Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML

Antwort
Alt 08.01.2012, 09:17   #1
NoOneSF
 
Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? - Standard

Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?



Hallo,
ich bin es schon wieder mit einem neuen Thema! Nachdem ich in einem anderen Thread wie berichtet bei einem Freund am PC die Probleme festgestellt habe, habe ich nur mal so die CB Notfall Live-CD bei mir mal drüber laufen lassen, mit dem Ergebniss das ich wohl auch Viren und Trojaner auf dem Rechner habe und zwar 39 Stück. Ich lies noch eine Anti-Bot-Live-CD rödeln, die kam auf eine Ergebniss von 6 unter anderem der oben erwähnte Java/Agent.EX. Habe dann wie hier beschreiben defogger und OTL ausgeführt. OTL siehe hier:
Code:
ATTFilter
 OTL logfile created on: 06.01.2012 22:22:56 - Run 1
OTL by OldTimer - Version 3.2.31.0     Folder = C:\Users\AdminSF\Desktop\Trojanboard
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 2,15 Gb Available Physical Memory | 53,87% Memory free
7,99 Gb Paging File | 6,25 Gb Available in Paging File | 78,18% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 249,25 Gb Total Space | 136,65 Gb Free Space | 54,83% Space Free | Partition Type: NTFS
Drive D: | 382,18 Gb Total Space | 272,63 Gb Free Space | 71,34% Space Free | Partition Type: NTFS
Drive E: | 174,22 Gb Total Space | 96,45 Gb Free Space | 55,36% Space Free | Partition Type: NTFS
Drive F: | 600,09 Gb Total Space | 328,47 Gb Free Space | 54,74% Space Free | Partition Type: NTFS
Drive G: | 331,42 Gb Total Space | 249,21 Gb Free Space | 75,20% Space Free | Partition Type: NTFS
 
Computer Name: ADMINSF-PC | User Name: AdminSF | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.01.06 22:16:08 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\AdminSF\Desktop\Trojanboard\OTL.exe
PRC - [2011.11.11 18:18:24 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2011.04.29 23:32:50 | 000,284,440 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2011.03.28 11:40:56 | 001,611,160 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE
PRC - [2011.03.07 13:33:34 | 000,591,272 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\Solution Menu EX\CNSEUPDT.EXE
PRC - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe
PRC - [2008.04.21 22:27:06 | 000,498,952 | ---- | M] () -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.12.31 12:45:06 | 011,833,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\b41e38edbd6dfe20997f6ea7c080aceb\System.Web.ni.dll
MOD - [2011.12.31 12:44:58 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\b559a471eef00081f0b5c2719d1d9623\System.Runtime.Remoting.ni.dll
MOD - [2011.10.12 21:36:11 | 000,492,544 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\e8339b699235ebf2f904ccb8383de342\IAStorUtil.ni.dll
MOD - [2011.10.12 21:36:11 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\33cecc66284ef59208b639ec72b0f565\IAStorCommon.ni.dll
MOD - [2011.10.12 19:57:18 | 012,433,408 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6e592e424a204aafeadbe22b6b31b9db\System.Windows.Forms.ni.dll
MOD - [2011.10.12 19:57:09 | 001,587,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\3b2cfd85528a27eb71dc41d8067359a1\System.Drawing.ni.dll
MOD - [2011.10.12 19:56:47 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d7a64c28cf0c90e6c48af4f7d6f9ed41\WindowsBase.ni.dll
MOD - [2011.10.12 19:56:23 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\130ad4d9719e566ca933ac7158a04203\System.Xml.ni.dll
MOD - [2011.10.12 19:56:16 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\2d5bcbeb9475ef62189f605bcca1cec6\System.Configuration.ni.dll
MOD - [2011.10.12 19:56:12 | 007,963,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\abab08afa60a6f06bdde0fcc9649c379\System.ni.dll
MOD - [2011.10.12 19:56:03 | 011,490,304 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\a1a82db68b3badc7c27ea1f6579d22c5\mscorlib.ni.dll
MOD - [2011.09.27 06:23:00 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.09.27 06:22:40 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2009.07.14 18:58:10 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2011.07.05 07:22:15 | 000,161,112 | ---- | M] (BullGuard Ltd.) [On_Demand | Stopped] -- C:\Program Files\BullGuard Ltd\BullGuard\Support\BgRaSvc.exe -- (BgRaSvc)
SRV:64bit: - [2010.09.30 15:58:08 | 000,036,160 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysNative\uxtuneup.dll -- (UxTuneUp)
SRV - [2011.12.19 13:07:15 | 000,425,304 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan)
SRV - [2011.12.19 13:07:15 | 000,383,320 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan)
SRV - [2011.12.19 13:07:15 | 000,260,440 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy)
SRV - [2011.12.19 13:04:12 | 000,397,656 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate)
SRV - [2011.11.09 20:06:20 | 000,709,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire)
SRV - [2011.11.09 20:06:20 | 000,341,848 | ---- | M] (BullGuard Ltd.) [On_Demand | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner)
SRV - [2011.08.03 12:50:00 | 002,255,464 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2011.08.03 02:31:42 | 000,379,496 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2011.07.05 07:22:15 | 000,087,896 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBrowser.dll -- (BsBrowser)
SRV - [2011.07.05 07:22:12 | 000,261,976 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain)
SRV - [2011.07.04 12:10:42 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.04.29 23:32:54 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R)
SRV - [2010.10.30 10:35:37 | 000,607,040 | ---- | M] (TuneUp Software) [On_Demand | Stopped] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpDefragService.exe -- (TuneUp.Defrag)
SRV - [2010.09.30 16:03:04 | 001,403,200 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2010.09.30 15:58:02 | 000,030,016 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Windows\SysWOW64\uxtuneup.dll -- (UxTuneUp)
SRV - [2010.04.09 18:15:27 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.09.06 05:06:20 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Adobe\Elements Organizer 8.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor8.0)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.04.21 22:27:06 | 000,498,952 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Fomatik\TrueImageTryStartService.exe -- (TryAndDecideService)
SRV - [2008.04.20 23:07:54 | 000,605,464 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)
SRV - [2007.05.31 09:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 09:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2011.12.15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\keyscrambler.sys -- (KeyScrambler)
DRV:64bit: - [2011.11.12 18:58:49 | 000,230,864 | ---- | M] (TrueCrypt Foundation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\truecrypt.sys -- (truecrypt)
DRV:64bit: - [2011.08.01 14:59:06 | 000,045,416 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\point64.sys -- (Point64)
DRV:64bit: - [2011.05.18 07:08:32 | 000,047,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dc3d.sys -- (dc3d)
DRV:64bit: - [2011.05.10 07:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.05.02 11:57:19 | 000,255,560 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\NSKernel.sys -- (NovaShieldFilterDriver)
DRV:64bit: - [2011.05.02 11:57:19 | 000,025,160 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\NSNetmon.sys -- (NovaShieldTDIDriver)
DRV:64bit: - [2011.04.26 10:07:36 | 000,557,848 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2011.04.10 10:41:26 | 000,066,272 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\BdSpy.sys -- (BdSpy)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.09 17:02:46 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc)
DRV:64bit: - [2011.03.09 17:02:46 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt)
DRV:64bit: - [2011.03.04 20:44:12 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2011.02.26 23:54:58 | 000,284,232 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Trufos.sys -- (Trufos)
DRV:64bit: - [2011.01.24 21:42:11 | 000,424,040 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AfwCore.sys -- (afwcore)
DRV:64bit: - [2011.01.24 21:42:11 | 000,039,528 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\Afw.sys -- (AFW)
DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.04.02 13:51:44 | 000,711,712 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\timntr.sys -- (timounter)
DRV:64bit: - [2010.04.02 13:51:44 | 000,081,952 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\tifsfilt.sys -- (tifsfilter)
DRV:64bit: - [2010.04.02 13:51:42 | 000,235,040 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\snapman.sys -- (snapman)
DRV:64bit: - [2010.04.02 13:51:41 | 000,593,952 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\tdrpman.sys -- (tdrpman)
DRV:64bit: - [2010.03.18 17:45:55 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD)
DRV:64bit: - [2010.03.14 14:32:28 | 000,082,816 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\pcouffin.sys -- (pcouffin)
DRV:64bit: - [2010.02.25 16:51:02 | 000,029,696 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tap0901.sys -- (tap0901)
DRV:64bit: - [2010.01.01 18:20:28 | 000,034,472 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO)
DRV:64bit: - [2009.12.30 11:21:26 | 000,031,800 | ---- | M] (VS Revo Group) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\revoflt.sys -- (Revoflt)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 01:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 01:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 01:09:50 | 000,019,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usb8023x.sys -- (usb_rndisx)
DRV:64bit: - [2009.06.23 09:38:20 | 003,531,136 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.06.10 21:35:36 | 000,867,328 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netr28ux.sys -- (netr28ux)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2009.04.08 13:26:16 | 000,037,392 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\hotcore3.sys -- (hotcore3)
DRV:64bit: - [2009.01.13 14:08:36 | 000,068,776 | ---- | M] (Sony Ericsson) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SE1008mdm_x64.sys -- (SE1008mdm)
DRV:64bit: - [2007.04.23 15:54:40 | 000,126,216 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mgmt.sys -- (s115mgmt) Sony Ericsson Device 115 USB WMC Device Management Drivers (WDM)
DRV:64bit: - [2007.04.23 15:54:40 | 000,123,656 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115obex.sys -- (s115obex)
DRV:64bit: - [2007.04.23 15:54:38 | 000,144,648 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdm.sys -- (s115mdm)
DRV:64bit: - [2007.04.23 15:54:36 | 000,019,720 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115mdfl.sys -- (s115mdfl)
DRV:64bit: - [2007.04.23 15:54:32 | 000,108,296 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s115bus.sys -- (s115bus) Sony Ericsson Device 115 driver (WDM)
DRV - [2010.03.18 17:45:55 | 000,121,280 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2009.10.14 07:24:44 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2010\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2009.09.01 16:59:44 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/03/14 11:53:22] [Kernel | Auto | Running] -- C:\Program Files (x86)\HomeCinema\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 92 F7 17 78 A6 72 CC 01  [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultthis.engineName: "Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.t-online.de"
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5
FF - prefs.js..extensions.enabledItems: antiphishing@bullguard:1.0
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:2.0.2
FF - prefs.js..extensions.enabledItems: keyscrambler@qfx.software.corporation:2.7.1.0
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:3.0.0.2
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.4
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: nasanightlaunch@example.com:0.6.20101009
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Antiphishing\FF\antiphishing@bullguard\ [2012.01.06 21:31:34 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.11.10 19:38:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011.10.14 02:38:25 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\files32\backup\thunderbirdbkplugin [2010.03.10 20:46:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Files32\Spamfilter\TbSpamfilter [2011.01.24 21:44:40 | 000,000,000 | ---D | M]
 
[2010.03.10 19:22:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AdminSF\AppData\Roaming\mozilla\Extensions
[2012.01.06 01:12:48 | 000,000,000 | ---D | M] (No name found) -- C:\Users\AdminSF\AppData\Roaming\mozilla\Firefox\Profiles\3gx19c4a.default\extensions
[2011.02.04 18:47:47 | 000,000,000 | ---D | M] (PDF Download) -- C:\Users\AdminSF\AppData\Roaming\mozilla\Firefox\Profiles\3gx19c4a.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2011.11.15 20:25:26 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\AdminSF\AppData\Roaming\mozilla\Firefox\Profiles\3gx19c4a.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011.12.23 19:02:56 | 000,000,000 | ---D | M] (KeyScrambler) -- C:\Users\AdminSF\AppData\Roaming\mozilla\Firefox\Profiles\3gx19c4a.default\extensions\keyscrambler@qfx.software.corporation
[2010.08.22 15:12:28 | 000,000,873 | ---- | M] () -- C:\Users\AdminSF\AppData\Roaming\Mozilla\Firefox\Profiles\3gx19c4a.default\searchplugins\conduit.xml
[2011.10.20 21:15:37 | 000,002,492 | ---- | M] () -- C:\Users\AdminSF\AppData\Roaming\Mozilla\Firefox\Profiles\3gx19c4a.default\searchplugins\ixquick-https.xml
[2011.11.10 19:38:35 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2011.10.24 13:38:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}
() (No name found) -- C:\USERS\ADMINSF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GX19C4A.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
() (No name found) -- C:\USERS\ADMINSF\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3GX19C4A.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI
[2011.11.10 19:38:32 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2011.10.03 04:06:04 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll
[2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2011.10.10 08:07:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.10.10 08:07:27 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2011.10.10 08:07:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2011.10.10 08:07:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.10.10 08:07:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2011.10.10 08:07:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O2:64bit: - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O2 - BHO: (KeyScramblerBHO Class) - {2B9F5787-88A5-4945-90E7-C4B18563BC5E} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (BGAntiphishingBHO Class) - {FC872B94-35E3-4B94-B028-184A2A1C7CCE} - C:\Programme\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BGAntiphishingIEBHO.dll (BullGuard Ltd.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4:64bit: - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\bullguard.exe (BullGuard Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft IntelliPoint\ipoint.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogOff =  [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableLockWorkstation = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoClose = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableChangePassword = 0
O8:64bit: - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\AdminSF\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8:64bit: - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\AdminSF\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: add to &BOM - C:\\PROGRA~2\\BIET-O~1\\\\AddToBOM.hta ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\AdminSF\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\AdminSF\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9:64bit: - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9:64bit: - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Files32\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.)
O9 - Extra 'Tools' menuitem : &KeyScrambler Options - {5C106A59-CC3C-4caa-81A4-6D909B5ACE23} - C:\Program Files (x86)\KeyScrambler\KeyScramblerIE.dll (QFX Software Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.235.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{01A70D7F-E5E7-443D-ACC9-601CC153F0CF}: DhcpNameServer = 192.168.235.1
O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) -C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O30:64bit: - LSA: Authentication Packages - (relog_ap) - C:\Windows\SysNative\relog_ap.dll (Acronis)
O30 - LSA: Authentication Packages - (relog_ap) -C:\Windows\SysWow64\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{ae3e015b-89ab-11df-901f-001b21042b85}\Shell - "" = AutoRun
O33 - MountPoints2\{ae3e015b-89ab-11df-901f-001b21042b85}\Shell\AutoRun\command - "" = L:\DPFMate.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {015E0B90-B7FE-C79F-175A-60DA9BA8D145} - .NET Framework
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10880D85-AAD9-4558-ABDC-2AB1552D831F} - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe"
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E3507E1E-3045-B2D5-231C-69BC5A832636} - Microsoft Windows Media Player
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software)
 
MsConfig:64bit - StartUpReg: snp2uvc - hkey= - key= - C:\Windows\vsnp2uvc.exe (Sonix)
MsConfig:64bit - State: "startup" - Reg Error: Key error.
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.01.06 22:12:39 | 000,000,000 | ---D | C] -- C:\Users\AdminSF\Desktop\Trojanboard
[2012.01.06 22:09:10 | 000,000,000 | ---D | C] -- C:\AVZ
[2012.01.06 21:31:34 | 000,109,912 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll.PendingUpdate
[2012.01.06 21:31:34 | 000,100,184 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll.PendingUpdate
[2011.12.24 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\AdminSF\Documents\eBooks Focus Cb etc
[2011.12.23 22:39:06 | 000,000,000 | ---D | C] -- C:\Users\AdminSF\Documents\Kalender2012.el6.Data
[2011.12.19 13:07:19 | 000,098,648 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2011.12.19 13:07:19 | 000,082,776 | ---- | C] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2011.12.15 19:15:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
[2011.12.15 19:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011.12.15 19:15:05 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011.12.15 19:15:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes
[2011.02.02 00:55:28 | 000,241,664 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnp2uvc.dll
[2010.03.14 14:32:28 | 000,082,816 | ---- | C] (VSO Software) -- C:\Users\AdminSF\AppData\Roaming\pcouffin.sys
[1 C:\Users\AdminSF\Documents\*.tmp files -> C:\Users\AdminSF\Documents\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.01.06 22:18:51 | 000,000,000 | ---- | M] () -- C:\Users\AdminSF\defogger_reenable
[2012.01.06 21:38:14 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.01.06 21:35:09 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 21:35:09 | 000,015,760 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.01.06 21:32:06 | 001,507,342 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.01.06 21:32:06 | 000,657,660 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.01.06 21:32:06 | 000,618,936 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.01.06 21:32:06 | 000,131,032 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.01.06 21:32:06 | 000,107,256 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.01.06 21:31:17 | 000,109,912 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BgGamingMonitor.dll.PendingUpdate
[2012.01.06 21:31:16 | 000,100,184 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BgGamingMonitor.dll.PendingUpdate
[2012.01.06 21:28:08 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.01.06 21:27:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.01.06 21:27:44 | 3219,787,776 | -HS- | M] () -- C:\hiberfil.sys
[2011.12.31 13:46:54 | 000,001,945 | ---- | M] () -- C:\Users\AdminSF\Desktop\DreamBoxEdit.lnk
[2011.12.25 10:40:07 | 000,001,185 | ---- | M] () -- C:\Users\AdminSF\AppData\Roaming\vso_ts_preview.xml
[2011.12.23 22:39:06 | 000,135,088 | ---- | M] () -- C:\Users\AdminSF\Documents\Kalender2012.el6
[2011.12.19 13:07:16 | 000,098,648 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysNative\BGLsp.dll
[2011.12.19 13:07:16 | 000,082,776 | ---- | M] (BullGuard Ltd.) -- C:\Windows\SysWow64\BGLsp.dll
[2011.12.15 19:15:57 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.15 08:26:24 | 000,452,424 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2011.12.15 01:46:42 | 000,222,904 | ---- | M] (QFX Software Corporation) -- C:\Windows\SysNative\drivers\keyscrambler.sys
[2011.12.14 09:01:29 | 004,566,424 | ---- | M] () -- C:\Users\AdminSF\Documents\A9R456B.pdf
[1 C:\Users\AdminSF\Documents\*.tmp files -> C:\Users\AdminSF\Documents\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.01.06 22:18:51 | 000,000,000 | ---- | C] () -- C:\Users\AdminSF\defogger_reenable
[2011.12.23 22:39:06 | 000,135,088 | ---- | C] () -- C:\Users\AdminSF\Documents\Kalender2012.el6
[2011.12.15 19:15:57 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk
[2011.12.14 09:01:29 | 004,566,424 | ---- | C] () -- C:\Users\AdminSF\Documents\A9R456B.pdf
[2011.11.01 15:37:33 | 000,000,600 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\winscp.rnd
[2011.08.03 02:31:54 | 000,311,912 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe
[2011.02.02 00:55:26 | 000,015,497 | ---- | C] () -- C:\Windows\snp2uvc.ini
[2011.02.02 00:55:25 | 000,172,103 | ---- | C] () -- C:\Windows\BM.exe
[2011.01.19 17:51:59 | 000,000,245 | ---- | C] () -- C:\Windows\BUHL.INI
[2011.01.19 17:42:17 | 000,000,076 | ---- | C] () -- C:\Windows\wiso.ini
[2010.12.24 14:10:18 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2010.04.09 19:27:12 | 000,041,984 | ---- | C] () -- C:\Users\AdminSF\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010.04.08 17:15:31 | 000,040,418 | ---- | C] () -- C:\Windows\SysWow64\uninstall.exe
[2010.03.24 07:35:02 | 000,000,183 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\default.rss
[2010.03.23 21:21:44 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010.03.21 18:15:42 | 000,000,039 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.03.20 17:36:52 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2010.03.14 14:33:10 | 000,001,185 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\vso_ts_preview.xml
[2010.03.14 14:32:28 | 000,099,384 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\inst.exe
[2010.03.14 14:32:28 | 000,007,859 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\pcouffin.cat
[2010.03.14 14:32:28 | 000,001,167 | ---- | C] () -- C:\Users\AdminSF\AppData\Roaming\pcouffin.inf
[2010.03.03 01:00:00 | 004,555,278 | ---- | C] () -- C:\Windows\SysWow64\libavcodec.dll
[2010.03.03 01:00:00 | 000,877,385 | ---- | C] () -- C:\Windows\SysWow64\ff_x264.dll
[2010.03.03 01:00:00 | 000,556,491 | ---- | C] () -- C:\Windows\SysWow64\libmplayer.dll
[2010.03.03 01:00:00 | 000,324,096 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll
[2010.03.03 01:00:00 | 000,248,320 | ---- | C] () -- C:\Windows\SysWow64\ff_kernelDeint.dll
[2010.03.03 01:00:00 | 000,216,576 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll
[2010.03.03 01:00:00 | 000,169,984 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll
[2010.03.03 01:00:00 | 000,151,552 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll
[2010.03.03 01:00:00 | 000,145,408 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll
[2010.03.03 01:00:00 | 000,121,856 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll
[2010.03.03 01:00:00 | 000,100,864 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll
[2010.03.03 01:00:00 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll
[2010.03.03 01:00:00 | 000,085,504 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2009.11.14 19:37:08 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll
[2009.11.14 19:33:40 | 000,357,888 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe
[2009.11.14 19:33:38 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll
[2009.11.14 19:11:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll
[2009.11.14 19:11:42 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll
[2009.11.14 19:11:42 | 000,062,976 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll
[2009.11.14 19:11:40 | 000,057,856 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll
[2009.11.14 19:11:40 | 000,050,688 | ---- | C] () -- C:\Windows\SysWow64\avi.dll
[2009.11.14 19:11:38 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll
[2009.11.14 19:11:36 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe
[2009.11.14 19:11:36 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe
[2009.11.14 19:11:32 | 000,045,568 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll
[2009.11.14 19:11:32 | 000,023,552 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll
[2009.08.11 22:21:26 | 000,087,552 | ---- | C] () -- C:\Windows\SysWow64\ac3config.exe
[2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat
[2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT
[2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat
[2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll
[2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat
[2009.01.10 23:15:44 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\mmfinfo.dll
[2007.10.13 10:30:20 | 000,000,137 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini
[2003.11.16 10:48:02 | 000,909,312 | ---- | C] () -- C:\Windows\SysWow64\vorbisenc.dll
[2003.11.16 10:48:00 | 001,060,864 | ---- | C] () -- C:\Windows\SysWow64\vorbis.dll
[2003.11.15 17:54:18 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\ogg.dll
[2002.10.06 23:42:58 | 000,237,568 | ---- | C] () -- C:\Windows\SysWow64\OggDS.dll
 
========== LOP Check ==========
 
[2011.07.30 21:25:36 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\.oit
[2011.06.07 15:23:01 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\.purple
[2011.10.12 20:50:55 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\Audacity
[2011.06.23 10:54:15 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\avidemux
[2011.12.05 19:10:37 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\BOM
[2011.01.24 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\BullGuard
[2011.11.21 18:55:50 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\Canon
[2010.04.12 09:44:32 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\CD-LabelPrint
[2010.04.08 17:15:57 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\CoreCodec
[2011.06.23 10:44:41 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\DVDVideoSoft
[2011.06.07 20:13:12 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\DVDVideoSoftIEHelpers
[2010.03.25 20:56:17 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\FRITZ!
[2010.07.30 18:50:05 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\GHISLER
[2010.09.03 23:10:22 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\gtk-2.0
[2010.05.06 09:59:37 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\ImgBurn
[2010.04.02 10:58:56 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\IrfanView
[2010.03.23 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\mkvtoolnix
[2010.03.11 21:34:33 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\OpenOffice.org
[2011.05.21 12:06:28 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\QFX Software
[2011.04.10 14:42:02 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\S.A.D
[2011.01.24 21:52:01 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\Software Inspection Library
[2011.05.21 23:17:05 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\Sony
[2011.11.12 19:01:15 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\TrueCrypt
[2010.03.10 20:34:28 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\TuneUp Software
[2011.12.25 10:40:07 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\Vso
[2011.09.16 09:34:12 | 000,000,000 | ---D | M] -- C:\Users\AdminSF\AppData\Roaming\XMedia Recode
[2011.10.13 21:45:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
 
< %SYSTEMDRIVE%\*. >
[2010.07.12 21:42:26 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.01.06 22:09:18 | 000,000,000 | ---D | M] -- C:\AVZ
[2010.07.11 09:58:42 | 000,000,000 | ---D | M] -- C:\BM2005
[2011.11.10 18:23:43 | 000,000,000 | -HSD | M] -- C:\Boot
[2010.03.12 14:09:28 | 000,000,000 | -H-D | M] -- C:\CanoScan
[2011.12.31 12:44:30 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.03.10 17:09:31 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2010.03.10 17:11:54 | 000,000,000 | ---D | M] -- C:\Intel
[2011.10.13 19:44:59 | 000,000,000 | ---D | M] -- C:\Medion
[2010.03.11 20:29:13 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2011.08.07 13:55:57 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2011.12.15 19:15:06 | 000,000,000 | R--D | M] -- C:\Program Files
[2011.12.15 19:15:05 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2011.12.02 19:09:20 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2010.03.10 17:09:31 | 000,000,000 | -HSD | M] -- C:\Programme
[2010.03.10 17:09:31 | 000,000,000 | -HSD | M] -- C:\Recovery
[2012.01.06 22:26:14 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2010.07.30 18:49:33 | 000,000,000 | ---D | M] -- C:\totalcmd
[2011.09.07 18:42:53 | 000,000,000 | R--D | M] -- C:\Users
[2012.01.06 22:18:15 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %systemroot%\system32\*.manifest /3 >
 
 
< MD5 for: AFD.SYS  >
[2011.04.25 03:44:02 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=6EF20DDF3172E97D69F596FB90602F29 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16802_none_3430bc3977dfec2d\afd.sys
[2009.07.14 00:21:42 | 000,500,224 | ---- | M] (Microsoft Corporation) MD5=B9384E03479D2506BC924C16A3DB87BC -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.16385_none_33dd3439781e25f7\afd.sys
[2010.11.20 01:23:36 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=D31DC7A16DEA4A9BAF179F3D6FBDB38C -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17514_none_360e4801750ca991\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\SysNative\drivers\afd.sys
[2011.04.25 03:34:03 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=D5B031C308A409A0A576BFF4CF083D30 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.17603_none_3618198975057170\afd.sys
[2011.04.25 04:09:35 | 000,499,200 | ---- | M] (Microsoft Corporation) MD5=F4AD06143EAC303F55D0E86C40802976 -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7601.21712_none_3695e61e8e2c13d4\afd.sys
[2011.04.25 03:44:27 | 000,499,712 | ---- | M] (Microsoft Corporation) MD5=FBFF8B7C9D116229E9208A0D1CAEB49B -- C:\Windows\winsxs\amd64_microsoft-windows-winsock-core_31bf3856ad364e35_6.1.7600.20951_none_3483491e9126fe55\afd.sys
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe
[2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe
[2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe
[2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
[2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe
 
< MD5 for: REGEDIT.EXE  >
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=2E2C937846A0B8789E5E91739284D17A -- C:\Windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[2009.07.14 02:39:29 | 000,427,008 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\SysWOW64\regedit.exe
[2009.07.14 02:14:30 | 000,398,336 | ---- | M] (Microsoft Corporation) MD5=8A4883F5E7AC37444F23279239553878 -- C:\Windows\winsxs\wow64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5a78515e29ea6f39\regedit.exe
 
< MD5 for: USERINIT.EXE  >
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe
[2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
[2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe
[2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
 
< MD5 for: WININIT.EXE  >
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe
[2009.07.14 02:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe
[2009.07.14 02:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe
[2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe
[2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe
[2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe
[2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >
 
< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >
         
danach malwarebyte, siehe hier:
Code:
ATTFilter
 Malwarebytes Anti-Malware  (Test) 1.60.0.1800
www.malwarebytes.org

Datenbank Version: v2012.01.07.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
AdminSF :: ADMINSF-PC [Administrator]

Schutz: Aktiviert

07.01.2012 20:09:10
mbam-log-2012-01-07 (20-09-10).txt

Art des Suchlaufs: Vollständiger Suchlauf
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 530399
Laufzeit: 1 Stunde(n), 38 Minute(n), 27 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 1
C:\Program Files (x86)\HomeCinema\MediaShow4\subsys\BigBang\Runtime\MUITransfer\MUITransfer.dll (Trojan.Hiloti.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt.


(Ende)
         
und dann den eset online scan, siehe hier:
Code:
ATTFilter
ESETSmartInstaller@High as downloader log:
all ok
# version=7
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6583
# api_version=3.0.2
# EOSSerial=be70230f122acd42b03219a40f0e0138
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2012-01-08 04:10:24
# local_time=2012-01-08 05:10:24 (+0100, Mitteleuropäische Zeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=4609 16776573 60 61 83623 66054195 0 0
# compatibility_mode=5893 16776573 100 94 4220 77601259 0 0
# compatibility_mode=8192 67108863 100 0 3687 3687 0 0
# scanned=352393
# found=2
# cleaned=0
# scan_time=24415
C:\Users\AdminSF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\36e32e94-4626df28.vir	multiple threats (unable to clean)	00000000000000000000000000000000	I
C:\Users\AdminSF\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27\2c72a25b-1e72ecf8.vir	Java/TrojanDownloader.Agent.NBU trojan (unable to clean)	00000000000000000000000000000000	I
         
Ich hoffe es kann mir jemand weiterhelfen und bedanke mich schonmal vorab!
Als Anhang habe ich als zip,
1. den Log-Notfall-CD (damit fing es an)
2. rescue-system-scan von der Anti-Bot-CD
3. defogger-disable log
4. Extra.txt von OTL

Danke nochmal, bzw ist zwar off-topic aber wiese bezahle ich Geld für ein Internet-Security Programm und sowas schleicht sich doch auf den PC??? Bevor ich irgendwelche Dateien ausführe, lasse ich sie immer überprüfen?!
__________________
Don´t Panic!

Alt 09.01.2012, 12:28   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? - Standard

Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?



Also die meisten sehen eher nach Fehlalarmen aus. => PUA.Packed.ASPack FOUND
Wenn dann wird wohl was im JavaCache gewesen sein.

Zitat:
C:\Program Files (x86)\HomeCinema\MediaShow4\subsys\BigBang\Runtime\MUITransfer\MUITransfer.dll (Trojan.Hiloti.Gen)
MediaShow4 kommt aus welcher Quelle?

Zitat:
aber wiese bezahle ich Geld für ein Internet-Security Programm und sowas schleicht sich doch auf den PC???
Warum du das machst weiß ich auch nicht
Ich vermute: du glaubst ein Bezahl-Virenscanner findet alle (mehr?) Schädlinge als ein kostenloser?
Und vermutlich: kostenlose Virenscanner finden absichtlich nicht alle Schädlinge, damit die User zu Bezahlversionen greifen, letzenendes dort aber ebenfalls enttäuscht werden weil KEIN Virenscanner 100% Zuverlässigkeit/Erkennungsraten liefert?
__________________

__________________

Alt 09.01.2012, 21:28   #3
NoOneSF
 
Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? - Standard

Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?



Zitat:
Zitat von cosinus Beitrag anzeigen
Wenn dann wird wohl was im JavaCache gewesen sein.

MediaShow4 kommt aus welcher Quelle?
MediaShow kommt von dem Home Cinema Paket welches bei meinen Rechner von medion dabei war ist z.B. PowerDirector + Power DVD etc.

Ist der Mist im Java Cache jetzt weg? Bzw. kann ich die Files per Hand löschen, wenn Sie noch da sind!

Stimmt natürlich hab ich gedacht es wäre sicherer, 100% gibt es nicht ist schon klar, wäre auch zu schön!

btw mal ne andere Frage was solll ich denn von bullguard halten?! War bis jetzt eigentlich zufrieden!
__________________
__________________

Alt 09.01.2012, 22:32   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? - Standard

Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?



Im Prinzip ist es völlig egal welchen Virenscanner du verwendest. Wenn man sich falsch genug verhält wird man immer wieder Probleme mit Schädlingen haben. Ich hab zu Hause lange genug unter Windows gesurft (mittlerweile nutze ich fast nur noch Ubuntu) und nie Probleme mit Schädlingen gehabt, dabei keinen Virenscanner im Hintergrund.

Ob der Virenscanner von Avira, Microsoft, Kaspersky oder sonstwem kommt hängt vom persönlichen Geschmack und auch vom "Glauben" ab.
__________________
Logfiles bitte immer in CODE-Tags posten

Antwort

Themen zu Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?
adobe, autorun, bho, bonjour, canon, converter, cyberghost, dateisystem, defender, desktop, downloader, error, explorer, firefox, focus, format, geld, google earth, heuristiks/extra, heuristiks/shuriken, home, langs, launch, logfile, mp3, plug-in, realtek, registry, required, rundll, scan, senden, software, trojaner, version=1.0, viren, webcheck, windows



Ähnliche Themen: Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?


  1. mprD031.tmp (Trojan.Agent) und andere Viren gelöscht, was sollte ich jetzt machen?
    Plagegeister aller Art und deren Bekämpfung - 20.04.2013 (15)
  2. "Clickcompare" Virus trotz Schutzprogramm?
    Plagegeister aller Art und deren Bekämpfung - 21.01.2013 (41)
  3. Diverse Viren, Trojaner (u.a. Live Security Platinum), Laptop, XP, Malwarbytes
    Plagegeister aller Art und deren Bekämpfung - 14.07.2012 (3)
  4. Diverse Viren und Trojaner
    Plagegeister aller Art und deren Bekämpfung - 17.04.2012 (1)
  5. TR/Crypt.ULPM.Gen und andere diverse viren auf meinem pc was soll ich tun?
    Plagegeister aller Art und deren Bekämpfung - 11.04.2012 (1)
  6. Banker Trojaner und diverse andere Probleme
    Log-Analyse und Auswertung - 11.12.2011 (1)
  7. ADSPY/Agent.223744 + TR/Kazy.18548.1 + diverse andere Plagen
    Log-Analyse und Auswertung - 01.05.2011 (16)
  8. Fremdzugriff auf PC trotz Schutzprogramm?
    Plagegeister aller Art und deren Bekämpfung - 06.11.2010 (7)
  9. Diverse Viren auf Laptop: TR/Trash.Gen // TR/Spy.Agent.blbk // TR/Rootkit.Gen2'
    Mülltonne - 28.10.2010 (1)
  10. WORM/Agent.XO und diverse Trojaner
    Plagegeister aller Art und deren Bekämpfung - 22.02.2010 (1)
  11. Goldun und diverse andere Trojaner
    Plagegeister aller Art und deren Bekämpfung - 28.09.2009 (16)
  12. AntispyXP 2009 und diverse andere Viren ... jetzt virenfrei?
    Log-Analyse und Auswertung - 01.08.2009 (13)
  13. trojaner über studivz-nachricht erhalten, sowie diverse andere probleme
    Log-Analyse und Auswertung - 19.03.2009 (4)
  14. Trotz Sicherer Neuinstallation diverse Trojaner Meldungen
    Log-Analyse und Auswertung - 23.08.2007 (8)
  15. Diverse Viren / Trojaner entfernen
    Plagegeister aller Art und deren Bekämpfung - 28.07.2007 (1)
  16. Laptop saulangsam diverse Trojaner, Viren...
    Log-Analyse und Auswertung - 16.03.2007 (5)
  17. Diverse Viren und Trojaner
    Log-Analyse und Auswertung - 26.08.2006 (1)

Zum Thema Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? - Hallo, ich bin es schon wieder mit einem neuen Thema! Nachdem ich in einem anderen Thread wie berichtet bei einem Freund am PC die Probleme festgestellt habe, habe ich nur - Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm?...
Archiv
Du betrachtest: Trojaner JVA/Agent.EX & diverse andere Viren trotz Schutzprogramm? auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.