 | 001,054,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\MsSpellCheckingFacility.exe
[2013.05.01 03:02:51 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmlmedia.dll
[2013.05.01 03:02:51 | 000,226,304 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\elshyph.dll
[2013.05.01 03:02:51 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\elshyph.dll
[2013.05.01 03:02:51 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msrating.dll
[2013.05.01 03:02:51 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iexpress.exe
[2013.05.01 03:02:51 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\wextract.exe
[2013.05.01 03:02:51 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inseng.dll
[2013.05.01 03:02:50 | 001,509,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013.05.01 03:02:50 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013.05.01 03:02:50 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dat
[2013.05.01 03:02:50 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dat
[2013.05.01 03:02:50 | 000,905,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmlmedia.dll
[2013.05.01 03:02:50 | 000,762,368 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieapfltr.dll
[2013.05.01 03:02:50 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieapfltr.dll
[2013.05.01 03:02:50 | 000,452,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtmsft.dll
[2013.05.01 03:02:50 | 000,441,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\html.iec
[2013.05.01 03:02:50 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\html.iec
[2013.05.01 03:02:50 | 000,281,600 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\dxtrans.dll
[2013.05.01 03:02:50 | 000,235,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.05.01 03:02:50 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.05.01 03:02:50 | 000,216,064 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msls31.dll
[2013.05.01 03:02:50 | 000,197,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msrating.dll
[2013.05.01 03:02:50 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013.05.01 03:02:50 | 000,125,440 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\occache.dll
[2013.05.01 03:02:50 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\iepeers.dll
[2013.05.01 03:02:50 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\IEAdvpack.dll
[2013.05.01 03:02:50 | 000,102,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\inseng.dll
[2013.05.01 03:02:50 | 000,081,408 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\icardie.dll
[2013.05.01 03:02:50 | 000,079,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.05.01 03:02:50 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\SetIEInstalledDate.exe
[2013.05.01 03:02:50 | 000,069,120 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\icardie.dll
[2013.05.01 03:02:50 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\tdc.ocx
[2013.05.01 03:02:50 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\pngfilt.dll
[2013.05.01 03:02:50 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmler.dll
[2013.05.01 03:02:50 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\licmgr10.dll
[2013.05.01 03:02:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:02:50 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.01 03:02:50 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\licmgr10.dll
[2013.05.01 03:02:50 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msfeedssync.exe
[2013.05.01 03:02:49 | 000,599,552 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013.05.01 03:02:49 | 000,173,568 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013.05.01 03:02:49 | 000,167,424 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iexpress.exe
[2013.05.01 03:02:49 | 000,149,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\occache.dll
[2013.05.01 03:02:49 | 000,144,896 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\wextract.exe
[2013.05.01 03:02:49 | 000,136,192 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\iepeers.dll
[2013.05.01 03:02:49 | 000,135,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\IEAdvpack.dll
[2013.05.01 03:02:49 | 000,097,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.05.01 03:02:49 | 000,092,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\SetIEInstalledDate.exe
[2013.05.01 03:02:49 | 000,077,312 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\tdc.ocx
[2013.05.01 03:02:49 | 000,062,976 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\pngfilt.dll
[2013.05.01 03:02:49 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\imgutil.dll
[2013.05.01 03:02:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmler.dll
[2013.05.01 03:02:49 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\mshta.exe
[2013.05.01 03:02:49 | 000,012,800 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msfeedssync.exe
[13 C:\Users\RDD\Desktop\*.tmp files -> C:\Users\RDD\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.30 21:28:29 | 002,420,544 | ---- | C] () -- C:\Users\RDD\Desktop\tummy.gif
[2013.05.29 21:05:17 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.05.29 21:05:17 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.05.29 21:05:17 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.05.29 21:05:17 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.05.29 21:05:17 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.05.29 20:10:56 | 000,036,680 | ---- | C] () -- C:\Windows\SysNative\drivers\mbamchameleon.sys
[2013.05.25 14:29:03 | 000,579,653 | ---- | C] () -- C:\Users\RDD\Desktop\Bonds_Weekly_KW_21-2013.pdf
[2013.05.25 14:20:53 | 000,007,598 | ---- | C] () -- C:\Users\RDD\AppData\Local\Resmon.ResmonCfg
[2013.05.21 07:22:56 | 000,332,116 | ---- | C] () -- C:\Users\RDD\Desktop\DE_LR_DellSW_NGFW_Eval_Guide_US.pdf
[2013.05.16 21:50:38 | 002,443,590 | ---- | C] () -- C:\Users\RDD\Desktop\effective-communication-skills.pdf
[2013.05.16 21:50:20 | 002,350,300 | ---- | C] () -- C:\Users\RDD\Desktop\strategicmanagement.pdf
[2013.05.11 11:05:14 | 000,189,301 | ---- | C] () -- C:\Users\RDD\Desktop\Mind_map_of_information_security.svg
[2013.05.09 16:51:36 | 000,003,212 | ---- | C] () -- C:\Users\RDD\AppData\Local\recently-used.xbel
[2013.05.03 12:48:03 | 000,002,531 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nitro Pro 8.lnk
[2013.05.01 03:02:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.01 03:02:50 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.01.19 22:34:46 | 000,280,904 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2013.01.19 22:34:29 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2013.01.11 23:00:37 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2013.01.11 23:00:14 | 000,000,238 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2012.12.28 14:18:47 | 000,224,262 | ---- | C] () -- C:\Windows\hpoins16.dat
[2012.12.28 14:18:47 | 000,003,770 | ---- | C] () -- C:\Windows\hpomdl16.dat
[2012.12.27 23:45:47 | 000,000,271 | ---- | C] () -- C:\Windows\lgfwup.ini
[2012.12.27 23:27:03 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2012.12.27 22:09:28 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
[2012.12.02 09:38:16 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.12.02 09:38:16 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.11.27 01:18:46 | 000,038,912 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2012.08.26 23:10:34 | 000,039,904 | ---- | C] () -- C:\Windows\SysWow64\dischandler.exe
[2012.08.21 05:15:22 | 003,978,240 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll
[2012.08.21 05:14:04 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2012.08.21 05:12:48 | 000,271,360 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2012.08.21 05:12:34 | 000,099,840 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2012.08.21 05:12:32 | 000,157,184 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2012.08.21 05:12:30 | 000,147,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2012.08.21 05:12:28 | 001,525,760 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2012.08.21 05:12:28 | 000,211,968 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2012.08.21 05:12:28 | 000,114,688 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2012.08.21 05:12:24 | 000,330,240 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll
[2012.07.19 20:56:08 | 000,172,544 | ---- | C] () -- C:\Windows\SysWow64\libbluray.dll
[2012.07.19 20:56:02 | 006,894,331 | ---- | C] () -- C:\Windows\SysWow64\avcodec-lav-54.dll
[2012.07.19 20:56:02 | 001,111,581 | ---- | C] () -- C:\Windows\SysWow64\avformat-lav-54.dll
[2012.07.19 20:56:02 | 000,401,685 | ---- | C] () -- C:\Windows\SysWow64\swscale-lav-2.dll
[2012.07.19 20:56:02 | 000,232,895 | ---- | C] () -- C:\Windows\SysWow64\avutil-lav-51.dll
[2012.07.19 20:56:02 | 000,162,743 | ---- | C] () -- C:\Windows\SysWow64\avfilter-lav-3.dll
[2012.07.19 20:56:02 | 000,101,820 | ---- | C] () -- C:\Windows\SysWow64\avresample-lav-0.dll
[2011.12.07 21:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\Lagarith.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.09.08 16:00:52 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2011.09.08 16:00:48 | 000,142,336 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2011.09.08 16:00:42 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2011.09.08 16:00:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2011.09.08 16:00:34 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2011.09.08 16:00:24 | 000,154,624 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2011.09.08 16:00:10 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2011.09.08 16:00:06 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2011.09.08 15:59:54 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2011.09.08 15:59:52 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 192 bytes -> C:\Windows:nlsPreferences

< End of report >
         
 
--- --- ---

Alt 31.05.2013, 11:17   #29
schrauber
/// the machine
/// TB-Ausbilder
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Hi,

Fixen mit OTL

  • Starte bitte die OTL.exe.
  • Kopiere nun den Inhalt aus der Codebox in die Textbox.
Code:
ATTFilter
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.delta-search.com/?affID=119816&babsrc=HP_ss&mntrId=92341C6F65806AF8
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;localhost;10.*;192.168.*;127.0.0.1:895;127.0.0.1:896;<local>
:files
C:\ProgramData\BrowserProtect
C:\Users\All Users\BrowserProtect
G:\27.12.2012\Desktop\Ronfiles\Install-File-Packet-Cafer
:Commands
[emptytemp]
  • Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
  • Schließe bitte nun alle Programme.
  • Klicke nun bitte auf den Fix Button.
  • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
    ( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
    Kopiere nun den Inhalt hier in Deinen Thread
__________________
gruß,
schrauber

Proud Member of UNITE and ASAP since 2009

Spenden
Anleitungen und Hilfestellungen
Trojaner-Board Facebook-Seite

Keine Hilfestellung via PM!

Alt 31.05.2013, 12:00   #30
ElJimador
 
Rootkit, Trojaner, die Nadel im Heuhaufen - Standard

Rootkit, Trojaner, die Nadel im Heuhaufen


Code:
ATTFilter
All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\bProtector Start Page| /E : value set successfully!
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
========== FILES ==========
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect scheduled to be moved on reboot.
G:\27.12.2012\Desktop\Ronfiles\Install-File-Packet-Cafer folder moved successfully.
========== COMMANDS ==========
 
[EMPTYTEMP]
 
User: All Users
 
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
 
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
 
User: Public
->Temp folder emptied: 0 bytes
 
User: RDD
->Temp folder emptied: 221941084 bytes
->Temporary Internet Files folder emptied: 566449452 bytes
->Java cache emptied: 2678397 bytes
->Google Chrome cache emptied: 353752422 bytes
->Flash cache emptied: 36130 bytes
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 12207 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 46488919 bytes
RecycleBin emptied: 2420544 bytes
 
Total Files Cleaned = 1.138,00 mb
 
 
OTL by OldTimer - Version 3.2.69.0 log created on 05312013_124850

Files\Folders moved on Reboot...
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\ProgramData\BrowserProtect scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\traking_settings scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\FirefoxExtension scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8} scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect\2.6.1249.132 scheduled to be moved on reboot.
Folder move failed. C:\Users\All Users\BrowserProtect scheduled to be moved on reboot.
C:\Users\RDD\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

Antwort
Seite 2 von 3 1 2 3

Themen zu Rootkit, Trojaner, die Nadel im Heuhaufen
antivirus, aufsetzen, aufsuchen, avira, bootsektor, bootvorgang, datei, friert, hardware, hintergrund, neu, nichts, plötzlich, problem, rechner, rootkit, rootkit scanner, rum, scanner, situation, spinnt, system, tan, trojaner, unbedingt, virus, windows, öffnet


« Java-Virus JAVA/Dldr.Themod.IE + EXP/CVE-2013-0431.BK mit Avira entdeckt | BKA Trojaner auf XP System OTL »


Ähnliche Themen: Rootkit, Trojaner, die Nadel im Heuhaufen


  1. syshost.exe trojaner/rootkit
    Log-Analyse und Auswertung - 24.09.2014 (14)
  2. - Rootkit entdeckt ! Win7 - Anti-Rootkit o. Neuinstallation ?
    Plagegeister aller Art und deren Bekämpfung - 15.02.2014 (13)
  3. GMER - Rootkit Scanner - VMAUTHSERVICE Rootkit
    Log-Analyse und Auswertung - 27.10.2013 (5)
  4. Rootkit Trojaner bei e-Bay
    Plagegeister aller Art und deren Bekämpfung - 11.05.2013 (2)
  5. Rootkit, Bootkit, Rootkit.win32.tdss.ld4 - ich weiss nicht weiter..
    Log-Analyse und Auswertung - 18.03.2013 (1)
  6. Rootkit Infektion, danach Windows-Neuinstallation, GMER zeigt erneut Rootkit Aktivitäten an (Avast! false positive?)
    Log-Analyse und Auswertung - 05.03.2013 (2)
  7. Rootkit.gen gefunden/Rootkit-Befall - Bin ich im dran? Brauche dringend Beratung !!!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2012 (3)
  8. Probleme mit Trojaner/Rootkit
    Plagegeister aller Art und deren Bekämpfung - 31.10.2011 (26)
  9. Starforce? Rootkit Rootkit.TDSS! Bluescreens und Mbr laufend beschädigt!
    Plagegeister aller Art und deren Bekämpfung - 02.03.2011 (9)
  10. TAN Trojaner + Win32:Rootkit-gen
    Plagegeister aller Art und deren Bekämpfung - 03.02.2011 (17)
  11. Absturz durch Rootkit beim GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 16.12.2010 (4)
  12. Pc Absturz durch Rootkit bei GMER Rootkit Scan
    Plagegeister aller Art und deren Bekämpfung - 12.08.2010 (20)
  13. Tr/rootkit.gen windows/system32/Drivers.lnuuf.sys (rootkit Agent)
    Plagegeister aller Art und deren Bekämpfung - 29.05.2010 (1)
  14. Trojaner TR/Rootkit.Gen
    Plagegeister aller Art und deren Bekämpfung - 14.06.2009 (0)
  15. Trojaner / Rootkit
    Plagegeister aller Art und deren Bekämpfung - 20.05.2009 (22)
  16. Rootkit/Trojaner on board?
    Log-Analyse und Auswertung - 26.08.2007 (17)
  17. Ich habe den Trojaner TR/Rootkit.Gen
    Plagegeister aller Art und deren Bekämpfung - 08.03.2007 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Rootkit, Trojaner, die Nadel im Heuhaufen - Stell mal den Avast-Scan ab nach Anleitung, immer noch Abstürze? - Rootkit, Trojaner, die Nadel im Heuhaufen...
Archiv
Du betrachtest: Rootkit, Trojaner, die Nadel im Heuhaufen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131