Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Trojaner Dropper.gen - womöglich aber noch mehr als das

Trojaner Dropper.gen - womöglich aber noch mehr als das


Log-Analyse und Auswertung: Trojaner Dropper.gen - womöglich aber noch mehr als das

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 15.10.2014, 20:09   #1
Sonnenpunkt
 
Trojaner Dropper.gen - womöglich aber noch mehr als das - Standard

Trojaner Dropper.gen - womöglich aber noch mehr als das


Hallo und guten Abend allerseits,

ich bin seit Tagen verzweifelt durch diesen "dropper". Begonnen hat das ganze, indem sich bei jedem der Browser, Mozilla, Explorer und auch Opera beim Öffnen drei Tabs gleichzeitig geöffnet haben. Beim Arbeiten mit einer Seite, öffneten sich immer wieder neue Seiten. Die Werbungen nahmen stetig zu.

Ich habe hier bereits etwas darüber gelesen. Mein französisches Betriebssystem macht es mir allerdings nicht leicht jedem Schritt hier zu folgen.

OTL habe ich mir runtergeladen und den Scan durchgeführt. Dann erschienen die Bloc-notes, die ich jetzt einfach mal hier mit einfügen werde. Wie ich weiter vorgehen muss ist mir überhaupt nicht klar...

Ich hoffe ihr könnt mir helfen...

Verzweifelt,

Sonnenpunkt


OTL logfile created on: 15.10.2014 20:32:51 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Bomo\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.11.9600.17358)
Locale: 00000407 | Country: Allemagne | Language: DEU | Date Format: dd.MM.yyyy

3,50 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 36,93% Memory free
7,00 Gb Paging File | 4,05 Gb Available in Paging File | 57,87% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465,66 Gb Total Space | 208,60 Gb Free Space | 44,80% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: BOMO-PC | User Name: Bomo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2014.10.15 20:32:08 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Bomo\Downloads\otl.exe
PRC - [2014.10.15 15:02:22 | 000,499,832 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
PRC - [2014.10.15 15:02:21 | 050,071,160 | ---- | M] (Opera Software) -- C:\Program Files\Opera\25.0.1614.50\opera.exe
PRC - [2014.10.11 11:57:07 | 001,848,976 | ---- | M] (LookThisUp) -- C:\Users\Bomo\AppData\Roaming\LookThisUp\LookThisUp.exe
PRC - [2014.09.26 06:56:41 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2014.09.02 21:55:28 | 000,487,483 | ---- | M] () -- C:\monitor.exe
PRC - [2014.09.01 20:26:50 | 001,317,096 | ---- | M] (MyOSCompany) -- C:\Program Files\PCTRunner\MyOSProtect.exe
PRC - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
PRC - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
PRC - [2014.07.07 13:53:12 | 000,189,520 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe
PRC - [2014.07.02 13:06:46 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2014.07.02 13:06:44 | 000,426,064 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2014.07.02 13:06:42 | 000,750,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2014.07.02 13:06:42 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2014.05.25 14:04:06 | 000,573,344 | ---- | M] (Fuyu LIMITED) -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe
PRC - [2014.05.08 12:52:32 | 000,704,112 | ---- | M] (Cherished Technololgy LIMITED) -- C:\ProgramData\IePluginServices\PluginService.exe
PRC - [2014.05.06 18:23:52 | 000,781,600 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\Monitor.exe
PRC - [2014.04.21 18:05:56 | 002,295,584 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe
PRC - [2014.01.14 14:50:06 | 000,881,952 | ---- | M] (IObit) -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe
PRC - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.07.02 10:16:32 | 000,507,264 | ---- | M] (Oracle Corporation) -- C:\Program Files\Common Files\Java\Java Update\jucheck.exe
PRC - [2013.01.18 16:21:02 | 000,873,248 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.13 16:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
PRC - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Modules (No Company Name) ==========

MOD - [2014.10.15 15:02:22 | 009,218,680 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\pdf.dll
MOD - [2014.10.15 15:02:22 | 000,499,832 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\opera_crashreporter.exe
MOD - [2014.10.15 15:02:19 | 001,310,328 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\libglesv2.dll
MOD - [2014.10.15 15:02:19 | 000,219,256 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\libegl.dll
MOD - [2014.10.15 15:02:18 | 000,991,864 | ---- | M] () -- C:\Program Files\Opera\25.0.1614.50\ffmpegsumo.dll
MOD - [2014.10.15 09:45:13 | 000,260,096 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsForm0b574481#\446bc9f0c3b5824fab519cb5fec5af1b\WindowsFormsIntegration.ni.dll
MOD - [2014.10.15 09:44:37 | 019,696,640 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.ServiceModel\316b149dbb031d0e35c9d57bb2fc4b6e\System.ServiceModel.ni.dll
MOD - [2014.10.15 09:44:14 | 002,997,248 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.IdentityModel\92a3b88ac6300af062edd6503bc5903c\System.IdentityModel.ni.dll
MOD - [2014.10.15 09:43:33 | 000,018,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio49d6fefe#\38d6578b4fe29bede85ffff08e3697b6\PresentationFramework-SystemXml.ni.dll
MOD - [2014.10.15 09:43:32 | 000,016,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio84a7b877#\4df6733efc348c009a4a6e0adccc42a6\PresentationFramework-SystemData.ni.dll
MOD - [2014.10.15 09:41:38 | 001,051,136 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Management\99cdfef98595ed91f14936cf52a49c54\System.Management.ni.dll
MOD - [2014.10.15 08:37:45 | 011,922,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b4001d722e320fa42cd87b04b5249b2d\System.Web.ni.dll
MOD - [2014.10.15 08:36:52 | 012,435,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\1453d9e9a4989833ef3db4b22549ba1a\System.Windows.Forms.ni.dll
MOD - [2014.10.15 08:36:44 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\836e10dfd0811b303553216f5cb092ef\System.Drawing.ni.dll
MOD - [2014.10.15 08:36:37 | 005,467,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49908aa93a23c84847b1f8b1b667860\System.Xml.ni.dll
MOD - [2014.10.15 08:36:34 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\237d509a79aeef6e4635b09450d98f2a\System.Configuration.ni.dll
MOD - [2014.10.15 08:36:16 | 007,991,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\908ba9e296e92b4e14bdc2437edac603\System.ni.dll
MOD - [2014.10.15 08:25:16 | 018,813,440 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio5ae0f00f#\3646375313dd2b8e3afecbf945960336\PresentationFramework.ni.dll
MOD - [2014.10.15 08:25:04 | 011,025,920 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\006d28e7c86f3e70db90ce06ea2f33fb\PresentationCore.ni.dll
MOD - [2014.10.15 08:24:57 | 001,889,792 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\8b133e0d94535a7534719f70873ca7fe\System.Xaml.ni.dll
MOD - [2014.10.15 08:24:56 | 003,950,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\94bbd298ec8575f3c6151a59538a109c\WindowsBase.ni.dll
MOD - [2014.10.15 08:24:55 | 007,409,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data\5d2c01ae1ca8c40ed74cdfd7b7b7dcb1\System.Data.ni.dll
MOD - [2014.10.15 08:24:55 | 000,470,528 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\Presentatio1c9175f8#\7971f3a1c08c4043cf981f457855b4d4\PresentationFramework.Aero.ni.dll
MOD - [2014.10.15 08:24:54 | 012,894,208 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\db563d596d76daed04e9b5d25b2f4cb9\System.Windows.Forms.ni.dll
MOD - [2014.10.15 08:24:53 | 000,223,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Serv759bfb78#\902843918d037f5f3511d679bf1e2216\System.ServiceProcess.ni.dll
MOD - [2014.10.15 08:24:51 | 002,542,080 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Data.Linq\5e84979fadb7eb63caedea9f4acefcc9\System.Data.Linq.ni.dll
MOD - [2014.10.15 08:24:49 | 007,668,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\7147fa233a070283dba824da40089bf1\System.Xml.ni.dll
MOD - [2014.10.15 08:24:49 | 006,990,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\691c1ad89d16f49d80e84fa06a79089a\System.Core.ni.dll
MOD - [2014.10.15 08:24:49 | 001,180,672 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\c90a4b709b46b64c89fce02585d55370\System.Management.ni.dll
MOD - [2014.10.15 08:24:48 | 002,822,144 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runteb92aa12#\f9f13cd8fe1cefaad78579a7c3a41464\System.Runtime.Serialization.ni.dll
MOD - [2014.10.15 08:24:47 | 000,122,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\SMDiagnostics\046058f81b039ab6fd839e03e67595f8\SMDiagnostics.ni.dll
MOD - [2014.10.15 08:24:46 | 000,794,112 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Servd1dec626#\35d3a1b878542de59cb4fc0593992404\System.ServiceModel.Internals.ni.dll
MOD - [2014.10.15 08:24:45 | 001,644,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\b4c08872c259018b17b2801da33ac80f\System.Drawing.ni.dll
MOD - [2014.10.15 08:24:44 | 000,976,384 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\0648dbecb7e3fb9523565107e04a5caf\System.Configuration.ni.dll
MOD - [2014.10.15 08:24:43 | 010,100,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\17a393b77ae757f0768501fb95ff5af6\System.ni.dll
MOD - [2014.09.26 06:56:41 | 003,715,184 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014.09.12 11:42:57 | 011,497,984 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\38bf604432e1a30c954b2ee40d6a2d1c\mscorlib.ni.dll
MOD - [2014.09.10 22:32:13 | 016,825,520 | ---- | M] () -- C:\Windows\System32\Macromed\Flash\NPSWF32_15_0_0_152.dll
MOD - [2014.07.07 13:53:10 | 000,137,296 | ---- | M] () -- C:\Program Files\Avira\My Avira\Avira.OE.NativeCore.dll
MOD - [2014.07.07 13:53:06 | 000,049,744 | ---- | M] () -- C:\Users\Bomo\AppData\Local\Temp\avgnt.exe\Avira.OE.ExtApi.dll
MOD - [2014.02.27 21:09:28 | 000,190,976 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\UIAutomationTypes\75b6a68103e1b76063d9f69b8275ae61\UIAutomationTypes.ni.dll
MOD - [2014.02.27 15:01:25 | 000,147,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Numerics\4c8a153aa66fcd62db6fff269a2ef2b4\System.Numerics.ni.dll
MOD - [2014.02.27 15:01:24 | 016,953,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\ce5f61c5754789df97be8dc991c47d07\mscorlib.ni.dll
MOD - [2013.01.15 18:48:26 | 000,348,992 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madExcept_.bpl
MOD - [2013.01.15 18:48:26 | 000,051,008 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madDisAsm_.bpl
MOD - [2013.01.15 18:48:24 | 000,183,616 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\madBasic_.bpl
MOD - [2013.01.15 18:47:56 | 000,893,248 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 7\webres.dll
MOD - [2012.11.28 15:13:52 | 000,087,952 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012.11.28 15:13:30 | 001,242,512 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2012.10.13 16:05:42 | 000,042,496 | ---- | M] () -- C:\Program Files\dradio-Recorder\phonostarTimer.exe
MOD - [2010.11.13 02:58:32 | 000,311,296 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_fr_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 04:00:10 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_fr_b77a5c561934e089\System.resources.dll
MOD - [2006.09.19 10:07:28 | 000,827,392 | ---- | M] () -- C:\Windows\vsnpstd3.exe


========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Wajam\Wajam Internet Enhancer\WajamInternetEnhancerService.exe -- (Wajam Internet Enhancer Service)
SRV - File not found [Auto | Stopped] -- C:\Program Files\webget\updatewebget.exe -- (Update webget)
SRV - File not found [Auto | Stopped] -- C:\PROGRA~1\SearchProtect\Main\bin\CltMngSvc.exe -- (CltMngSvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\MyPC Backup\BackupStack.exe -- (BackupStack)
SRV - [2014.10.09 21:14:13 | 000,068,608 | ---- | M] (globalUpdate) [On_Demand | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdatem)
SRV - [2014.10.09 21:14:13 | 000,068,608 | ---- | M] (globalUpdate) [Auto | Stopped] -- C:\Program Files\globalUpdate\Update\GoogleUpdate.exe -- (globalUpdate)
SRV - [2014.09.26 06:56:41 | 000,114,288 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014.09.24 15:32:08 | 000,267,440 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2014.09.19 02:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV - [2014.09.02 21:55:26 | 000,034,244 | ---- | M] () [Auto | Stopped] -- C:\monitorsvc.exe -- (ProtectMonitor)
SRV - [2014.09.01 20:26:50 | 001,317,096 | ---- | M] (MyOSCompany) [On_Demand | Running] -- C:\Program Files\PCTRunner\MyOSProtect.exe -- (MyOSProtect)
SRV - [2014.07.14 18:21:46 | 001,390,176 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe -- (c2cautoupdatesvc)
SRV - [2014.07.14 18:21:06 | 001,767,520 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe -- (c2cpnrsvc)
SRV - [2014.07.07 13:53:10 | 000,141,392 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Program Files\Avira\My Avira\Avira.OE.ServiceHost.exe -- (Avira.OE.ServiceHost)
SRV - [2014.07.02 13:06:46 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2014.07.02 13:06:42 | 000,430,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2014.05.25 14:04:06 | 000,573,344 | ---- | M] (Fuyu LIMITED) [Auto | Running] -- C:\ProgramData\WindowsProtectManger\wprotectmanager.exe -- (WindowsProtectManger)
SRV - [2014.05.08 12:52:32 | 000,704,112 | ---- | M] (Cherished Technololgy LIMITED) [Auto | Running] -- C:\ProgramData\IePluginServices\PluginService.exe -- (IePluginServices)
SRV - [2014.05.04 16:37:30 | 002,152,736 | ---- | M] (IObit) [Auto | Stopped] -- C:\Program Files\IObit\LiveUpdate\LiveUpdate.exe -- (LiveUpdateSvc)
SRV - [2014.04.03 20:21:48 | 000,315,008 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2014.01.14 14:50:06 | 000,881,952 | ---- | M] (IObit) [Auto | Running] -- C:\Program Files\IObit\Advanced SystemCare 7\ASCService.exe -- (AdvancedSystemCareService7)
SRV - [2013.12.21 08:04:16 | 000,065,432 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2013.01.18 08:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.09.25 14:03:04 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2008.10.09 07:07:56 | 000,107,912 | ---- | M] () [Auto | Running] -- C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE -- (IJPLMSVC)


========== Driver Services (SafeList) ==========

DRV - [2014.09.01 20:29:18 | 000,020,480 | ---- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\pcwatch.sys -- (pcwatch)
DRV - [2014.07.02 13:06:47 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2014.07.02 13:06:42 | 000,136,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2014.07.02 13:06:42 | 000,097,648 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2014.07.02 13:06:42 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2014.06.12 21:05:34 | 000,031,744 | ---- | M] (NetFilterSDK.com) [Kernel | System | Running] -- C:\Windows\System32\drivers\netfilter.sys -- (netfilter)
DRV - [2014.05.07 16:06:16 | 000,052,920 | ---- | M] (StdLib) [Kernel | System | Running] -- C:\Windows\System32\drivers\{9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw.sys -- ({9edd0ea8-2819-47c2-8320-b007d5996f8a}Gw)
DRV - [2014.04.28 15:32:18 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2014.04.28 15:32:18 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2013.02.26 00:22:06 | 008,939,296 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.05.13 13:11:34 | 000,006,504 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2007.03.27 19:19:36 | 010,252,544 | ---- | M] (Sonix Co. Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\snpstd3.sys -- (SNPSTD3)
DRV - [2007.02.03 11:32:36 | 000,041,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUSBSta.sys -- (LVUSBSta)
DRV - [2007.02.03 11:25:56 | 001,075,360 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Camdrl.sys -- (CamDrL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://istart.webssearches.com/web/?type=ds&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://istart.webssearches.com/web/?type=ds&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://istart.webssearches.com/?type=hp&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD
IE - HKLM\..\SearchScopes,DefaultScope = {33BB0A4E-99AF-4226-BDF6-49120163DE86}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://istart.webssearches.com/web/?type=ds&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://istart.webssearches.com/?type=hp&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1me10IE11DEDE/MCM_WCP
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://fr.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = fr
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 50 62 D8 2E E5 5B CB 01 [binary data]
IE - HKCU\..\URLSearchHook: {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0626485B39AA6FBE&affID=119649&tsp=4987
IE - HKCU\..\SearchScopes\{31090377-0740-419E-BEFC-A56E50500D5B}: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0626485B39AA6FBE&affID=119649&tsp=4987
IE - HKCU\..\SearchScopes\{32B5E945-E116-4F3F-B0B7-4B0EDA933A4D}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=1E09BAD4-4748-40AB-A22C-4C86A3B11D48&apn_sauid=5702F162-938A-454D-9ADB-DA3111B2B53E
IE - HKCU\..\SearchScopes\{33BB0A4E-99AF-4226-BDF6-49120163DE86}: "URL" = hxxp://istart.webssearches.com/web/?type=ds&ts=1401019375&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD&q={searchTerms}
IE - HKCU\..\SearchScopes\{C45D63B2-FFD4-4021-AE1C-0D016B34C846}: "URL" = hxxp://www.google.com/search?hl=en&q={searchTerms}
IE - HKCU\..\SearchScopes\E1B47A63066D4CE58764B208E4A39546: "URL" = hxxp://www2.delta-search.com/?q={searchTerms}&babsrc=SP_ss&mntrId=0626485B39AA6FBE&affID=119649&tsp=4987
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:58543;https=127.0.0.1:58543

========== FireFox ==========

FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:32.0.3
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_15_0_0_152.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1213153.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.55.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@Skype Technologies S.A..com/Skype Web Plugin: C:\Program Files\SkypeWebPlugin\npSkypeWebPlugin.dll (Skype)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=10: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@staging.google.com/globalUpdate Update;version=4: C:\Program Files\globalUpdate\Update\1.3.25.0\npGoogleUpdate4.dll (globalUpdate)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.24.15\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@phonostar.de/phonostar: C:\Program Files\dradio-Recorder\npphonostarDetectNP.dll File not found
FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Bomo\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Bomo\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{21EAF666-26B3-4a3c-ABD0-CA2F5A326744}: C:\Program Files\V-bates\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\quick_start@gmail.com: C:\Users\Bomo\AppData\Roaming\Mozilla\Firefox\Profiles\93crtdk0.default\extensions\quick_start@gmail.com
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 32.0.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2014.09.26 06:56:38 | 000,000,000 | ---D | M]

[2010.09.25 14:43:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bomo\AppData\Roaming\mozilla\Extensions
[2014.10.15 20:12:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Bomo\AppData\Roaming\mozilla\Firefox\Profiles\nms6b806.default-1413396115803\extensions
[2014.09.26 06:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2014.09.26 06:56:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2014.09.26 06:56:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0038-ABCDEFFEDCBA}
[2014.09.26 06:56:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\browser\extensions
[2014.09.26 06:56:42 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\mozilla firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

========== Chrome ==========

CHR - default_search_provider: webssearches (Enabled)
CHR - default_search_provider: search_url = hxxp://istart.webssearches.com/web/?type=dspp&ts=1413377026&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD&q={searchTerms}
CHR - default_search_provider: suggest_url =
CHR - homepage: hxxp://istart.webssearches.com/?type=hppp&ts=1413377028&from=tugs&uid=ST3500418AS_9VMLEFBDXXXX9VMLEFBD
CHR - default_search_provider: 14D1757D8428E4BEF913DD01BF391F4951A91CD1392413A0C81170B1FD5F0A0C (Enabled)
CHR - default_search_provider: search_url = 594021E3A1D31988747CF47860113FBBD639041F56BFEBEAA3778B54BE990A4E
CHR - default_search_provider: suggest_url =
CHR - homepage: 2CE0FC6855D67C8B5659DC39E3A50816642D8FB81EC187286C2D1EC304D3292F
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.7_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_1\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bakijjialdiiboeaknfpmflphhmljfkd\9.4.25_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbmegnmpleoagolcnjnejdacakedpcgd\2.0.0_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn\0.1.1.5023_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\cojnmaaohncijldefpkpkkakjonfmgeb\1.5.14_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\7.3.16540.9015_0\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda\0.0.6.1_1\
CHR - Extension: No name found = C:\Users\Bomo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\

O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {10921475-03CE-4E04-90CE-E2E7EF20C814} - No CLSID value found.
O2 - BHO: (IETabPage Class) - {3593C8B9-8E18-4B4B-B7D3-CB8BEB1AA42C} - C:\Program Files\SupTab\SupTab.dll (Thinknice Co. Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (no name) - {84FF7BD6-B47F-46F8-9130-01B2696B36CB} - No CLSID value found.
O2 - BHO: (Avira Savings Advisor BHO) - {A18A516C-AA41-46A9-92DB-60208917E442} - C:\Program Files\avira\Internet Explorer\avira32.dll ()
O2 - BHO: (Skype Click to Call for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O2 - BHO: (Advanced SystemCare Browser Protection) - {BA0C978D-D909-49B6-AFE2-8BDE245DC7E6} - C:\PROGRA~1\IObit\SURFIN~1\BROWER~1\ASCPLU~1.DLL (IObit)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [Avira Systray] C:\Program Files\Avira\My Avira\Avira.OE.Systray.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [fst_de_22] File not found
O4 - HKLM..\Run: [Skytel] C:\Program Files\Realtek\Audio\HDA\Skytel.exe (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKCU..\Run: [Advanced SystemCare 7] C:\Program Files\IObit\Advanced SystemCare 7\ASCTray.exe (IObit)
O4 - HKCU..\Run: [dradio-RecorderTimer] C:\Program Files\dradio-Recorder\phonostarTimer.exe ()
O4 - HKCU..\Run: [Facebook Update] C:\Users\Bomo\AppData\Local\Facebook\Update\FacebookUpdate.exe (Facebook Inc.)
O4 - HKCU..\Run: [LookThisUp] C:\Users\Bomo\AppData\Roaming\LookThisUp\LookThisUp.exe (LookThisUp)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Click to Call settings - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\MyOSProtect.dll (MyOSCompany)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\MyOSProtect.dll (MyOSCompany)
O13 - gopher Prefix: missing
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{55D2F6B5-E0B1-4DA2-84C4-CA978D6BC21B}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall - No CLSID value found
O18 - Protocol\Handler\msnim - No CLSID value found
O18 - Protocol\Handler\skypec2c {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\SupTab\SEARCH~1.DLL) - C:\PROGRA~1\SupTab\SEARCH~1.DLL (Skytech Co., Ltd.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\System32\Userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (lorer.exe) - C:\Windows\explorer.) - File not found
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - Unable to obtain root file information for disk C:\
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)

========== Files/Folders - Created Within 30 Days ==========

[2014.10.15 12:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\2308189059
[2014.10.15 06:42:47 | 000,230,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.10.15 06:42:46 | 000,396,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.10.15 06:42:46 | 000,302,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.10.15 06:42:17 | 002,379,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.10.15 06:40:34 | 000,646,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.10.15 06:40:34 | 000,365,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.10.15 06:40:34 | 000,112,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.10.15 06:40:34 | 000,108,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.10.15 06:40:34 | 000,060,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.10.15 06:40:34 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.10.15 06:40:34 | 000,043,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.10.15 06:40:34 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.10.15 06:40:33 | 000,440,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.10.15 06:40:33 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.10.15 06:40:32 | 001,068,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.10.15 06:40:32 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.10.15 06:40:31 | 000,597,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.10.15 06:40:30 | 004,201,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.10.15 06:40:28 | 002,724,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.10.15 06:40:28 | 000,678,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.10.15 06:40:28 | 000,677,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.10.15 06:40:28 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.10.15 06:40:28 | 000,331,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.10.15 06:40:28 | 000,032,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.10.15 06:40:27 | 002,017,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.10.15 06:40:27 | 000,164,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.10.15 06:40:27 | 000,061,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.10.15 06:39:47 | 000,156,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscorier.dll
[2014.10.15 06:39:47 | 000,081,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mscories.dll
[2014.10.15 06:39:22 | 000,269,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll
[2014.10.15 06:39:22 | 000,037,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll
[2014.10.15 06:39:21 | 002,744,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorets.dll
[2014.10.15 06:38:54 | 000,130,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll
[2014.10.15 06:37:51 | 000,067,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\packager.dll
[2014.10.15 06:37:38 | 000,744,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\blackbox.dll
[2014.10.15 06:37:37 | 000,988,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmv2clt.dll
[2014.10.15 06:37:37 | 000,617,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmdrmsdk.dll
[2014.10.15 06:37:34 | 003,208,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mf.dll
[2014.10.15 06:37:34 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AUDIOKSE.dll
[2014.10.15 06:37:34 | 000,409,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ci.dll
[2014.10.15 06:37:34 | 000,406,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drmmgrtn.dll
[2014.10.15 06:37:33 | 003,970,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe
[2014.10.15 06:37:33 | 000,521,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winload.exe
[2014.10.15 06:37:33 | 000,455,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\winresume.exe
[2014.10.15 06:37:33 | 000,195,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioSes.dll
[2014.10.15 06:37:32 | 003,914,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe
[2014.10.15 06:37:32 | 000,275,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\EncDump.dll
[2014.10.15 06:37:31 | 001,329,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\quartz.dll
[2014.10.15 06:37:31 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscp.dll
[2014.10.15 06:37:31 | 000,489,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\evr.dll
[2014.10.15 06:37:31 | 000,374,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\AudioEng.dll
[2014.10.15 06:37:31 | 000,354,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfplat.dll
[2014.10.15 06:37:31 | 000,265,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msnetobj.dll
[2014.10.15 06:37:31 | 000,103,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfps.dll
[2014.10.15 06:37:31 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\audiodg.exe
[2014.10.15 06:37:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidpolicyconverter.exe
[2014.10.15 06:37:31 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidapi.dll
[2014.10.15 06:37:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\setbcdlocale.dll
[2014.10.15 06:37:31 | 000,050,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rrinstaller.exe
[2014.10.15 06:37:31 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mfpmp.exe
[2014.10.15 06:37:30 | 012,625,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wmploc.DLL
[2014.10.15 06:37:30 | 000,016,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\appidcertstorecheck.exe
[2014.10.15 06:37:30 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\spwmp.dll
[2014.10.15 06:37:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdxm.ocx
[2014.10.15 06:37:30 | 000,004,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxmasf.dll
[2014.10.15 06:37:30 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mferror.dll
[2014.10.12 10:54:22 | 000,000,000 | ---D | C] -- C:\Users\Bomo\Desktop\Alte Firefox-Daten
[2014.10.11 11:57:06 | 000,000,000 | ---D | C] -- C:\Users\Bomo\AppData\Roaming\LookThisUp
[2014.10.11 11:50:36 | 000,000,000 | R--D | C] -- C:\Users\Bomo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartUp
[2014.10.11 11:11:32 | 000,000,000 | ---D | C] -- C:\Users\Bomo\Documents\Aufnahmen
[2014.10.11 11:11:07 | 000,000,000 | ---D | C] -- C:\Users\Bomo\AppData\Roaming\phonostar GmbH
[2014.10.11 11:11:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\dradio-Recorder
[2014.10.11 11:11:02 | 000,000,000 | ---D | C] -- C:\Program Files\dradio-Recorder
[2014.10.09 21:17:17 | 001,511,848 | ---- | C] (HQCinemaV09.10) -- C:\Users\Bomo\AppData\Roaming\SASXN.exe
[2014.10.09 21:16:27 | 000,304,776 | ---- | C] (MyOSCompany) -- C:\Windows\System32\MyOSProtect.dll
[2014.10.09 21:15:25 | 001,981,864 | ---- | C] (HQCinemaV09.10) -- C:\Users\Bomo\AppData\Roaming\AUACMKM.exe
[2014.10.09 21:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Easy Speed Check
[2014.10.09 21:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Probit Software
[2014.10.09 21:13:01 | 000,000,000 | ---D | C] -- C:\Program Files\PCTRunner
[2014.10.09 21:12:05 | 000,000,000 | ---D | C] -- C:\Users\Bomo\AppData\Local\Deployment
[2014.10.01 02:10:43 | 000,519,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\qdvd.dll
[2014.09.26 06:56:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2014.09.24 06:27:51 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll
[2014.09.23 07:53:23 | 000,000,000 | ---D | C] -- C:\Users\Bomo\Desktop\KOA
[2014.09.18 14:37:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2014.09.18 14:36:59 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2014.05.25 15:25:58 | 001,705,063 | ---- | C] (AnyProtect.com) -- C:\Users\Bomo\AppData\Local\AnyProtectScannerSetup.exe
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2014.10.15 20:41:00 | 000,000,280 | ---- | M] () -- C:\Windows\tasks\FF Watcher {C35292BB-8CFC-4E40-ADAE-B19BFF122167}.job
[2014.10.15 20:32:00 | 000,001,002 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2014.10.15 20:27:00 | 000,000,288 | ---- | M] () -- C:\Windows\tasks\Digital Sites.job
[2014.10.15 20:25:00 | 000,000,284 | ---- | M] () -- C:\Windows\tasks\FoxTab.job
[2014.10.15 20:05:09 | 000,000,264 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Maintenance.job
[2014.10.15 20:05:00 | 000,001,458 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-5.job
[2014.10.15 20:05:00 | 000,001,354 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-2.job
[2014.10.15 20:04:00 | 000,002,118 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-4.job
[2014.10.15 20:04:00 | 000,001,360 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-6.job
[2014.10.15 20:04:00 | 000,001,352 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-1.job
[2014.10.15 20:04:00 | 000,001,290 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-7.job
[2014.10.15 20:03:00 | 000,003,424 | ---- | M] () -- C:\Windows\tasks\d41bb091-7736-4a7d-94a7-2e24476cdf5a-3.job
[2014.10.15 19:51:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2014.10.15 19:50:01 | 000,000,924 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227404890-2646627263-1434445039-1001UA.job
[2014.10.15 19:50:00 | 000,000,902 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1227404890-2646627263-1434445039-1001Core.job
[2014.10.15 15:20:08 | 000,000,942 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineUA.job
[2014.10.15 15:05:34 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2014.10.15 15:05:34 | 000,023,248 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2014.10.15 15:05:33 | 000,000,258 | ---- | M] () -- C:\Windows\tasks\SpeedUpMyPC Startup.job
[2014.10.15 14:57:11 | 000,001,048 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2014.10.15 14:57:11 | 000,000,938 | ---- | M] () -- C:\Windows\tasks\globalUpdateUpdateTaskMachineCore.job
[2014.10.15 14:56:40 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2014.10.15 14:56:30 | 2817,925,120 | -HS- | M] () -- C:\hiberfil.sys
[2014.10.15 14:55:44 | 000,000,000 | ---- | M] () -- C:\asc_rdflag
[2014.10.15 14:10:13 | 000,002,197 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2014.10.15 14:10:13 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2014.10.15 14:10:10 | 000,002,221 | ---- | M] () -- C:\Users\Bomo\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2014.10.15 14:10:10 | 000,001,427 | ---- | M] () -- C:\Users\Bomo\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2014.10.15 12:40:07 | 000,002,155 | ---- | M] () -- C:\Users\Public\Desktop\Advanced SystemCare 7.lnk
[2014.10.15 08:29:53 | 000,291,032 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2014.10.15 08:02:23 | 000,000,119 | ---- | M] () -- C:\Users\Bomo\AppData\Roaming\WB.CFG
[2014.10.11 20:24:04 | 000,747,598 | ---- | M] () -- C:\Windows\System32\perfh00C.dat
[2014.10.11 20:24:04 | 000,654,208 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2014.10.11 20:24:04 | 000,150,122 | ---- | M] () -- C:\Windows\System32\perfc00C.dat
[2014.10.11 20:24:04 | 000,122,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2014.10.11 14:50:28 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\Poursuivre l'installation de Reimage Repair .lnk
[2014.10.11 14:48:29 | 000,000,099 | ---- | M] () -- C:\Windows\Reimage.ini
[2014.10.11 11:40:22 | 000,001,087 | ---- | M] () -- C:\Users\Bomo\Desktop\Continue Live Installation.lnk
[2014.10.11 11:11:08 | 000,001,082 | ---- | M] () -- C:\Users\Bomo\Application Data\Microsoft\Internet Explorer\Quick Launch\dradio-Recorder.lnk
[2014.10.11 11:11:08 | 000,001,058 | ---- | M] () -- C:\Users\Bomo\Desktop\dradio-Recorder.lnk
[2014.10.10 03:44:58 | 000,230,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\generaltel.dll
[2014.10.10 03:44:35 | 000,396,288 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aepdu.dll
[2014.10.10 03:39:38 | 000,302,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\aeinv.dll
[2014.10.09 21:17:17 | 001,511,848 | ---- | M] (HQCinemaV09.10) -- C:\Users\Bomo\AppData\Roaming\SASXN.exe
[2014.10.09 21:16:56 | 000,009,640 | ---- | M] () -- C:\Windows\System32\MyOSProtect.ini
[2014.10.09 21:16:56 | 000,002,272 | ---- | M] () -- C:\Windows\System32\MyOSProtectOff.ini
[2014.10.09 21:15:25 | 001,981,864 | ---- | M] (HQCinemaV09.10) -- C:\Users\Bomo\AppData\Roaming\AUACMKM.exe
[2014.10.07 04:04:46 | 000,331,448 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll
[2014.09.29 02:41:36 | 002,379,264 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys
[2014.09.26 00:46:42 | 000,365,056 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll
[2014.09.26 00:46:39 | 000,243,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll
[2014.09.26 00:32:04 | 002,017,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl
[2014.09.24 15:32:05 | 000,701,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe
[2014.09.24 15:32:05 | 000,071,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl
[2014.09.22 14:58:00 | 000,016,316 | ---- | M] () -- C:\Users\Bomo\Desktop\Kilian NFL.ods
[2014.09.19 03:25:12 | 004,201,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll
[2014.09.19 03:14:57 | 002,724,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb
[2014.09.19 03:14:44 | 000,004,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollectorres.dll
[2014.09.19 03:01:47 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll
[2014.09.19 03:01:03 | 000,051,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwproxystub.dll
[2014.09.19 02:59:40 | 000,061,952 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MshtmlDac.dll
[2014.09.19 02:54:36 | 000,043,008 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll
[2014.09.19 02:53:52 | 000,032,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll
[2014.09.19 02:51:24 | 000,440,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll
[2014.09.19 02:50:16 | 000,112,128 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe
[2014.09.19 02:50:15 | 000,108,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieetwcollector.exe
[2014.09.19 02:49:31 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\jscript9diag.dll
[2014.09.19 02:44:23 | 000,646,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe
[2014.09.19 02:36:23 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\JavaScriptCollectionAgent.dll
[2014.09.19 02:32:50 | 000,164,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll
[2014.09.19 02:20:38 | 000,607,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll
[2014.09.19 02:20:00 | 000,677,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe
[2014.09.19 02:18:55 | 001,068,032 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll
[2014.09.19 01:52:24 | 000,678,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll
[2014.09.18 14:37:15 | 000,001,013 | ---- | M] () -- C:\Users\Bomo\Desktop\Dropbox.lnk
[2014.09.18 14:37:00 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk
[2 C:\Program Files\*.tmp files -> C:\Program Files\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]

========== Files Created - No Company Name ==========

[2014.10.15 14:55:44 | 000,000,000 | ---- | C] () -- C:\asc_rdflag
[2014.10.11 14:50:17 | 000,000,969 | ---- | C] () -- C:\Users\Public\Desktop\Poursuivre l'installation de Reimage Repair .lnk
[2014.10.11 14:48:29 | 000,000,099 | ---- | C] () -- C:\Windows\Reimage.ini
[2014.10.11 11:11:08 | 000,001,082 | ---- | C] () -- C:\Users\Bomo\Application Data\Microsoft\Internet Explorer\Quick Launch\dradio-Recorder.lnk
[2014.10.11 11:11:08 | 000,001,058 | ---- | C] () -- C:\Users\Bomo\Desktop\dradio-Recorder.lnk
[2014.10.09 21:25:24 | 000,001,087 | ---- | C] () -- C:\Users\Bomo\Desktop\Continue Live Installation.lnk
[2014.10.09 21:16:50 | 000,020,480 | ---- | C] () -- C:\Windows\System32\drivers\pcwatch.sys
[2014.10.09 21:16:45 | 000,009,640 | ---- | C] () -- C:\Windows\System32\MyOSProtect.ini
[2014.10.09 21:16:45 | 000,002,272 | ---- | C] () -- C:\Windows\System32\MyOSProtectOff.ini
[2014.05.25 15:26:54 | 000,000,322 | ---- | C] () -- C:\Users\Bomo\AppData\Roaming\aps.uninstall.scan.results
[2014.05.09 17:27:01 | 000,000,119 | ---- | C] () -- C:\Users\Bomo\AppData\Roaming\WB.CFG
[2013.10.06 21:09:06 | 000,008,192 | ---- | C] () -- C:\Users\Bomo\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.09.10 17:16:50 | 000,678,682 | ---- | C] () -- C:\Windows\System32\unins000.exe
[2013.09.10 17:16:50 | 000,090,112 | ---- | C] () -- C:\Windows\System32\Chily_SR_Uninstall.exe
[2013.09.10 17:16:50 | 000,002,471 | ---- | C] () -- C:\Windows\System32\unins000.dat
[2012.12.15 14:50:09 | 000,033,134 | ---- | C] () -- C:\Users\Bomo\AppData\Roaming\UserTile.png
[2012.06.24 16:18:23 | 000,007,598 | ---- | C] () -- C:\Users\Bomo\AppData\Local\Resmon.ResmonCfg

========== ZeroAccess Check ==========

[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2014.06.25 03:41:30 | 012,874,240 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013.10.21 09:27:02 | 102,118,912 | ---- | M] ()(C:\Windows\System32\???a) -- C:\Windows\System32\븂a
[2013.10.21 07:03:27 | 102,118,912 | ---- | C] ()(C:\Windows\System32\???a) -- C:\Windows\System32\븂a
[2013.10.20 14:43:30 | 102,034,533 | ---- | M] ()(C:\Windows\System32\???Y) -- C:\Windows\System32\౓鏿Y
[2013.10.20 14:43:30 | 102,034,533 | ---- | C] ()(C:\Windows\System32\???Y) -- C:\Windows\System32\౓鏿Y
[2013.10.11 18:22:08 | 100,511,085 | ---- | M] ()(C:\Windows\System32\???_) -- C:\Windows\System32\穛划_
[2013.10.11 06:22:27 | 100,511,085 | ---- | C] ()(C:\Windows\System32\???_) -- C:\Windows\System32\穛划_
[2013.10.04 15:29:57 | 099,209,434 | ---- | M] ()(C:\Windows\System32\???`) -- C:\Windows\System32\묌堽`
[2013.10.04 15:29:57 | 099,209,434 | ---- | C] ()(C:\Windows\System32\???`) -- C:\Windows\System32\묌堽`
[2013.10.04 09:29:56 | 099,176,917 | ---- | M] ()(C:\Windows\System32\???c) -- C:\Windows\System32\挋斻c
[2013.10.04 09:29:56 | 099,176,917 | ---- | C] ()(C:\Windows\System32\???c) -- C:\Windows\System32\挋斻c
[2013.10.03 16:08:11 | 099,102,760 | ---- | M] ()(C:\Windows\System32\???m) -- C:\Windows\System32\阨m
[2013.10.03 10:08:15 | 099,102,760 | ---- | C] ()(C:\Windows\System32\???m) -- C:\Windows\System32\阨m

========== Alternate Data Streams ==========

@Alternate Data Stream - 688 bytes -> C:\Users\Bomo\Documents\lettre à la banque.eml:OECustomProperty

< End of report >

Alt 15.10.2014, 21:15   #2
schrauber
/// the machine
/// TB-Ausbilder
 
Trojaner Dropper.gen - womöglich aber noch mehr als das - Standard

Trojaner Dropper.gen - womöglich aber noch mehr als das


hi,

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.




Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop: FRST Download FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
  • Starte jetzt FRST.
  • Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
  • Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
  • Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

__________________

__________________
Antwort

Themen zu Trojaner Dropper.gen - womöglich aber noch mehr als das
antivir, avg, avira, bho, bonjour, browser, canon, defender, desktop, dropper.gen, error, firefox, flash player, format, helper, home, homepage, installation, launch, logfile, lookthisup, mozilla, quick_start, realtek, registry, reimage, reimage repair, scan, software, trojaner, windows, windowsprotectmanger


« Internet Problem trotz Lan-Verbindung | Malwarebytes findet PUP.Optional.Koyote und PUP.Optional.OpenCandy »


Ähnliche Themen: Trojaner Dropper.gen - womöglich aber noch mehr als das


  1. GVU Trojaner (Rechner läuft aber noch)
    Plagegeister aller Art und deren Bekämpfung - 19.06.2013 (29)
  2. trojaner entdeckt aber nicht mehr sicher ob er noch da ist
    Log-Analyse und Auswertung - 14.01.2013 (38)
  3. VGU Trojaner gelöscht, aber noch Fehlermeldung!
    Log-Analyse und Auswertung - 03.01.2013 (16)
  4. Womöglich Trojaner auf PC
    Plagegeister aller Art und deren Bekämpfung - 22.10.2012 (7)
  5. HIJACK - auf NETBOOK - und noch - oder nicht mehr? - Habe bereits viele Scans aber kaum Aufzeichnung
    Log-Analyse und Auswertung - 11.07.2012 (29)
  6. GVU-Trojaner blockiert zwar nichts mehr, aber ist bestimmt noch auf dem PC
    Plagegeister aller Art und deren Bekämpfung - 04.07.2012 (1)
  7. C: ist noch da - hat aber keine inhalte mehr ?
    Log-Analyse und Auswertung - 13.04.2011 (1)
  8. Trojaner gelöscht aber PC hängt noch
    Diskussionsforum - 11.09.2010 (1)
  9. Antimalware Doctor entfernt (XP) - aber Windows-Login nicht mehr möglich (gibt es noch Hoffnung?)
    Plagegeister aller Art und deren Bekämpfung - 22.08.2010 (2)
  10. Trojaner, Dropper; Malware gelöscht, aber auch sicher?
    Plagegeister aller Art und deren Bekämpfung - 27.07.2010 (3)
  11. Habe ich den Trojaner TR/Dropper.Gen noch drauf?
    Log-Analyse und Auswertung - 01.03.2010 (1)
  12. Trojaner TR/Dropper.Gen noch auf system vorhanden?
    Log-Analyse und Auswertung - 11.12.2009 (0)
  13. lsp.dll gelöscht, aber Trojaner noch da...
    Log-Analyse und Auswertung - 05.09.2009 (14)
  14. Trojaner: neutralisiert aber trotzdem noch da?
    Plagegeister aller Art und deren Bekämpfung - 09.06.2009 (1)
  15. Trojaner HotKeysHook gefunden, ich glaub aber es ist noch mehr
    Plagegeister aller Art und deren Bekämpfung - 30.10.2007 (1)
  16. Smitfraud ist weg aber hab noch mehr Ungeziefer
    Plagegeister aller Art und deren Bekämpfung - 17.11.2005 (5)
  17. TR/dldr.small.or weg, aber da ist noch mehr, oder?
    Log-Analyse und Auswertung - 02.12.2004 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner Dropper.gen - womöglich aber noch mehr als das - Hallo und guten Abend allerseits, ich bin seit Tagen verzweifelt durch diesen "dropper". Begonnen hat das ganze, indem sich bei jedem der Browser, Mozilla, Explorer und auch Opera beim Öffnen - Trojaner Dropper.gen - womöglich aber noch mehr als das...
Archiv
Du betrachtest: Trojaner Dropper.gen - womöglich aber noch mehr als das auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19