Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 18.10.2012, 18:36   #1
xx-Welli-xx
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Ein herzliches Hallo an das Trojaner-Board.
Ich hatte vor einigen Tagen die Meldung von Ad-Aware bekommen, dass ich eine gefährliche software auf meinem PC habe.
Ich habe dann Ad-Aware scannen lassen und am Ende des Scan´s wurde der PC neu gestartet. (bzw. wurde ich aufgefordert neu zu starten)
Die Meldung war jedoch immer noch da.
Anschließend habe ich mal meinen Antivir durchlaufen lassen.
Auch wieder neustart .... dann keine Meldung mehr durch Ad-Aware.
Habe dann ein wenig im Internet gesurft und gelesen.
Dabei viel mir auf, dass es vorkommen kann, dass das Virenprogramm die Fehlermeldung beseitigt jedoch der Virus/Trojaner... nach wie vor noch vorhanden ist.
Jetzt meine Frage an euch: Ist mein PC nun "sauber"?
Habe auf eurer Seite schon ein wenig gelesen und einige Schritte ausgeführt.
- Defogger geladen und ausgeführt
- OTL geladen und ausgeführt
- Malewarebytes geladen und ausgeführt
Anbei noch folgende Dateien:
-scan Ad-Aware
-scan Antivir
-defogger_disable
-OTL
-Extras
-mbsm-log

Die OTL Datei ist zu groß zum Anhängen darum kopiere ich den text einfach anschließend dran.

Hoffe ich mache das hir so richtig! Bin ein absoluter neuling.
Bedanke mich jetzt schon mal vorweg für eure Hilfe!


OTL:OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 17.10.2012 17:29:27 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Welli\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
7,99 Gb Total Physical Memory | 5,67 Gb Available Physical Memory | 70,90% Memory free
15,98 Gb Paging File | 13,68 Gb Available in Paging File | 85,60% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 111,79 Gb Total Space | 35,68 Gb Free Space | 31,92% Space Free | Partition Type: NTFS
Drive D: | 465,76 Gb Total Space | 138,08 Gb Free Space | 29,65% Space Free | Partition Type: NTFS
Drive E: | 465,66 Gb Total Space | 237,98 Gb Free Space | 51,11% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 326,21 Gb Free Space | 70,04% Space Free | Partition Type: NTFS
 
Computer Name: COOLMASTER | User Name: Welli | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.10.17 17:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Welli\Desktop\OTL.exe
PRC - [2012.09.20 17:51:24 | 001,737,728 | ---- | M] (Lavasoft Limited                                                  ) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe
PRC - [2012.09.20 17:51:24 | 001,191,768 | ---- | M] (Lavasoft Limited) -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWTray.exe
PRC - [2012.08.08 20:11:56 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.03.07 20:21:09 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
PRC - [2012.02.03 18:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe
PRC - [2012.02.03 18:50:16 | 000,943,504 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe
PRC - [2012.01.31 19:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\DeviceManager.exe
PRC - [2012.01.31 19:16:12 | 000,140,800 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\ConnectionManager.exe
PRC - [2012.01.07 19:52:37 | 000,076,888 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe
PRC - [2011.08.02 09:33:30 | 004,910,912 | ---- | M] (DT Soft Ltd) -- D:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe
PRC - [2011.03.14 10:22:06 | 002,125,472 | ---- | M] (Audible, Inc.) -- C:\Program Files (x86)\Audible\Bin\AudibleDownloadHelper.exe
PRC - [2011.01.15 17:48:44 | 000,452,016 | ---- | M] (CANON INC.) -- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe
PRC - [2009.08.20 21:31:56 | 007,256,576 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboV_EVO.exe
PRC - [2009.08.19 20:12:08 | 001,043,968 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\TurboV EVO\TurboVHelp.exe
PRC - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe
PRC - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) -- C:\ASUS.SYS\config\DVMExportService.exe
PRC - [2009.07.17 14:48:18 | 006,038,016 | ---- | M] () -- C:\Programme\ASUS\Six Engine\SixEngine.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.06.24 17:06:06 | 001,840,424 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe
PRC - [2008.04.28 16:49:36 | 000,253,952 | ---- | M] (PIXELA CORPORATION) -- C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\CameraMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.06.14 19:32:18 | 018,000,896 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\bcec0e7db1d027328cc8cd702185fa66\PresentationFramework.ni.dll
MOD - [2012.06.14 19:32:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b460188cf6862491550a006c3660e2e6\PresentationCore.ni.dll
MOD - [2012.06.14 19:32:05 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\c06946b464ae8dd22151e0a6f310c976\System.Windows.Forms.ni.dll
MOD - [2012.06.14 19:32:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\1d3c2d83da69c30ba8edf5cfea3c0057\WindowsBase.ni.dll
MOD - [2012.06.14 19:31:59 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\29e48cb144e24a7b4335d1360cc06642\System.Drawing.ni.dll
MOD - [2012.06.14 19:29:44 | 014,340,608 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\e717a230496832656b05b515eb9f3bc5\PresentationFramework.ni.dll
MOD - [2012.06.14 19:29:28 | 012,237,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\14a87218ea49639f38097e278b98a3da\PresentationCore.ni.dll
MOD - [2012.05.12 11:11:03 | 001,218,560 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Management\e72d56a0f58bcf95890614700f925609\System.Management.ni.dll
MOD - [2012.05.12 11:10:02 | 000,762,880 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\e5f1db35163684e821bca4a2fb0311b1\System.Runtime.Remoting.ni.dll
MOD - [2012.05.12 11:09:57 | 001,782,272 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\a181199f8dec15116e1c2eb4a79ec22b\System.Xaml.ni.dll
MOD - [2012.05.09 21:34:42 | 002,297,856 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Core\dfd33f59a5803a3c73cf408362e6e0b7\System.Core.ni.dll
MOD - [2012.05.09 18:24:34 | 000,368,128 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\8e56489276063ededde74e597a121df3\PresentationFramework.Aero.ni.dll
MOD - [2012.05.09 18:24:23 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012.05.09 18:24:23 | 000,628,224 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.EnterpriseSe#\168755d010e5a96ac940b0ddd27616a4\System.EnterpriseServices.ni.dll
MOD - [2012.05.09 18:24:22 | 006,611,456 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Data\f3814b488d9e083cbbc623e01b389f09\System.Data.ni.dll
MOD - [2012.05.09 18:24:22 | 000,627,200 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Transactions\80fae9f16f80075535e72458ef293f7a\System.Transactions.ni.dll
MOD - [2012.05.09 18:23:52 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012.05.09 18:23:48 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012.05.09 18:23:45 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012.05.09 18:23:45 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012.05.09 18:23:41 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2012.05.08 23:21:08 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\3263fe38362543170c1682381eeac25a\PresentationFramework.Aero.ni.dll
MOD - [2012.05.08 23:20:03 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\3e4f9b3b78f0f13b7469a14e69d756ef\System.Core.ni.dll
MOD - [2012.05.08 23:20:01 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\bd2433e160ce2f19acc8ebe10babae8d\System.Xml.ni.dll
MOD - [2012.05.08 23:19:58 | 009,091,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\9cf67ed1b743fbc3dd6b78fbc0595236\System.ni.dll
MOD - [2012.05.08 23:19:53 | 014,413,824 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\1bdf7de454340e0ea9fc455aeaec49d9\mscorlib.ni.dll
MOD - [2012.03.07 20:21:14 | 000,115,137 | ---- | M] () -- C:\Users\Welli\AppData\Local\Temp\85e80529-e4f2-4f39-a0f4-8e660bf7f00d\CliSecureRT.dll
MOD - [2012.03.07 20:21:09 | 000,021,416 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe
MOD - [2012.02.03 18:47:02 | 000,079,360 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.FileService.dll
MOD - [2012.02.01 18:20:44 | 013,673,984 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Theme\Kies.Theme.dll
MOD - [2012.02.01 18:20:26 | 000,440,832 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\UI\Kies.UI.dll
MOD - [2012.02.01 18:20:20 | 000,033,792 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.Common.DeviceServiceLib.Interface.dll
MOD - [2012.01.31 19:21:04 | 000,022,528 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\Common\Kies.MVVM.dll
MOD - [2012.01.31 19:16:14 | 000,839,680 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\System.Data.SQLite.dll
MOD - [2012.01.31 19:16:12 | 000,712,704 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\SHOWDRM_UCC.dll
MOD - [2012.01.31 19:16:10 | 000,237,568 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\DeviceModules\drmcm.dll
MOD - [2012.01.31 19:15:54 | 000,720,896 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\MediaModules\LDBCShConv.dll
MOD - [2011.05.26 13:42:00 | 000,067,872 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2010.11.13 01:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.11.05 03:58:05 | 002,927,616 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
MOD - [2009.07.17 14:48:18 | 006,038,016 | ---- | M] () -- C:\Programme\ASUS\Six Engine\SixEngine.exe
MOD - [2009.07.14 19:58:23 | 000,249,856 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll
MOD - [2009.07.14 19:58:15 | 000,167,936 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Xml.resources\2.0.0.0_de_b77a5c561934e089\System.Xml.resources.dll
MOD - [2009.07.14 19:58:15 | 000,049,152 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Configuration.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Configuration.resources.dll
MOD - [2009.06.10 23:23:19 | 000,261,632 | ---- | M] () -- C:\Windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
MOD - [2009.05.22 15:16:58 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\HookKey32.dll
MOD - [2009.04.22 21:20:00 | 000,179,712 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsusService.dll
MOD - [2009.04.20 14:55:34 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\pngio.dll
MOD - [2009.04.20 14:55:32 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2008.12.10 21:04:54 | 000,253,952 | ---- | M] () -- C:\Programme\ASUS\TurboV EVO\pngio.dll
MOD - [2008.04.18 11:40:14 | 000,364,544 | ---- | M] () -- C:\Program Files (x86)\PIXELA\ImageMixer 3 SE Ver.3\pxl_m17n_tool.dll
MOD - [2006.01.10 10:50:20 | 000,024,576 | R--- | M] () -- C:\Windows\SysWOW64\AsIO.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2012.04.06 04:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.10.14 17:14:02 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.20 17:51:24 | 001,737,728 | ---- | M] (Lavasoft Limited                                                  ) [Auto | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.07 19:52:37 | 000,076,888 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA)
SRV - [2011.12.23 17:15:12 | 000,419,624 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2010.12.11 18:07:11 | 000,867,080 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010.12.11 18:02:26 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64)
SRV - [2010.12.11 18:02:26 | 000,079,360 | ---- | M] (SolidWorks) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe -- (SolidWorks Licensing Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.15 07:51:14 | 000,087,336 | ---- | M] (Dassault Systèmes SolidWorks Corp.) [On_Demand | Stopped] -- F:\Program Files\SolidWorks Corp\SolidWorks\swScheduler\DTSCoordinatorService.exe -- (CoordinatorServiceHost)
SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Program Files (x86)\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.07.17 16:25:02 | 000,319,488 | -H-- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\ASUS.SYS\config\DVMExportService.exe -- (DvmMDES)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.14 08:12:30 | 000,096,896 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService)
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2012.04.06 07:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2012.04.06 03:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.12.08 06:22:36 | 000,172,104 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdm.sys -- (sscdmdm)
DRV:64bit: - [2011.12.08 06:22:36 | 000,136,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdbus.sys -- (sscdbus)
DRV:64bit: - [2011.12.08 06:22:36 | 000,019,016 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sscdmdfl.sys -- (sscdmdfl)
DRV:64bit: - [2011.12.08 06:22:28 | 000,177,640 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdm.sys -- (ssadmdm)
DRV:64bit: - [2011.12.08 06:22:28 | 000,157,672 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadbus.sys -- (ssadbus)
DRV:64bit: - [2011.12.08 06:22:28 | 000,016,872 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssadmdfl.sys -- (ssadmdfl)
DRV:64bit: - [2011.09.11 16:11:03 | 000,270,912 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.05.10 08:06:08 | 000,051,712 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.03 12:08:41 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2011.02.14 03:42:36 | 000,028,160 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64diag.sys -- (UsbDiag)
DRV:64bit: - [2011.02.14 03:42:30 | 000,034,816 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2011.02.14 03:42:28 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2011.01.27 20:18:32 | 000,069,120 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabser.sys -- (silabser)
DRV:64bit: - [2011.01.27 20:18:32 | 000,027,336 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\silabenm.sys -- (silabenm)
DRV:64bit: - [2010.12.23 18:35:02 | 000,034,304 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandmodem64.sys -- (ANDModem)
DRV:64bit: - [2010.12.23 18:35:02 | 000,027,136 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandgps64.sys -- (AndGps)
DRV:64bit: - [2010.12.23 18:35:00 | 000,027,648 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lganddiag64.sys -- (AndDiag)
DRV:64bit: - [2010.12.23 18:35:00 | 000,019,456 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgandbus64.sys -- (Andbus)
DRV:64bit: - [2010.11.21 14:56:56 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2010.11.21 14:56:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.07.29 01:25:10 | 000,029,720 | ---- | M] (Initio Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ivusb.sys -- (ivusb)
DRV:64bit: - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.28 01:57:20 | 000,016,200 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmVirHid.sys -- (WmVirHid)
DRV:64bit: - [2010.04.28 01:57:12 | 000,026,440 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmBEnum.sys -- (WmBEnum)
DRV:64bit: - [2010.04.27 23:03:12 | 000,077,512 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmXlCore.sys -- (WmXlCore)
DRV:64bit: - [2010.04.27 23:02:42 | 000,043,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WmFilter.sys -- (WmFilter)
DRV:64bit: - [2010.04.27 04:25:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdm.sys -- (ss_mdm)
DRV:64bit: - [2010.04.27 04:25:14 | 000,127,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bus.sys -- (ss_bus)
DRV:64bit: - [2010.04.27 04:25:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_mdfl.sys -- (ss_mdfl)
DRV:64bit: - [2009.09.29 09:15:02 | 000,016,384 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtpt64.sys -- (LgBttPort)
DRV:64bit: - [2009.09.29 09:15:00 | 000,017,408 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgvmdm64.sys -- (LGVMODEM)
DRV:64bit: - [2009.09.29 09:15:00 | 000,014,848 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lgbtbs64.sys -- (lgbusenum)
DRV:64bit: - [2009.09.02 11:29:06 | 000,626,688 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emOEM64.sys -- (USB28xxOEM)
DRV:64bit: - [2009.09.01 15:31:42 | 000,649,984 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emBDA64.sys -- (USB28xxBGA)
DRV:64bit: - [2009.07.18 07:18:48 | 000,109,480 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\jraid.sys -- (JRAID)
DRV:64bit: - [2009.07.16 05:38:40 | 000,015,416 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ASACPI.sys -- (MTsensor)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.10 05:07:02 | 001,222,144 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2011.03.03 12:08:42 | 000,017,152 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files (x86)\Lavasoft\Ad-Aware\KernExplorer64.sys -- (Lavasoft Kernexplorer)
DRV - [2010.06.14 10:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 03 23 03 C7 85 BA CC 01  [binary data]
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: ffxtlbra@softonic.com:1.5.1
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: F:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@esn.me/esnsonar,version=0.70.4: C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.104.0: C:\Program Files (x86)\Battlelog Web Plugins\1.104.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.122.0: C:\Program Files (x86)\Battlelog Web Plugins\1.122.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.138.0: C:\Program Files (x86)\Battlelog Web Plugins\1.138.0\npesnlaunch.dll (ESN Social Software AB)
FF - HKLM\Software\MozillaPlugins\@esn/esnlaunch,version=1.96.0: C:\Program Files (x86)\Battlelog Web Plugins\1.96.0\npesnlaunch.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKCU\Software\MozillaPlugins\ubisoft.com/uplaypc: C:\Program Files (x86)\Ubisoft\Ubisoft Game Launcher\npuplaypc.dll (Ubisoft)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 17:14:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 17:14:00 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.14 17:14:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.10.14 17:14:00 | 000,000,000 | ---D | M]
 
[2011.12.14 19:49:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Welli\AppData\Roaming\mozilla\Extensions
[2012.05.16 18:02:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Welli\AppData\Roaming\mozilla\Firefox\Profiles\r544ppnz.default\extensions
[2012.05.16 18:02:11 | 000,000,000 | ---D | M] (softonic.com) -- C:\Users\Welli\AppData\Roaming\mozilla\Firefox\Profiles\r544ppnz.default\extensions\ffxtlbra@softonic.com
[2012.10.14 17:14:00 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.14 17:14:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.10.14 17:14:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2012.10.14 17:14:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2009.10.14 18:21:24 | 000,155,648 | ---- | M] (Dassault Systèmes SolidWorks Corp.) -- C:\Program Files (x86)\mozilla firefox\plugins\npEModelPlugin.dll
[2012.04.07 12:46:35 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.09.07 19:49:22 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.04.07 12:46:35 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.04.07 12:46:35 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.04.07 12:46:35 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.04.07 12:46:35 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2011.06.22 18:25:02 | 000,435,366 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1    www.007guard.com
O1 - Hosts: 127.0.0.1    007guard.com
O1 - Hosts: 127.0.0.1    008i.com
O1 - Hosts: 127.0.0.1    www.008k.com
O1 - Hosts: 127.0.0.1    008k.com
O1 - Hosts: 127.0.0.1    www.00hq.com
O1 - Hosts: 127.0.0.1    00hq.com
O1 - Hosts: 127.0.0.1    010402.com
O1 - Hosts: 127.0.0.1    www.032439.com
O1 - Hosts: 127.0.0.1    032439.com
O1 - Hosts: 127.0.0.1    www.0scan.com
O1 - Hosts: 127.0.0.1    0scan.com
O1 - Hosts: 127.0.0.1    1000gratisproben.com
O1 - Hosts: 127.0.0.1    www.1000gratisproben.com
O1 - Hosts: 127.0.0.1    1001namen.com
O1 - Hosts: 127.0.0.1    www.1001namen.com
O1 - Hosts: 127.0.0.1    100888290cs.com
O1 - Hosts: 127.0.0.1    www.100888290cs.com
O1 - Hosts: 127.0.0.1    www.100sexlinks.com
O1 - Hosts: 127.0.0.1    100sexlinks.com
O1 - Hosts: 127.0.0.1    10sek.com
O1 - Hosts: 127.0.0.1    www.10sek.com
O1 - Hosts: 127.0.0.1    www.1-2005-search.com
O1 - Hosts: 127.0.0.1    1-2005-search.com
O1 - Hosts: 127.0.0.1    123fporn.info
O1 - Hosts: 14980 more lines...
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (HistoryTriggerBHO Class) - {21A88CB9-84D2-4020-A2D1-B25A21034884} - C:\Program Files (x86)\LG Electronics\LG PC Suite IV\LinkAir\LinkAirBrowserHelper.dll (LG Electronics)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll (DealPly Technologies Ltd)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\bh\softonic.dll (Softonic.com)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\softonic\1.5.11.5\softonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (SFT_de3 Toolbar) - {FF88A983-649D-4207-9336-9B999280B436} - C:\Program Files (x86)\SFT_de3\prxtbSFT_.dll (Conduit Ltd.)
O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] F:\programme\adobe\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AMD AVT] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ATICustomerCare] C:\Program Files (x86)\ATI\ATICustomerCare\ATICustomerCare.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files (x86)\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe (CANON INC.)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.)
O4 - HKLM..\Run: [NPSStartup]  File not found
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TrayServer] F:\Program Files (x86)\MAGIX\Filme_auf_DVD_8\Trayserver.exe (MAGIX AG)
O4 - HKLM..\Run: [TurboV EVO] C:\Program Files\ASUS\TurboV EVO\TurboV_EVO.exe (ASUSTeK Computer Inc.)
O4 - HKCU..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files (x86)\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG)
O4 - HKCU..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung)
O4 - HKCU..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe ()
O4 - HKCU..\Run: [LG LinkAir]  File not found
O4 - HKCU..\Run: [OM2_Monitor] C:\Program Files (x86)\OLYMPUS\OLYMPUS Master 2\MMonitor.exe (OLYMPUS IMAGING CORP.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutorun = 0
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{52FADBA1-9F12-4C58-BE54-45667008FA96}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{241aafdc-dc6f-11e0-97cd-002618aa295c}\Shell - "" = AutoRun
O33 - MountPoints2\{241aafdc-dc6f-11e0-97cd-002618aa295c}\Shell\AutoRun\command - "" = H:\autorun.exe
O33 - MountPoints2\{732a8ccc-ea9f-11df-8855-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{732a8ccc-ea9f-11df-8855-806e6f6e6963}\Shell\AutoRun\command - "" = G:\.\Bin\ASSETUP.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (lsdelete)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.10.17 17:26:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Welli\Desktop\OTL.exe
[2012.10.14 17:14:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.10.17 17:31:16 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:31:16 | 000,014,848 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.10.17 17:29:00 | 000,000,112 | ---- | M] () -- C:\Users\Welli\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2012.10.17 17:28:24 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.10.17 17:28:24 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.10.17 17:28:24 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.10.17 17:28:24 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.10.17 17:28:24 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.10.17 17:28:18 | 000,000,168 | ---- | M] () -- C:\Users\Welli\defogger_reenable
[2012.10.17 17:26:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Welli\Desktop\OTL.exe
[2012.10.17 17:25:46 | 000,050,477 | ---- | M] () -- C:\Users\Welli\Desktop\Defogger.exe
[2012.10.17 17:24:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.10.17 17:24:02 | 2140,446,719 | -HS- | M] () -- C:\hiberfil.sys
[2012.10.17 06:47:35 | 000,000,177 | -H-- | M] () -- C:\dvmexp.idx
[2012.10.15 17:58:03 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.xtr
[2012.10.15 17:58:03 | 000,281,520 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2012.10.15 17:57:43 | 000,280,904 | ---- | M] () -- C:\Windows\SysWow64\PnkBstrB.ex0
[2012.10.15 17:00:52 | 000,000,064 | ---- | M] () -- C:\Windows\SysWow64\rp_stats.dat
[2012.10.15 17:00:52 | 000,000,044 | ---- | M] () -- C:\Windows\SysWow64\rp_rules.dat
[2012.10.06 22:03:43 | 000,182,853 | ---- | M] () -- C:\Users\Welli\Desktop\Defens-01.JPG
[2012.10.06 22:03:17 | 000,181,652 | ---- | M] () -- C:\Users\Welli\Desktop\Basis-01.JPG
[2012.09.29 18:51:42 | 000,000,091 | ---- | M] () -- C:\Users\Welli\Desktop\C&C Alliances.URL
[2012.09.25 19:11:16 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.09.25 19:11:16 | 000,000,034 | ---- | M] () -- C:\Windows\SysWow64\BD2030.DAT
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.10.17 17:29:00 | 000,000,112 | ---- | C] () -- C:\Users\Welli\Desktop\Für alle Hilfesuchenden! Was muss ich vor der Eröffnung eines Themas beachten - Trojaner-Board.URL
[2012.10.17 17:28:18 | 000,000,168 | ---- | C] () -- C:\Users\Welli\defogger_reenable
[2012.10.17 17:25:45 | 000,050,477 | ---- | C] () -- C:\Users\Welli\Desktop\Defogger.exe
[2012.10.06 22:03:43 | 000,182,853 | ---- | C] () -- C:\Users\Welli\Desktop\Defens-01.JPG
[2012.10.06 22:03:17 | 000,181,652 | ---- | C] () -- C:\Users\Welli\Desktop\Basis-01.JPG
[2012.09.29 18:51:42 | 000,000,091 | ---- | C] () -- C:\Users\Welli\Desktop\C&C Alliances.URL
[2012.03.09 17:26:29 | 000,000,029 | ---- | C] () -- C:\ProgramData\ra3.ini
[2012.03.09 06:31:26 | 000,204,952 | ---- | C] () -- C:\Windows\SysWow64\ativvsvl.dat
[2012.03.09 06:31:26 | 000,157,144 | ---- | C] () -- C:\Windows\SysWow64\ativvsva.dat
[2012.02.10 17:49:51 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\CommonDL.dll
[2012.02.10 17:49:51 | 000,002,413 | ---- | C] () -- C:\Windows\SysWow64\lgAxconfig.ini
[2012.01.31 19:15:44 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe
[2012.01.31 19:15:42 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll
[2012.01.31 19:15:42 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll
[2012.01.31 19:15:42 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll
[2012.01.31 19:15:42 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll
[2012.01.31 07:00:24 | 000,016,896 | ---- | C] () -- C:\Windows\SysWow64\kdbsdk32.dll
[2011.12.29 10:27:41 | 000,000,613 | ---- | C] () -- C:\Windows\eReg.dat
[2011.10.25 22:21:34 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\OVDecoder.dll
[2011.10.07 15:37:33 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll
[2011.09.13 00:06:16 | 000,003,917 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
[2011.06.08 10:17:16 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib
[2011.04.20 17:41:53 | 000,000,064 | ---- | C] () -- C:\Windows\SysWow64\rp_stats.dat
[2011.04.20 17:41:53 | 000,000,044 | ---- | C] () -- C:\Windows\SysWow64\rp_rules.dat
[2011.04.04 19:32:14 | 000,281,520 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe
[2010.12.11 18:06:37 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI
[2010.12.06 19:24:09 | 000,000,159 | ---- | C] () -- C:\Users\Welli\AppData\Roaming\default.pls
[2010.11.21 14:10:22 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2010.11.21 14:10:22 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe
[2010.11.12 17:38:19 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll
[2010.11.12 17:37:28 | 000,007,103 | ---- | C] () -- C:\Windows\mgxoschk.ini
[2010.11.12 17:11:41 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2010.11.12 17:11:41 | 000,000,034 | ---- | C] () -- C:\Windows\SysWow64\BD2030.DAT
[2010.11.12 15:36:43 | 000,000,026 | ---- | C] () -- C:\Windows\Irremote.ini
[2010.11.12 15:36:39 | 000,001,024 | ---- | C] () -- C:\Users\Welli\.rnd
[2010.11.07 21:04:50 | 000,024,576 | R--- | C] () -- C:\Windows\SysWow64\AsIO.dll
[2010.11.07 21:04:50 | 000,013,368 | R--- | C] () -- C:\Windows\SysWow64\drivers\AsIO.sys
[2010.11.07 21:04:50 | 000,011,832 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp64.sys
[2010.11.07 21:04:50 | 000,010,216 | ---- | C] () -- C:\Windows\SysWow64\drivers\AsInsHelp32.sys
[2010.11.07 21:01:21 | 000,031,629 | ---- | C] () -- C:\Windows\Ascd_log.ini
[2010.11.07 21:00:51 | 000,001,769 | ---- | C] () -- C:\Windows\Language_trs.ini
[2010.11.07 21:00:46 | 000,021,959 | ---- | C] () -- C:\Windows\Ascd_tmp.ini
[2010.11.07 20:55:08 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2011.11.21 21:35:35 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Audacity
[2011.11.23 20:21:31 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Canon
[2011.09.11 16:13:35 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\DAEMON Tools Lite
[2011.01.14 13:30:55 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\DassaultSystemes
[2011.01.14 13:30:44 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\DWGeditor
[2011.01.14 13:31:43 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\EDrawings
[2010.12.29 16:04:41 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\fotobuch.de AG
[2012.06.06 17:43:50 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Garmin
[2010.12.11 18:54:18 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Luxology
[2010.11.14 18:03:00 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\MAGIX
[2011.04.22 17:23:36 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Momes
[2012.08.11 00:19:01 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Origin
[2011.10.07 15:32:57 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\PixelPlanet
[2010.11.14 18:19:13 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\proDAD
[2012.03.09 16:48:25 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Red Alert 3
[2012.03.07 21:31:39 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Samsung
[2012.03.07 20:22:26 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Temp
[2012.06.11 19:24:35 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\TS3Client
[2012.06.11 19:12:34 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\ts3overlay
[2011.12.23 17:12:00 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\Ubisoft
[2011.10.07 15:24:13 | 000,000,000 | ---D | M] -- C:\Users\Welli\AppData\Roaming\UDC Profiles
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---

Alt 19.10.2012, 13:01   #2
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.

Bitte alles nach Möglichkeit hier in CODE-Tags posten.

Wird so gemacht:

[code] hier steht das Log [/code]

Und das ganze sieht dann so aus:

Code:
ATTFilter
 hier steht das Log
         
__________________

__________________

Alt 19.10.2012, 14:31   #3
xx-Welli-xx
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Hallo cosinus.
Vorweg mal ein DANKESCHÖN dass du dich mir und meiner PC Probleme annimmst!
Also ich habe voher noch nie mit Malwarebytes gearbeitet.
Habe diese Programm erst durch euer Forum gefunden.
Anbei alle Dateien die in dem Reiter Logdateien stehen.

mbam-log-2012-10-18
Code:
ATTFilter
 
 Malwarebytes Anti-Malware  (Test) 1.65.1.1000
www.malwarebytes.org

Datenbank Version: v2012.10.18.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 8.0.7601.17514
Welli :: COOLMASTER [Administrator]

Schutz: Aktiviert

18.10.2012 19:02:50
mbam-log-2012-10-18 (19-02-50).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 204122
Laufzeit: 1 Minute(n), 8 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         
protection-log-2012-10-18
Code:
ATTFilter
 
2012/10/18 19:00:07 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/18 19:00:07 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/18 19:00:07 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/18 19:00:08 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
2012/10/18 19:00:27 +0200	COOLMASTER	Welli	MESSAGE	Stopping IP protection
2012/10/18 19:00:27 +0200	COOLMASTER	Welli	MESSAGE	IP Protection stopped successfully
2012/10/18 19:00:27 +0200	COOLMASTER	Welli	MESSAGE	Protection stopped
2012/10/18 19:00:29 +0200	COOLMASTER	Welli	MESSAGE	Executing scheduled update:  Daily
2012/10/18 19:00:30 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/18 19:00:30 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/18 19:00:30 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/18 19:00:31 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
2012/10/18 19:00:32 +0200	COOLMASTER	Welli	MESSAGE	Scheduled update executed successfully:  database updated from version v2012.09.29.05 to version v2012.10.18.06
2012/10/18 19:00:32 +0200	COOLMASTER	Welli	MESSAGE	Starting database refresh
2012/10/18 19:00:33 +0200	COOLMASTER	Welli	MESSAGE	Stopping IP protection
2012/10/18 19:00:33 +0200	COOLMASTER	Welli	MESSAGE	IP Protection stopped successfully
2012/10/18 19:00:35 +0200	COOLMASTER	Welli	MESSAGE	Database refreshed successfully
2012/10/18 19:00:35 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/18 19:00:36 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
         
protection-log-2012-10-19
Code:
ATTFilter
 
2012/10/19 06:46:59 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/19 06:46:59 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/19 06:46:59 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/19 06:47:00 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
2012/10/19 12:24:10 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/19 12:24:10 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/19 12:24:10 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/19 12:24:11 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
2012/10/19 12:25:14 +0200	COOLMASTER	Welli	IP-BLOCK	8.27.4.126 (Type: outgoing, Port: 49284, Process: firefox.exe)
2012/10/19 12:33:16 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/19 12:33:16 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/19 12:33:16 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/19 12:33:18 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
2012/10/19 15:08:11 +0200	COOLMASTER	Welli	MESSAGE	Starting protection
2012/10/19 15:08:11 +0200	COOLMASTER	Welli	MESSAGE	Protection started successfully
2012/10/19 15:08:11 +0200	COOLMASTER	Welli	MESSAGE	Starting IP protection
2012/10/19 15:08:13 +0200	COOLMASTER	Welli	MESSAGE	IP Protection started successfully
         
Hat das mit den anderen Dateien funktioniert welche ich angehängt habe?

Was mir momentan noch an meinem Pc auffällt ist, dass jedesmal wenn
ich ihn neu starte bzw. einschalte folgende Meldung kommt.

Möchten Sie zulassen, dass durch folgendes Programm Änderungen an diesem Computer vorgenommen werde.
Programm: B2C NotiAgent
Verifizierter Herausgeber: LG Electronics
JA oder Nein

Egal was ich dann anklicke beim nächsten start kommt die Meldung wieder!
Diese Meldung habe ich seit dem ich die LG Software von meinem Handy installiert habe um die Tel.Nr. zu sichern.

sg
Welli
__________________

Alt 19.10.2012, 15:25   #4
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Zitat:
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll
Das ist mal wieder ein schöner Fehlalarm
Ich würde mich an deiner Stelle von AdAware trennen und es deinstallieren
__________________
Logfiles bitte immer in CODE-Tags posten

Alt 19.10.2012, 17:51   #5
xx-Welli-xx
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Hi cosinus.
Also ist dann so gesehen mein PC "sauber".
Dann kann ich ja machen.

Die nächsten Schritte wären dann also für mich
- Ad-Aware deinstall.
- Antivir updaten (wie üblich)
- Defogger Re-enable ?
- mit Malwarebytes gelegntlich scannen
- OTL deinstall ?

Reicht sogesehen Antivir und Malwarebytes oder sollte ich noch was als Schutz installieren?

SG
Welli


Alt 21.10.2012, 10:51   #6
cosinus
/// Winkelfunktion
/// TB-Süch-Tiger™
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Zitat:
Die nächsten Schritte wären dann also für mich
Warum? AdAware hatte doch nur einen Fehlalarm!

Zitat:
Reicht sogesehen Antivir und Malwarebytes oder sollte ich noch was als Schutz installieren?
Ja, AdAware deinstallieren. Und beachte auch mal http://www.trojaner-board.de/96344-a...tml#post627442
__________________
--> Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll

Alt 21.10.2012, 12:07   #7
xx-Welli-xx
 
Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Standard

Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll



Ja dann BEDANKE ich mich mal recht herzlich bei dir für deine Hilfe!!
D A N K E

zu den weiteren Schritten.
Naja Antivir updaten ist doch nie schlecht :-)
Defogger hat mir ja z.Bsp Daemon Tool deaktiviert.
um dies wieder zu aktivieren muss ich
doch Re-enable ausführen oder nicht?

Werde mich dann mal bei diesem Thema ein wenig durchlesen.
http://www.trojaner-board.de/96344-a...tml#post627442

Danke
Sg
Welli

Antwort

Themen zu Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll
ad-aware, alert, antivir, avg, avira, bho, bonjour, canon, dealply, desktop, fehlermeldung, firefox, format, frage, hängen, internet, launch, logfile, mozilla, object, olympus, plug-in, programm, realtek, registry, safer networking, scan, software, starten, vdeck.exe, win32.trojan.agent, windows



Ähnliche Themen: Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll


  1. Virus als Avira getarnt? - "C:\Program Files (x86)\Avira\My Avira\Avira.OE.Systray.exe" /showMiniGui
    Plagegeister aller Art und deren Bekämpfung - 08.08.2014 (3)
  2. C:\program files (x86)\avira\my avira\avira.oe.systray.exe gruppenrichtlienie geblockt
    Log-Analyse und Auswertung - 26.06.2014 (5)
  3. Trojan.FakeAlert in C:\Program Files (x86)\OpenOffice 4 \program\calc.dll
    Plagegeister aller Art und deren Bekämpfung - 22.04.2014 (5)
  4. C:\Program Files\Activision\Call of Duty 4 - Modern Warfare\rzr-cod4.exe (Trojan.Agent.CK)
    Plagegeister aller Art und deren Bekämpfung - 17.03.2014 (9)
  5. TR/ATRAPS.Gen2 C:\Program Files (x86)\Google\Desktop
    Plagegeister aller Art und deren Bekämpfung - 07.01.2014 (2)
  6. Windows 7: C:\Program files\Desktop\Google\...usw-> TR/Sirefef.A.37 und TR/ATRAPS.Gen2, Antivir kann Sie nicht in die Quarantäne verschieben
    Plagegeister aller Art und deren Bekämpfung - 12.08.2013 (13)
  7. Avira meldet: 'TR/Crypt.ZPACK.Gen2' [trojan] in der Datei 'C:\Program Files\Skype\Phone\Skype.exe'
    Plagegeister aller Art und deren Bekämpfung - 08.12.2012 (2)
  8. Trojan.Agent.VGENX in C:\Program Files (x86)\PEBL\bin\pebl.exe
    Plagegeister aller Art und deren Bekämpfung - 16.11.2012 (1)
  9. TR/Agent.amd.2 in C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\INFECTED
    Plagegeister aller Art und deren Bekämpfung - 02.11.2012 (7)
  10. Packer.ModifiedUPX in C:\Program Files\TopOCR\mb1.exe und Trojan.Zbot in F:\Eigene Datein\Desktop\PureRa.exe
    Log-Analyse und Auswertung - 03.10.2012 (31)
  11. Trojan.Agent und Trojan.Phex.THA.Gen1, Avira Antivir Echtzeitscanner geblockt
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (5)
  12. TR/Dropper.Gen von Avira AntiVir und Trojan.Agent.CK sowie Trojan.Orsam von Malwarebytes erkannt
    Plagegeister aller Art und deren Bekämpfung - 03.12.2010 (1)
  13. Ergebnisse von Malwarebytes, Antivir und Ad-Aware u.a. Trojan.Win32.Generic!BT
    Antiviren-, Firewall- und andere Schutzprogramme - 13.10.2010 (12)
  14. HijackThis Logfile O4 - HKCU\..\Run: [AV] C:\Program Files\AV\Antivir.exe
    Log-Analyse und Auswertung - 18.01.2010 (1)
  15. Win32.Trojan.Agent/Win32.Worm.Autorun mit Ad-Aware unschädlich gemacht?
    Plagegeister aller Art und deren Bekämpfung - 06.08.2009 (6)
  16. Trojan-Downloader.Win32.Agent Variant sowie Zlob.DNSChanger files gefunden
    Plagegeister aller Art und deren Bekämpfung - 29.09.2008 (9)
  17. Win32.Trojan.Agent.cs von Ad-Aware gefunden. Wie entfernen?
    Plagegeister aller Art und deren Bekämpfung - 15.07.2005 (3)

Zum Thema Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll - Ein herzliches Hallo an das Trojaner-Board. Ich hatte vor einigen Tagen die Meldung von Ad-Aware bekommen, dass ich eine gefährliche software auf meinem PC habe. Ich habe dann Ad-Aware scannen - Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll...
Archiv
Du betrachtest: Ad-Aware erkennt: Win32.Trojan.Agent / c:\program files (x86)\avira\antivir desktop\failsafe\aeexp.dll auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.