| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block #2Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
22.07.2012, 23:49
| #1 |
 |  Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block #2 Hallo erstmal! Ich habe mir ebenfalls, wie andere im Forum einen Trojaner gezogen, der mir den PC "gesperrt" hat und bin jetzt im abgesicherten Modus. MBAM meldet bundleinstaller.bl und im Autostart ist eine Datei namens mor.exe. Ich lasse jetzt noch OTL und danach Eset durchlaufen analog zu anderen Fällen im Forum. Gibt es von eurer Seite noch weitere Hilfestellungen wie ich weiter vorgehen sollte? (Zusätzlich stellt sich mir die Frage, wie ich das in Zukunft verhindere - Avast scheint also nicht auszureichen, um mich davor zu bewahren). Vielen Dank im Voraus! Atina Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.07.22.10 Windows Vista Service Pack 2 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Sebastian :: SEBASTIAN-PC [Administrator] 22.07.2012 23:46:40 mbam-log-2012-07-23 (00-43-51).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 391697 Laufzeit: 54 Minute(n), 26 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 2 C:\Users\Sebastian\Downloads\gadgetspack.exe (PUP.BundleInstaller.BI) -> Keine Aktion durchgeführt. C:\Users\Sebastian\Programme\unsortiert\operapassview\OperaPassView.exe (PUP.OperaPasswordTool) -> Keine Aktion durchgeführt. (Ende) Hier der OTL-Report: Code:
ATTFilter PRC - [2012.07.18 16:54:41 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.07.03 13:46:42 | 000,973,488 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe
========== Modules (No Company Name) ==========
MOD - [2012.07.18 16:54:40 | 002,003,424 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.02.07 21:38:41 | 008,527,008 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2011.04.21 11:28:23 | 000,011,264 | ---- | M] (Olof Lagerkvist) [On_Demand | Stopped] -- C:\Windows\SysNative\imdsksvc.exe -- (ImDskSvc)
SRV:64bit: - [2011.04.20 04:04:18 | 000,203,776 | ---- | M] (AMD) [Auto | Stopped] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV:64bit: - [2011.04.19 22:18:20 | 000,365,568 | ---- | M] (Advanced Micro Devices, Inc.) [Auto | Stopped] -- C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe -- (AMD FUEL Service)
SRV:64bit: - [2010.04.07 15:04:24 | 000,127,800 | ---- | M] (HP) [Auto | Stopped] -- C:\Windows\SysNative\HPSIsvc.exe -- (HPSIService)
SRV:64bit: - [2007.06.01 02:02:16 | 000,043,568 | ---- | M] (Lenovo) [Auto | Stopped] -- C:\Windows\SysNative\ibmpmsvc.exe -- (IBMPMSVC)
SRV - [2012.07.18 16:54:40 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.07.04 17:25:54 | 005,160,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2012.06.30 01:46:30 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.02.14 04:53:38 | 000,193,288 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Stopped] -- C:\Program Files (x86)\AVG\AVG2012\avgwdsvc.exe -- (avgwd)
SRV - [2011.12.15 19:29:42 | 000,014,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService)
SRV - [2011.09.08 09:15:22 | 000,670,792 | ---- | M] (Juniper Networks) [Auto | Stopped] -- C:\Program Files (x86)\Juniper Networks\Common Files\dsNcService.exe -- (dsNcService)
SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe -- (Secunia PSI Agent)
SRV - [2011.04.19 08:44:40 | 000,399,416 | ---- | M] (Secunia) [Auto | Stopped] -- C:\Program Files (x86)\Secunia\PSI\sua.exe -- (Secunia Update Agent)
SRV - [2010.06.25 19:07:20 | 000,117,264 | ---- | M] (CACE Technologies, Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\WinPcap\rpcapd.exe -- (rpcapd) Remote Packet Capture Protocol v.0 (experimental)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.03.29 21:42:16 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.05.24 20:43:06 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\dtsoftbus01.sys -- (dtsoftbus01)
DRV:64bit: - [2012.04.19 04:50:26 | 000,028,480 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgidsha.sys -- (AVGIDSHA)
DRV:64bit: - [2012.03.19 05:17:26 | 000,383,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avgtdia.sys -- (Avgtdia)
DRV:64bit: - [2012.02.29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.22 05:25:32 | 000,289,872 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgldx64.sys -- (Avgldx64)
DRV:64bit: - [2012.02.14 23:49:55 | 000,314,016 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\atksgt.sys -- (atksgt)
DRV:64bit: - [2012.02.14 23:49:55 | 000,043,680 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\DRIVERS\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2012.01.31 04:46:48 | 000,036,944 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\DRIVERS\avgrkx64.sys -- (Avgrkx64)
DRV:64bit: - [2011.12.23 13:32:14 | 000,047,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\Windows\SysNative\DRIVERS\avgmfx64.sys -- (Avgmfx64)
DRV:64bit: - [2011.12.23 13:32:04 | 000,029,776 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsfiltera.sys -- (AVGIDSFilter)
DRV:64bit: - [2011.12.23 13:31:58 | 000,124,496 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\avgidsdrivera.sys -- (AVGIDSDriver)
DRV:64bit: - [2011.12.15 19:29:42 | 000,031,232 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901)
DRV:64bit: - [2011.09.08 08:42:38 | 000,032,768 | ---- | M] (Juniper Networks) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\dsNcAdpt.sys -- (dsNcAdpt)
DRV:64bit: - [2011.07.07 18:42:38 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2011.04.21 11:28:30 | 000,017,360 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\awealloc.sys -- (AWEAlloc)
DRV:64bit: - [2011.04.21 11:28:27 | 000,034,776 | ---- | M] (Olof Lagerkvist) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\imdisk.sys -- (ImDisk)
DRV:64bit: - [2011.04.20 04:44:48 | 009,319,936 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2011.04.20 03:22:32 | 000,306,176 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2011.02.23 09:14:44 | 001,094,248 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\rtl8192Ce.sys -- (RTL8192Ce)
DRV:64bit: - [2011.02.22 14:21:54 | 000,404,584 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\Rtlh64.sys -- (RTL8169)
DRV:64bit: - [2010.09.01 10:30:58 | 000,017,976 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\psi_mf.sys -- (PSI)
DRV:64bit: - [2010.07.15 14:23:48 | 000,231,328 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2010.06.25 19:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010.03.06 01:41:05 | 000,020,480 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\mvusbews.sys -- (mvusbews)
DRV:64bit: - [2010.02.18 09:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\amdiox64.sys -- (amdiox64)
DRV:64bit: - [2009.10.01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb)
DRV:64bit: - [2007.06.01 02:01:52 | 000,026,928 | ---- | M] (Lenovo.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\ibmpmdrv.sys -- (IBMPMDRV)
DRV - [2011.06.07 15:00:35 | 000,021,712 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\DrvAgent64.SYS -- (DrvAgent64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{6BE66562-E53D-4F84-BDA9-B7DE7CFF65F3}: "URL" = hxxp://search.copernic.com/query21/?q={searchTerms}&c=web&l=ENG&e=CDS2&cpn=&b=304000026&u=&sctx=iebox
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: web2pdfextension@web2pdf.adobedotcom:1.0
FF - prefs.js..network.proxy.http: "46.166.128.165"
FF - prefs.js..network.proxy.http_port: 6588
FF - prefs.js..network.proxy.no_proxies_on: "localhost, 127.0.0.1, stealthy.co"
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.type: 0
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll File not found
FF - HKCU\Software\MozillaPlugins\FabasoftPluginPU: C:\Users\Sebastian\AppData\Local\Fabasoft\x86\npfoliopluginpu32.dll (Fabasoft R&D GmbH)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\web2pdfextension@web2pdf.adobedotcom: C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2012.07.03 17:23:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG2012\Firefox4\ [2012.07.17 11:05:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F53C93F1-07D5-430c-86D4-C9531B27DFAF}: C:\Program Files (x86)\AVG\AVG2012\Firefox\DoNotTrack\ [2012.07.03 11:20:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:54:41 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 23:35:02 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.18 01:01:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{E0CC257A-4D42-4ED7-AFAF-0AE6422F60D0}: C:\Program Files (x86)\Copernic Desktop Search - Home\Firefox36Connector [2011.07.21 20:10:45 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.18 16:54:41 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.07 23:35:02 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{D5AA91D3-CA07-4379-B0F2-AEC652F5943F}: C:\Users\Sebastian\AppData\Local\Fabasoft\TB\ [2012.06.09 14:13:42 | 000,000,000 | ---D | M]
[2012.04.08 18:14:11 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions
[2011.06.06 20:28:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2012.07.03 17:19:29 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions
[2012.04.16 07:22:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2012.04.04 02:24:58 | 000,000,000 | ---D | M] (Live HTTP Headers) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{8f8fe09b-0bd3-4470-bc1b-8cad42b8203a}
[2012.04.12 21:39:36 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.07.03 17:19:29 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Sebastian\AppData\Roaming\mozilla\Firefox\Profiles\bqr6bhwq.default\extensions\firefox@ghostery.com
[2012.06.03 09:42:10 | 000,010,593 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\searchplugins\duckduckgo-ssl.xml
[2012.06.03 09:41:04 | 000,001,632 | ---- | M] () -- C:\Users\Sebastian\AppData\Roaming\Mozilla\Firefox\Profiles\bqr6bhwq.default\searchplugins\firefox-add-ons.xml
[2012.04.25 13:20:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.05.07 02:52:47 | 000,275,540 | ---- | M] () (No name found) -- C:\USERS\SEBASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQR6BHWQ.DEFAULT\EXTENSIONS\{64161300-E22B-11DB-8314-0800200C9A66}.XPI
[2012.06.03 09:40:08 | 000,025,781 | ---- | M] () (No name found) -- C:\USERS\SEBASTIAN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BQR6BHWQ.DEFAULT\EXTENSIONS\ADD-TO-SEARCHBOX@MALTEKRAUS.DE.XPI
[2012.07.18 16:54:41 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.03.13 07:23:34 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.03.13 07:06:36 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.03.13 07:23:34 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.03.13 07:23:34 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.03.13 07:23:34 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.03.13 07:23:34 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.04.23 15:31:36 | 000,000,761 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2:64bit: - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Do Not Track) - {31332EEF-CB9F-458F-AFEB-D30E9A66B6BA} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Free Download Manager) - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files (x86)\Free Download Manager\iefdm2.dll (FreeDownloadManager.ORG)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Copernic Desktop Search - Home Toolbar) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - C:\Program Files (x86)\Copernic Desktop Search - Home\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O4:64bit: - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKCU..\Run: [Adobe Acrobat Synchronizer] C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\AdobeCollabSync.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [Copernic Desktop Search - Home] C:\Program Files (x86)\Copernic Desktop Search - Home\DesktopSearchService.exe (Copernic Inc.)
O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd)
O4 - HKCU..\Run: [FolioSystrayPU] C:\Users\Sebastian\AppData\Local\Fabasoft\x86\foliouipu.exe (Fabasoft R&D GmbH)
O4 - HKCU..\Run: [Free Download Manager] C:\Program Files (x86)\Free Download Manager\fdm.exe (FreeDownloadManager.ORG)
O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Sebastian\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe ()
O4 - HKCU..\Run: [uTorrent] C:\Program Files (x86)\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sebastian\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8:64bit: - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8:64bit: - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8:64bit: - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sebastian\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm File not found
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files (x86)\Free Download Manager\dlfvideo.htm ()
O9:64bit: - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiea.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: AVG Do Not Track - {68BCFFE1-A2DA-4B40-9068-87ECBFC19D16} - C:\Program Files (x86)\AVG\AVG2012\avgdtiex.dll (AVG Technologies CZ, s.r.o.)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: fabasoft.com ([folio] https in Vertrauenswürdige Sites)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {816BE035-1450-40D0-8A3B-BA7825A83A77} hxxp://support.lenovo.com/Resources/Lenovo/AutoDetect/acpirexe.cab (IASRunner Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0759BCB1-AC6D-4EAA-A4A2-A3044C06698C}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{23A2A428-E7EE-4539-B896-C2C5EA2066F3}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62CCE4D8-02A3-4FC3-8381-2F82CD4C5D03}: DhcpNameServer = 141.20.1.3 141.20.2.3
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{754d08fb-a464-11e1-bd0a-60eb69e8e34f}\Shell - "" = AutoRun
O33 - MountPoints2\{754d08fb-a464-11e1-bd0a-60eb69e8e34f}\Shell\AutoRun\command - "" = E:\GRIM.EXE
O33 - MountPoints2\{850ef45c-54de-11e1-81f5-889ffaea1d51}\Shell - "" = AutoRun
O33 - MountPoints2\{850ef45c-54de-11e1-81f5-889ffaea1d51}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{e559db87-a2f1-11e0-8978-889ffaea1d51}\Shell - "" = AutoRun
O33 - MountPoints2\{e559db87-a2f1-11e0-8978-889ffaea1d51}\Shell\AutoRun\command - "" = E:\PcOptions.exe
O33 - MountPoints2\{e6c3aa94-a672-11e0-852b-889ffaea1d51}\Shell - "" = AutoRun
O33 - MountPoints2\{e6c3aa94-a672-11e0-852b-889ffaea1d51}\Shell\AutoRun\command - "" = G:\PcOptions.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG2012\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2012.07.22 23:39:43 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Malwarebytes
[2012.07.22 23:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.22 23:39:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.22 23:39:35 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.22 23:39:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.17 11:05:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2012.07.15 16:04:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Konsumentenpolitik
[2012.07.13 03:01:31 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2012.07.13 03:01:31 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2012.07.13 03:01:30 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2012.07.13 03:01:30 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2012.07.13 03:01:28 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2012.07.13 03:01:28 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2012.07.13 03:01:28 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2012.07.13 03:01:28 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2012.07.13 03:01:27 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2012.07.13 03:01:27 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2012.07.13 03:01:27 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2012.07.13 03:01:26 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2012.07.13 03:01:26 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2012.07.11 11:28:27 | 000,254,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll
[2012.07.08 00:53:06 | 000,022,528 | ---- | C] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\Windows\SysNative\drivers\nhcDriver.sys
[2012.07.08 00:52:59 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Notebook Hardware Control
[2012.07.08 00:52:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notebook Hardware Control
[2012.07.08 00:52:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Notebook Hardware Control
[2012.07.06 10:28:57 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\Bilder
[2012.07.06 02:00:04 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
[2012.07.06 02:00:02 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Roaming\IrfanView
[2012.07.06 02:00:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView
[2012.07.02 23:38:13 | 001,060,864 | ---- | C] (Philips Speech Processing - Dictation Systems) -- C:\Windows\SysWow64\DPMCtrl.dll
[2012.07.02 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Philips Speech Shared
[2012.07.02 23:35:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Philips Speech
[2012.07.02 23:35:31 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\AppData\Local\Dss2Wave
[2012.07.02 23:35:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DSS to Wave
[2012.07.02 23:35:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DSS2Wave
[2012.07.01 11:40:24 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\9gag
[2012.06.25 16:04:24 | 001,394,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.25 15:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostscript
[2012.06.25 15:46:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\gs
[2012.06.25 15:46:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ghostgum
[2012.06.25 15:46:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ghostgum
[2012.06.24 21:36:35 | 000,000,000 | ---D | C] -- C:\Users\Sebastian\Desktop\LOTR
========== Files - Modified Within 30 Days ==========
[2012.07.22 23:39:36 | 000,000,948 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.22 23:38:48 | 001,474,308 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.22 23:38:48 | 000,638,224 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.22 23:38:48 | 000,604,154 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.22 23:38:48 | 000,130,634 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.22 23:38:48 | 000,107,486 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.22 23:34:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.22 23:33:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.07.22 23:31:24 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 23:31:24 | 000,004,576 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.22 14:33:51 | 101,968,570 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2012.07.18 06:10:54 | 000,000,001 | ---- | M] () -- C:\Users\Sebastian\Serbien Blog\UltraImagePrint
[2012.07.16 20:45:44 | 000,354,429 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2012.07.16 15:05:33 | 000,000,960 | ---- | M] () -- C:\Users\Public\Desktop\OpenVPN GUI.lnk
[2012.07.16 12:15:22 | 000,009,728 | ---- | M] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.15 15:33:03 | 001,436,964 | ---- | M] () -- C:\Users\Sebastian\Desktop\Bounanno_2006_EFSA.pdf
[2012.07.13 03:37:03 | 000,273,168 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.12 15:31:04 | 000,715,726 | ---- | M] () -- C:\Users\Sebastian\Desktop\DSC_0230.JPG
[2012.07.12 15:14:57 | 003,932,625 | ---- | M] () -- C:\Users\Sebastian\Desktop\Prokla68.pdf
[2012.07.10 12:21:51 | 000,005,724 | ---- | M] () -- C:\Users\Sebastian\Desktop\Order completed.pdf
[2012.07.08 00:53:06 | 000,022,528 | ---- | M] (pBUS-167 Software - hxxp://www.pbus-167.com) -- C:\Windows\SysNative\drivers\nhcDriver.sys
[2012.07.07 16:05:04 | 000,331,530 | ---- | M] () -- C:\Users\Sebastian\Desktop\Inhalt-und-Einleitung-Friedrich-RiLg.pdf
[2012.07.07 15:27:54 | 001,636,555 | ---- | M] () -- C:\Users\Sebastian\Desktop\Sarrazin-Dossier_18_5_2011_.pdf
[2012.07.06 23:11:10 | 000,021,711 | ---- | M] () -- C:\Users\Sebastian\Desktop\Notizen .odt
[2012.07.06 02:00:04 | 000,001,729 | ---- | M] () -- C:\Users\Sebastian\Desktop\IrfanView Thumbnails.lnk
[2012.07.06 02:00:04 | 000,000,837 | ---- | M] () -- C:\Users\Sebastian\Desktop\IrfanView.lnk
[2012.07.06 01:44:12 | 001,396,884 | ---- | M] () -- C:\Users\Sebastian\Desktop\3.1SG.jpg
[2012.07.05 12:17:08 | 000,013,088 | ---- | M] () -- C:\Users\Sebastian\Desktop\Prüfungsausschuss.odt
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.02 23:38:09 | 000,000,761 | ---- | M] () -- C:\Windows\unins000.dat
[2012.07.02 23:38:07 | 000,678,682 | ---- | M] () -- C:\Windows\unins000.exe
[2012.07.02 23:35:05 | 000,000,829 | ---- | M] () -- C:\Users\Sebastian\Desktop\DSS2Wave.lnk
[2012.07.02 14:30:37 | 000,047,135 | ---- | M] () -- C:\Users\Sebastian\Serbien Blog\bla.gephi
[2012.06.25 16:04:24 | 001,394,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml4.dll
[2012.06.25 15:52:24 | 000,011,252 | ---- | M] () -- C:\Users\Sebastian\gsview32.ini
========== Files Created - No Company Name ==========
[2012.07.22 23:39:36 | 000,000,948 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.07.15 15:33:03 | 001,436,964 | ---- | C] () -- C:\Users\Sebastian\Desktop\Bounanno_2006_EFSA.pdf
[2012.07.12 15:31:03 | 000,715,726 | ---- | C] () -- C:\Users\Sebastian\Desktop\DSC_0230.JPG
[2012.07.12 15:14:56 | 003,932,625 | ---- | C] () -- C:\Users\Sebastian\Desktop\Prokla68.pdf
[2012.07.10 12:21:50 | 000,005,724 | ---- | C] () -- C:\Users\Sebastian\Desktop\Order completed.pdf
[2012.07.07 16:05:03 | 000,331,530 | ---- | C] () -- C:\Users\Sebastian\Desktop\Inhalt-und-Einleitung-Friedrich-RiLg.pdf
[2012.07.07 15:27:53 | 001,636,555 | ---- | C] () -- C:\Users\Sebastian\Desktop\Sarrazin-Dossier_18_5_2011_.pdf
[2012.07.06 02:00:04 | 000,001,729 | ---- | C] () -- C:\Users\Sebastian\Desktop\IrfanView Thumbnails.lnk
[2012.07.06 02:00:04 | 000,000,837 | ---- | C] () -- C:\Users\Sebastian\Desktop\IrfanView.lnk
[2012.07.06 01:43:49 | 001,396,884 | ---- | C] () -- C:\Users\Sebastian\Desktop\3.1SG.jpg
[2012.07.05 11:18:52 | 000,013,088 | ---- | C] () -- C:\Users\Sebastian\Desktop\Prüfungsausschuss.odt
[2012.07.04 00:26:43 | 000,021,711 | ---- | C] () -- C:\Users\Sebastian\Desktop\Notizen .odt
[2012.07.02 23:38:13 | 000,006,264 | ---- | C] () -- C:\Windows\SysWow64\PSPGRU.inf
[2012.07.02 23:38:09 | 000,678,682 | ---- | C] () -- C:\Windows\unins000.exe
[2012.07.02 23:38:09 | 000,000,761 | ---- | C] () -- C:\Windows\unins000.dat
[2012.07.02 23:35:52 | 000,002,027 | ---- | C] () -- C:\Users\Sebastian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\DPM-Player.lnk
[2012.07.02 23:35:05 | 000,000,829 | ---- | C] () -- C:\Users\Sebastian\Desktop\DSS2Wave.lnk
[2012.07.02 23:35:02 | 000,050,688 | ---- | C] () -- C:\Users\Sebastian\Serbien Blog\Sample DSS Pro.DS2
[2012.06.25 15:46:27 | 000,011,252 | ---- | C] () -- C:\Users\Sebastian\gsview32.ini
[2012.06.17 19:10:27 | 000,000,097 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\fusioncache.dat
[2012.06.17 19:09:02 | 001,502,974 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.16 22:10:36 | 000,070,931 | ---- | C] () -- C:\Users\Sebastian\bookmarks-2012-04-16.json
[2012.04.13 01:08:27 | 000,015,873 | ---- | C] () -- C:\Windows\SysWow64\Inetde.dll
[2012.04.12 18:09:51 | 000,368,640 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll
[2012.04.12 18:09:12 | 000,117,248 | ---- | C] () -- C:\Windows\SysWow64\EhStorAuthn.dll
[2012.04.12 18:07:48 | 000,107,612 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchema.bin
[2012.04.06 19:11:26 | 000,036,864 | ---- | C] () -- C:\Windows\SysWow64\sx32w.dll
[2011.08.30 11:03:18 | 000,049,221 | ---- | C] () -- C:\Users\Sebastian\46286527.pdf
[2011.07.08 22:02:03 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll
[2011.07.08 22:02:02 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011.07.08 22:01:54 | 000,644,608 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll
[2011.07.08 22:01:54 | 000,243,200 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll
[2011.07.08 22:01:52 | 000,073,216 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll
[2011.07.08 12:03:37 | 000,326,077 | ---- | C] () -- C:\Users\Sebastian\The Ethical Slut - A Practical Guide to Polyamory, Open Relationships & Other Adventures -- Dossie Easton and Janet W Hardy.pdf
[2011.06.25 18:35:40 | 000,000,680 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps.dat
[2011.06.07 04:49:12 | 000,018,904 | ---- | C] () -- C:\Windows\SysWow64\StructuredQuerySchemaTrivial.bin
[2011.06.06 20:19:04 | 000,009,728 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011.06.06 19:08:16 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe
[2011.06.06 17:48:42 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin
[2011.06.05 22:29:49 | 000,000,732 | ---- | C] () -- C:\Users\Sebastian\AppData\Local\d3d9caps64.dat
[2011.06.05 22:09:43 | 000,000,012 | ---- | C] () -- C:\Windows\bthservsdp.dat
[2011.04.19 22:10:32 | 000,059,904 | ---- | C] () -- C:\Windows\SysWow64\OVDecode.dll
[2011.03.17 19:51:44 | 000,003,929 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat
< End of report >
Geändert von Atina (23.07.2012 um 00:17 Uhr) |
| Themen zu Der Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde block #2 |
| abgesicherten, administrator, anti-malware, application/pdf:, autostart, avast, bundesrepublik, code, computer, datei, dateien, der computer ist für die verletzung, der computer ist für die verletzung der gesetze, ebenfalls, eset, explorer, forum, frage, free download, gesperrt, heuristiks/extra, heuristiks/shuriken, lenovo, malwarebytes, namens, openvpn, plug-in, programme, pup.bundleinstaller.bi, pup.operapasswordtool, searchscopes, secunia psi, seite, service, service pack 2, speicher, spotify web helper, trojaner, verletzung der gesetze, version, vista |
Baum-Darstellung