Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?

Mobeil · 03.06.2013, 22:56

Liebes TB-Team,
ich bin euch sehr dankbar wenn ihr mir bei folgendem Problem helft:

Bisher habe ich an meinen Computer keine offensichtliche Störung bemerkt.
Ich nutze einen VPN Client der Firma Cisco und kann mich nun jedoch seit drei Tagen nicht mehr korrekt in mein Netz einwählen. Mir wurde mitgeteilt, dass ein Befall mit Malware häufig diese Art von Fehler verursacht.
Nachdem ich nun mein Antivirenprogramm aktualisiert und gedownloaded habe fiel mir auf, dass die gewünschten Dateien einfach nicht mehr da sind.
Sichtbarmachung versteckter Dateien und Dateinendungen ist im Windows Explorer aktiviert.
Beim Speichern auf ein externes Laufwerk wird die Datei komplett gedownloaded jedoch als .PART Datei hinterlassen und kann dann nicht korrekt geöffnet werden.

Habe mich durch euer Forum geklickt und mittels Kaspersky Rescue disc und TSSD Scanner
Trojan.dropper.win 32.injector.ezug gefunden und versucht zu löschen.
Danach mit TSSD und Antivir (aktualisiert) gescannt und kein weitere Schadsoftware gefunden.

Datein jeder Art verschwinden jedoch weitherhin nach erfolgreichem Download von meinen Rechner.

Hab Log Dateien nach der Anleitung erstellt.
Beim Scan mit GMER stürzte der PC mehrfach ab mit verschiedenen Fehlermeldungen:
Fehler bei "driver_irql_not_less_or_equal" oder "APC_index_mismatch" oder aber einfach blue sreen mit Neustart. Log Datei wurde davon keine erstellt.

Hier die Log Dateien:
defogger log:

Code:

ATTFilter

defogger_disable by jpshortstuff (23.02.10.1)
Log created at 22:14 on 03/06/2013 (Mustermann)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

OTL Txt:

Code:

ATTFilter

OTL logfile created on: 03.06.2013 22:16:25 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = F:\Trojaner\Anfoderung für TB
Windows Vista Home Premium Edition  (Version = 6.0.6000) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18882)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,94 Gb Total Physical Memory | 1,23 Gb Available Physical Memory | 63,65% Memory free
4,08 Gb Paging File | 3,24 Gb Available in Paging File | 79,51% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 67,07 Gb Total Space | 3,35 Gb Free Space | 4,99% Space Free | Partition Type: NTFS
Drive D: | 39,83 Gb Total Space | 6,32 Gb Free Space | 15,85% Space Free | Partition Type: NTFS
Drive F: | 1,88 Gb Total Space | 1,56 Gb Free Space | 82,66% Space Free | Partition Type: FAT
 
Computer Name: LAPTOP-MUSTERMANN | User Name: MUSTERMANN | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.06.03 22:11:16 | 000,602,112 | ---- | M] (OldTimer Tools) -- F:\Trojaner\Anfoderung für TB\OTL.exe
PRC - [2013.06.03 20:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.03 20:08:17 | 000,079,584 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.06.03 20:07:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.06.03 20:07:54 | 000,345,312 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.03.12 09:05:50 | 029,106,336 | ---- | M] (Dropbox, Inc.) -- C:\Users\MUSTERMANN\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2013.01.24 09:33:44 | 000,701,872 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
PRC - [2013.01.24 09:33:24 | 000,544,688 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
PRC - [2012.02.28 10:30:04 | 000,825,344 | ---- | M] (Repkasoft) -- C:\Program Files\YoWindow\yowindow.exe
PRC - [2008.10.29 08:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2006.12.01 07:36:59 | 004,186,112 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2006.11.02 11:44:59 | 000,068,608 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conime.exe
PRC - [2006.09.11 12:31:35 | 000,208,896 | ---- | M] (ALPS) -- C:\Program Files\Apoint2K\Apvfb.exe
PRC - [2006.09.08 09:10:21 | 000,040,960 | ---- | M] (Alps Electric Co., Ltd.) -- C:\Program Files\Apoint2K\HidFind.exe
PRC - [2006.09.07 06:31:45 | 000,024,576 | ---- | M] (Syntek America Inc.) -- C:\Windows\System32\StkSrv.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.24 09:34:14 | 000,063,408 | ---- | M] () -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
MOD - [2008.09.16 20:18:06 | 000,132,608 | ---- | M] () -- C:\Program Files\WinRAR\rarext.dll
 
 
========== Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2013.06.03 20:10:10 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.03 20:07:57 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.01.24 09:33:24 | 000,544,688 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012.05.03 21:54:52 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2006.09.07 06:31:45 | 000,024,576 | ---- | M] (Syntek America Inc.) [Auto | Running] -- C:\Windows\System32\StkSrv.exe -- (StkSSrv)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Windows\system32\drivers\blbdrive.sys -- (blbdrive)
DRV - [2013.06.03 20:11:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.06.03 20:11:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.06.03 20:11:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.06.03 20:11:47 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013.01.24 09:15:56 | 000,023,976 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2013.01.24 09:13:56 | 000,058,320 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsmux.sys -- (acsmux)
DRV - [2013.01.24 09:13:56 | 000,039,888 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\acsint.sys -- (acsint)
DRV - [2011.11.04 15:59:46 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd)
DRV - [2011.11.04 15:59:41 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP)
DRV - [2011.11.04 15:59:41 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap)
DRV - [2009.06.29 18:59:02 | 000,112,128 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbnet.sys -- (ewusbnet)
DRV - [2009.06.29 18:59:02 | 000,102,912 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbfake.sys -- (hwusbfake)
DRV - [2009.04.09 14:38:26 | 000,102,784 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ewusbmdm.sys -- (hwdatacard)
DRV - [2008.11.16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.12.22 00:31:30 | 000,509,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2006.12.19 07:37:59 | 004,447,808 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2006.12.14 09:11:57 | 000,007,680 | ---- | M] (ATK0100) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ATKACPI.sys -- (MTsensor)
DRV - [2006.11.14 18:16:23 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006.11.14 13:42:45 | 000,043,520 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2006.11.10 13:12:57 | 000,669,568 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\StkCMini.sys -- (StkCMini)
DRV - [2006.11.02 09:41:49 | 001,010,560 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial)
DRV - [2006.11.02 09:30:56 | 000,429,056 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvm60x32.sys -- (NVENETFD)
DRV - [2006.11.02 09:30:56 | 000,047,104 | ---- | M] (Realtek Semiconductor Corporation                           ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006.11.02 09:30:54 | 001,781,760 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32)
DRV - [2006.08.30 03:35:57 | 000,140,800 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {438B8E72-FD85-439F-9A6C-075D600546D9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{438B8E72-FD85-439F-9A6C-075D600546D9}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q="
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://google.com"
FF - prefs.js..extensions.enabledItems: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2010.01.21
FF - prefs.js..extensions.enabledItems: {02450954-cdd9-410f-b1da-db804e18c671}:0.96.3
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa2,version=2.0.0: C:\Program Files\Picasa2\npPicasa2.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Picasa2\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\Vodafone\Vodafone Mobile Connect\Optimization Client\addon\ [2010.03.18 08:31:10 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.05.03 21:54:52 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.06.03 20:42:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011.09.25 20:16:45 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins
 
[2010.01.26 01:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions
[2010.01.26 01:21:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.05.20 20:18:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\32x5c3ii.default\extensions
[2011.02.21 18:16:09 | 000,000,000 | ---D | M] (Screengrab) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\32x5c3ii.default\extensions\{02450954-cdd9-410f-b1da-db804e18c671}
[2008.12.11 23:09:53 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Users\Lars\AppData\Roaming\mozilla\Firefox\Profiles\32x5c3ii.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009.07.08 09:24:59 | 000,002,314 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\32x5c3ii.default\searchplugins\forestle-de.xml
[2008.12.15 16:13:07 | 000,001,196 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\mozilla\firefox\profiles\32x5c3ii.default\searchplugins\winamp-search.xml
[2012.01.20 15:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2007.06.28 17:53:07 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\mozilla firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010.01.27 10:28:43 | 000,000,000 | ---D | M] ("Citavi Picker") -- C:\Program Files\mozilla firefox\extensions\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}
[2011.05.25 10:12:37 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2012.05.03 21:54:52 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010.07.20 17:21:40 | 000,106,192 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npstrlnk.dll
[2012.02.13 23:37:07 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.02.13 23:37:07 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012.02.13 23:37:07 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2012.02.13 23:37:07 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.02.13 23:37:07 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.02.13 23:37:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: 
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Java(TM) Platform SE 6 U13 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll
CHR - plugin: Microsoft Office 2003 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: NapsterLink (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npstrlnk.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa2.dll
CHR - plugin: Picasa (Enabled) = C:\Program Files\Picasa2\npPicasa3.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\Lars\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
 
O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Fences] C:\Program Files\Stardock\Fences\Fences.exe (Stardock Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - Startup: C:\Users\MUSTERMANN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Lars\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\MUSTERMANN\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\YoWindow.lnk = C:\Program Files\YoWindow\yowindow.exe (Repkasoft)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000 File not found
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Computer, Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab (Java Plug-in 1.6.0_13)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45618544-CB27-43C1-A8D7-DF0D7370B134}: DhcpNameServer = 139.7.30.126 139.7.30.125
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{80115F06-64D9-4FEF-83A9-1A669BC48385}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{EDE0C2F9-9E67-4A09-A152-116CB44C72AD}: DhcpNameServer = 139.7.30.126 139.7.30.125
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~1\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O22 - SharedTaskScheduler: {1984DD45-52CF-49cd-AB77-18F378FEA264} - FencesShellExt - C:\Program Files\Stardock\Fences\FencesMenu.dll (Stardock)
O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img20.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - Unable to obtain root file information for disk F:\
O33 - MountPoints2\{1512d8d9-1581-11df-947c-001a92b087a6}\Shell\AutoRun\command - "" = F:\wd_windows_tools\setup.exe
O33 - MountPoints2\{2cedfdde-757b-11dc-8d44-001a92b087a6}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe -- [2011.02.08 09:22:54 | 000,047,616 | RHS- | M] ()
O33 - MountPoints2\{2cedfdde-757b-11dc-8d44-001a92b087a6}\Shell\explore\Command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe -- [2011.02.08 09:22:54 | 000,047,616 | RHS- | M] ()
O33 - MountPoints2\{2cedfdde-757b-11dc-8d44-001a92b087a6}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe -- [2011.02.08 09:22:54 | 000,047,616 | RHS- | M] ()
O33 - MountPoints2\{53280f24-3257-11df-bfab-001a92b087a6}\Shell - "" = AutoRun
O33 - MountPoints2\{53280f24-3257-11df-bfab-001a92b087a6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{53280f43-3257-11df-bfab-001a92b087a6}\Shell - "" = AutoRun
O33 - MountPoints2\{53280f43-3257-11df-bfab-001a92b087a6}\Shell\AutoRun\command - "" = F:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{6750d2d1-3357-11df-8a17-001a92b087a6}\Shell - "" = AutoRun
O33 - MountPoints2\{6750d2d1-3357-11df-8a17-001a92b087a6}\Shell\AutoRun\command - "" = G:\setup_vmc_lite.exe /checkApplicationPresence
O33 - MountPoints2\{7402f8f9-26f9-11dc-82dd-001a92b087a6}\Shell\AutoRun\command - "" = I:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O33 - MountPoints2\{7402f8f9-26f9-11dc-82dd-001a92b087a6}\Shell\explore\Command - "" = I:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O33 - MountPoints2\{7402f8f9-26f9-11dc-82dd-001a92b087a6}\Shell\open\command - "" = I:\RECYCLER\S-1-5-21-2214276341-3544434524-6043330-4321\update.exe
O33 - MountPoints2\{7402f8fc-26f9-11dc-82dd-001a92b087a6}\Shell - "" = AutoRun
O33 - MountPoints2\{7402f8fc-26f9-11dc-82dd-001a92b087a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe
O33 - MountPoints2\{765b8381-60ad-11dd-acba-001a92b087a6}\Shell - "" = AutoRun
O33 - MountPoints2\{765b8381-60ad-11dd-acba-001a92b087a6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{7f060b75-775c-11de-bce2-001a92b087a6}\Shell\AutoRun\command - "" = windows\usbv.exe
O33 - MountPoints2\{7f060b75-775c-11de-bce2-001a92b087a6}\Shell\open\command - "" = windows\usbv.exe
O33 - MountPoints2\{a7f0f0f3-e767-11de-bd45-001a92b087a6}\Shell\AutoRun\command - "" = F:\Menu.exe
O33 - MountPoints2\{dfdda188-feb1-11dd-ad95-001a92b087a6}\Shell\AutoRun\command - "" = WDSetup.exe
O33 - MountPoints2\F\Shell\AutoRun\command - "" = WDSetup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.06.03 21:55:43 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Local\Stardock_Corporation
[2013.06.03 21:55:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Stardock
[2013.06.03 21:54:48 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Stardock
[2013.06.03 21:54:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
[2013.06.03 21:54:44 | 000,000,000 | ---D | C] -- C:\Program Files\Stardock
[2013.06.03 20:18:51 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Avira
[2013.06.03 20:14:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.06.03 20:13:45 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.03 20:13:45 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.03 20:13:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2013.06.03 19:42:00 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Malwarebytes
[2013.06.03 19:41:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.06.03 12:27:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited
[2013.06.03 12:27:18 | 000,000,000 | ---D | C] -- C:\Users\Lars\AppData\Roaming\Canneverbe Limited
[2013.06.03 12:25:29 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
 
========== Files - Modified Within 30 Days ==========
 
[2013.06.03 22:14:27 | 000,000,000 | ---- | M] () -- C:\Users\Lars\defogger_reenable
[2013.06.03 21:59:35 | 000,641,344 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.06.03 21:59:35 | 000,610,142 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.06.03 21:59:35 | 000,116,706 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.06.03 21:59:35 | 000,103,924 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.06.03 21:55:02 | 000,042,174 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\nvModes.001
[2013.06.03 21:54:59 | 000,001,814 | ---- | M] () -- C:\Users\Lars\Desktop\Customize Fences.lnk
[2013.06.03 21:53:32 | 000,042,174 | ---- | M] () -- C:\Users\Lars\AppData\Roaming\nvModes.dat
[2013.06.03 21:52:19 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 21:52:18 | 000,003,072 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.06.03 21:52:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.06.03 21:42:10 | 000,001,356 | ---- | M] () -- C:\Users\Lars\AppData\Local\d3d9caps.dat
[2013.06.03 20:42:40 | 000,001,894 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.06.03 20:14:16 | 000,001,854 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.06.03 20:11:47 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys
[2013.06.03 20:11:47 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys
[2013.06.03 20:11:47 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys
[2013.06.03 20:11:47 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys
[2013.06.03 13:24:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job
[2013.06.03 10:59:43 | 000,045,056 | ---- | M] () -- C:\Windows\System32\acovcnt.exe
[2013.06.03 10:03:57 | 000,000,416 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{E75C0192-2285-45EC-BD89-410605581C1A}.job
[2013.05.27 10:32:35 | 000,000,069 | ---- | M] () -- C:\Windows\NeroDigital.ini
 
========== Files Created - No Company Name ==========
 
[2013.06.03 22:14:27 | 000,000,000 | ---- | C] () -- C:\Users\Lars\defogger_reenable
[2013.06.03 21:54:59 | 000,001,814 | ---- | C] () -- C:\Users\Lars\Desktop\Customize Fences.lnk
[2013.06.03 20:42:40 | 000,001,894 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk
[2013.06.03 20:14:16 | 000,001,854 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.02 15:07:50 | 004,246,016 | ---- | C] () -- C:\Program Files\anyconnect-win-3.1.02040-pre-deploy-k9.msi
[2013.01.01 20:45:06 | 000,000,127 | ---- | C] () -- C:\Windows\System32\MRT.INI
[2011.04.19 20:54:44 | 000,001,356 | ---- | C] () -- C:\Users\Lars\AppData\Local\d3d9caps.dat
[2010.09.27 17:35:37 | 000,000,072 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\psppirerc
[2009.11.10 14:04:07 | 000,004,096 | -H-- | C] () -- C:\Users\Lars\AppData\Local\keyfile3.drm
[2009.06.16 14:25:02 | 000,121,512 | R--- | C] () -- C:\ProgramData\DeviceManager.xml.rc4
[2009.05.08 09:39:46 | 000,000,410 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\Poladroid prefs.plist
[2008.02.21 19:05:22 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html
[2007.10.05 21:41:27 | 000,001,210 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\mdb.bin
[2007.06.30 15:07:18 | 000,024,206 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\UserTile.png
[2007.06.28 19:42:12 | 000,042,174 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\nvModes.001
[2007.06.28 19:42:11 | 000,042,174 | ---- | C] () -- C:\Users\Lars\AppData\Roaming\nvModes.dat
[2007.06.28 16:53:14 | 000,209,408 | ---- | C] () -- C:\Users\Lars\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
 
========== ZeroAccess Check ==========
 
[2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
"ThreadingModel" = Both
"" = C:\$Recycle.Bin\S-1-5-21-3684105093-732391033-1714160640-1000\$47f186bbb2dba2d2414c9c49f039b5c5\n.
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2008.11.06 14:57:06 | 011,315,712 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = fastprox.dll -- [2009.03.03 06:16:12 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2006.11.02 11:46:13 | 000,348,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2009.11.17 19:52:38 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Academic Software Zurich
[2011.02.13 22:16:13 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Buhl Data Service
[2010.03.18 08:32:27 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Bytemobile
[2013.06.03 12:27:18 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Canneverbe Limited
[2010.08.01 22:38:58 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Canon
[2012.07.08 18:31:50 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\com.Rhapsody.Napster5
[2013.06.03 21:53:08 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Dropbox
[2010.09.27 16:20:05 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\gtk-2.0
[2007.06.30 23:13:52 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Leadertech
[2009.10.23 00:19:04 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\LimeWire
[2011.05.11 10:28:01 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\LyX2.0
[2009.06.18 23:21:30 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Mp3tag
[2011.01.07 10:03:24 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\NCH Swift Sound
[2009.04.08 10:33:24 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\OpenOffice.org
[2007.10.31 21:10:25 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\PeerNetworking
[2013.06.03 21:54:48 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Stardock
[2011.11.05 12:32:28 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\streamripper
[2009.12.10 09:33:12 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Sync App Settings
[2012.05.29 23:10:45 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\TeamViewer
[2010.01.26 01:21:03 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Thunderbird
[2010.03.18 08:32:27 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Vodafone
[2010.03.19 15:04:12 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\Vodafone Mobile Connect
[2012.03.03 23:33:45 | 000,000,000 | ---D | M] -- C:\Users\Lars\AppData\Roaming\YoWindow
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 106 bytes -> C:\ProgramData\TEMP:DFC5A2B2

< End of report >

Extras Log Datei im Anhang.
Wie schon geschrieben bin ich Euch für Eure Hilfe sehr dankbar, da ich mit meinen Wissen bis zu diesem Punkt nicht mehr weiterkomme.
Bestellungen, Banking usw. traue ich mir aktuell mit dem infizierten PC auch nicht mehr.

Ich freu mich auf eine Antwort!

Viele Grüße,
Mobeil

Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?

Log-Analyse und Auswertung: Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?

Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?

Ähnliche Themen: Dateien "verschwinden" nach Download vom PC-ist Trojan.dropper.win32.injector die Ursache?