Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
Live Security Premium eingefangen

Live Security Premium eingefangen


Log-Analyse und Auswertung: Live Security Premium eingefangen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 05.08.2012, 12:36   #1
Xenja
 
Live Security Premium eingefangen - Standard

Live Security Premium eingefangen


Hallo,

ich habe mir heute anscheinend auch den Live Security Platinum Trojaner eingefangen. Allerdings nicht, wie anscheinend meistens, durch eine Email sondern beim normalen Surfen (ich habe Daten über Indien für meine Hausarbeit gesucht und mich nicht wissentlich auf "gefährlichen" seiten aufgehalten) im Internet. Firefox hat sich plötzlich beendet und Live Security Platinum hat gemeldet ich hätte Trojaner und solle mir die Software kaufen, um diese zu entfernen. Keine Programme bzw. zumindest Firefox, Internet Explorer, AntiVir lassen sich mehr starten. Ich bin dann gleich an meinen Zweitrechner und habe eure Schritte durchgeführt, mein befallener Rechner läuft zum Ausführen der Analyse-software im abgesicherten Modus.

Zunächst das Malwaerbytes-File - ich hatte zunächst die downgeloadete Version -ohne Aktualisierung - laufen lassen - da ich (sorry kenn mich nicht so gut aus) nicht wusste dass ich den abgesicherten Modus mit Netzwerkzugang laufen lassen kann um an die Aktualisierung zu kommen - und als ich wie in der Anleitung versucht habe die rules.ref zu ersetzen hat das Programm nicht mehr funktioniert. Anschließend dann noch mal das File mit Aktualisierung - hatte das Netzwerkkabel nur während der Aktualisierung eingesteckt:
Achja, ich bin in Australien, deshalb befindet sich meine Systemzeit "in der Zukunft", nicht wundern.

File 1:

Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.03.05

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus)
Internet Explorer 8.0.6001.19088
Sassi :: SASSI-LAPPI [Administrator]

Schutz: Deaktiviert

05.08.2012 18:59:55
mbam-log-2012-08-05 (18-59-55).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 232907
Laufzeit: 5 Minute(n), 39 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 2
HKCU\SOFTWARE\CLASSES\CLSID\{42AEDC87-2188-41FD-B9A3-0C966FEABEC1}\INPROCSERVER32 (Trojan.Zaccess) -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|fsutavaw (IPH.Trojan.Agent.CPN) -> Daten: rundll32 "C:\Users\Sassi\AppData\Local\Temp\logmtugc.dll",CreateProcessNotify -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\SOFTWARE\CLASSES\CLSID\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InprocServer32| (Trojan.Zaccess) -> Daten: C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\n. -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 2
C:\Users\Sassi\AppData\Local\Temp\logmtugc.dll (IPH.Trojan.Agent.CPN) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\Desktop\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)


File 2:
Malwarebytes Anti-Malware (Test) 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.08.05.03

Windows Vista Service Pack 1 x86 NTFS (Abgesichertenmodus/Netzwerkfähig)
Internet Explorer 8.0.6001.19088
Sassi :: SASSI-LAPPI [Administrator]

Schutz: Deaktiviert

05.08.2012 19:49:37
mbam-log-2012-08-05 (19-49-37).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 219393
Laufzeit: 7 Minute(n), 9 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 1
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce|036DFF610055EE5B2DE11A966C44B0BF (Trojan.Lameshield) -> Daten: C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF\036DFF610055EE5B2DE11A966C44B0BF.exe -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 1
C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateien: 4
C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF\036DFF610055EE5B2DE11A966C44B0BF.exe (Trojan.Lameshield) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Local\Temp\5D61.tmp (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Local\Temp\msimg32.dll (RootKit.0Access) -> Erfolgreich gelöscht und in Quarantäne gestellt.
C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Live Security Platinum\Live Security Platinum.lnk (Rogue.LiveSecurityPlatinum) -> Erfolgreich gelöscht und in Quarantäne gestellt.

(Ende)

Den defogger habe ich nicht runtergeladen, weil mich Trend Internet Security vor dem Aufruf der Seite gewarnt hat - soll die Seite trotzdem zulassen?

Hier die OTL.txt:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 05.08.2012 20:10:10 - Run 1
OTL by OldTimer - Version 3.2.56.0     Folder = C:\Users\Sassi\Desktop
Windows Vista Ultimate Edition Service Pack 1 (Version = 6.0.6001) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.19088)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,00 Gb Total Physical Memory | 2,46 Gb Available Physical Memory | 82,23% Memory free
6,19 Gb Paging File | 5,85 Gb Available in Paging File | 94,43% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 78,15 Gb Free Space | 54,25% Space Free | Partition Type: NTFS
Drive E: | 140,50 Gb Total Space | 41,58 Gb Free Space | 29,59% Space Free | Partition Type: NTFS
Drive H: | 3,73 Gb Total Space | 1,11 Gb Free Space | 29,84% Space Free | Partition Type: FAT32
 
Computer Name: SASSI-LAPPI | User Name: Sassi | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
PRC - [2008.10.29 16:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2008.01.21 12:21:59 | 000,117,248 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE
PRC - [2008.01.10 00:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MSC\mcmscsvc.exe
PRC - [2007.11.02 03:12:38 | 000,265,040 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee\MSC\mcuimgr.exe
PRC - [2007.08.04 06:33:14 | 000,582,992 | ---- | M] (McAfee, Inc.) -- c:\Programme\McAfee.com\Agent\mcagent.exe
PRC - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee\MPF\MpfSrv.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Win32 Services (SafeList) ==========
 
SRV - File not found [Auto | Stopped] -- C:\Program Files\Google\Update\GoogleUpdate.exe /svc -- (gupdate)
SRV - [2012.08.03 23:44:12 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.06.15 12:26:22 | 000,095,232 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2012.06.07 19:12:14 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.16 13:55:24 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.16 13:55:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Stopped] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.04.04 15:53:50 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.01.31 19:58:06 | 000,068,648 | R--- | M] (iS3, Inc.) [Auto | Stopped] -- C:\Programme\Common Files\iS3\Anti-Spyware\SZServer.exe -- (szserver)
SRV - [2011.07.20 04:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv)
SRV - [2011.07.05 09:25:08 | 002,428,968 | ---- | M] (mobile concepts GmbH) [On_Demand | Stopped] -- C:\Programme\CyberGhost VPN\CGVPNCliService.exe -- (CGVPNCliSrvc)
SRV - [2011.06.29 23:59:18 | 000,155,344 | ---- | M] (Avanquest Software) [Disabled | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Companion\PCCService.exe -- (Sony Ericsson PCCompanion)
SRV - [2011.06.11 06:54:55 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.03.18 19:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2009.05.21 05:18:32 | 000,075,048 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe -- (CLHNService)
SRV - [2009.04.30 20:23:26 | 000,090,112 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service)
SRV - [2009.04.08 13:49:30 | 000,344,064 | R--- | M] (AVerMedia) [Auto | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerRemote.exe -- (AVerRemote)
SRV - [2008.12.09 20:01:50 | 000,405,504 | R--- | M] () [Auto | Stopped] -- C:\Programme\Common Files\AVerMedia\Service\AVerScheduleService.exe -- (AVerScheduleService)
SRV - [2008.10.23 17:45:14 | 000,307,200 | ---- | M] (T-Systems Enterprise Services GmbH) [On_Demand | Stopped] -- C:\Programme\DSL-Manager\DslMgrSvc.exe -- (TDslMgrService)
SRV - [2008.03.07 23:05:10 | 000,024,576 | ---- | M] () [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe -- (ETService)
SRV - [2008.03.05 07:38:34 | 000,500,784 | ---- | M] (Egis Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe -- (eDataSecurity Service)
SRV - [2008.02.15 17:09:30 | 000,595,248 | ---- | M] (Validity Sensors, Inc.) [Auto | Stopped] -- C:\Windows\System32\vfsFPService.exe -- (vfsFPService)
SRV - [2008.01.25 09:38:12 | 002,458,128 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\MNA\McNASvc.exe -- (McNASvc)
SRV - [2008.01.21 12:23:48 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 12:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008.01.11 01:03:00 | 000,233,472 | ---- | M] (Acer Incorporated) [Auto | Stopped] -- C:\Programme\Acer\Acer VCM\RS_Service.exe -- (RS_Service)
SRV - [2008.01.10 00:50:22 | 000,767,976 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MSC\mcmscsvc.exe -- (mcmscsvc)
SRV - [2007.12.11 13:15:04 | 000,012,800 | ---- | M] (Agere Systems) [Auto | Stopped] -- C:\Windows\System32\agrsmsvc.exe -- (AgereModemAudio)
SRV - [2007.12.07 00:15:28 | 000,110,592 | ---- | M] () [Auto | Stopped] -- C:\ACER\Mobility Center\MobilityService.exe -- (MobilityService)
SRV - [2007.12.05 18:04:10 | 000,695,624 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcsysmon.exe -- (McSysmon)
SRV - [2007.11.26 18:46:14 | 000,023,880 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\MSK\msksrver.exe -- (MSK80Service)
SRV - [2007.11.07 17:35:40 | 000,378,184 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2007.10.31 02:46:32 | 000,131,072 | ---- | M] (AccSys GmbH) [Disabled | Stopped] -- C:\Programme\Common Files\AccSys\accvssvc.exe -- (accvssvc)
SRV - [2007.10.26 22:28:06 | 001,524,512 | ---- | M] (Cisco Systems, Inc.) [Disabled | Stopped] -- C:\Programme\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2007.10.03 22:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON)
SRV - [2007.08.15 20:36:04 | 000,359,248 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\Programme\Common Files\McAfee\McProxy\McProxy.exe -- (McProxy)
SRV - [2007.07.24 20:02:14 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Programme\McAfee\VirusScan\Mcshield.exe -- (McShield)
SRV - [2007.07.18 23:54:42 | 000,856,864 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Programme\McAfee\MPF\MpfSrv.exe -- (MpfService)
SRV - [2006.10.26 22:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | Auto | Stopped] -- C:\Windows\system32\Drivers\DgiVecp.sys -- (DgiVecp)
DRV - [2012.07.03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.05.16 13:55:26 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.16 13:55:25 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Stopped] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.01.05 09:01:54 | 000,032,768 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV - [2012.01.04 13:06:32 | 000,072,080 | R--- | M] (iS3, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKGFS.sys -- (szkgfs)
DRV - [2011.12.15 14:00:35 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.09.26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\SZKG.sys -- (szkg5)
DRV - [2011.09.26 11:21:00 | 000,061,328 | R--- | M] (iS3 Inc.) [Kernel | Boot | Stopped] -- C:\Windows\System32\drivers\is3srv.sys -- (is3srv)
DRV - [2011.06.11 06:42:41 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.06.17 13:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010.03.06 04:33:03 | 000,306,816 | ---- | M] (AfaTech                  ) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2010.02.25 17:15:21 | 000,005,120 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2010.02.25 16:51:02 | 000,025,216 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tap0901.sys -- (tap0901)
DRV - [2009.12.25 01:19:56 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/12/06 12:36:30] [Kernel | Auto | Stopped] -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl -- ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796})
DRV - [2009.07.01 11:27:02 | 000,436,480 | ---- | M] (AVerMedia TECHNOLOGIES, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AVerFx2hbtv.sys -- (AVerFx2hbtv)
DRV - [2008.09.04 16:12:00 | 000,047,616 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E60x86.sys -- (L1E)
DRV - [2008.06.06 06:59:13 | 000,042,000 | ---- | M] (CACE Technologies) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\npf.sys -- (NPF)
DRV - [2008.04.21 21:52:03 | 000,043,184 | ---- | M] (Alfa Corporation) [File_System | Boot | Running] -- C:\Windows\System32\drivers\AlfaFF.sys -- (AlfaFF)
DRV - [2008.03.13 18:23:06 | 000,080,912 | ---- | M] (JMicron Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\jmcr.sys -- (JMCR)
DRV - [2008.03.08 03:55:00 | 007,480,384 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2008.02.29 17:13:38 | 001,202,560 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2008.02.15 17:09:46 | 000,040,752 | ---- | M] (Validity Sensors, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vfs101x.sys -- (vfs101x)
DRV - [2008.01.21 12:21:34 | 000,031,616 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUSB)
DRV - [2008.01.09 20:28:34 | 000,027,632 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\seehcri.sys -- (seehcri)
DRV - [2007.12.19 01:12:12 | 000,054,784 | ---- | M] (ITE Tech. Inc. ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\itecir.sys -- (itecir)
DRV - [2007.12.02 20:51:42 | 000,040,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfesmfk.sys -- (mfesmfk)
DRV - [2007.11.22 14:44:08 | 000,201,320 | ---- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007.11.22 14:44:08 | 000,079,304 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007.11.22 14:44:08 | 000,035,240 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2007.11.22 14:44:04 | 000,033,832 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\mferkdk.sys -- (mferkdk)
DRV - [2007.10.26 22:27:00 | 000,306,300 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2007.09.26 21:12:22 | 002,251,776 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\NETw4v32.sys -- (NETw4v32)
DRV - [2007.09.12 17:24:00 | 000,026,816 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DslTestSp5.sys -- (dsltestSp5)
DRV - [2007.08.01 14:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf)
DRV - [2007.07.13 17:21:12 | 000,125,728 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\Mpfp.sys -- (MPFP)
DRV - [2007.06.21 21:00:53 | 000,320,384 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6000.sys -- (UDXTTM6000)
DRV - [2007.04.03 21:57:54 | 000,099,080 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116unic.sys -- (s116unic)
DRV - [2007.04.03 21:57:52 | 000,098,696 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116obex.sys -- (s116obex)
DRV - [2007.04.03 21:57:52 | 000,023,176 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116nd5.sys -- (s116nd5)
DRV - [2007.04.03 21:57:50 | 000,100,488 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mgmt.sys -- (s116mgmt)
DRV - [2007.04.03 21:57:48 | 000,108,680 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdm.sys -- (s116mdm)
DRV - [2007.04.03 21:57:48 | 000,015,112 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116mdfl.sys -- (s116mdfl)
DRV - [2007.04.03 21:57:42 | 000,083,336 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\s116bus.sys -- (s116bus)
DRV - [2007.03.01 21:17:44 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2007.01.31 21:45:06 | 000,127,376 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007.01.26 16:32:18 | 000,069,632 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\System32\drivers\int15.sys -- (int15)
DRV - [2007.01.19 00:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
DRV - [2006.11.11 00:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afc.sys -- (Afc)
DRV - [2006.11.02 23:27:34 | 000,020,112 | ---- | M] (Dritek System Inc.) [Kernel | System | Stopped] -- C:\Programme\Launch Manager\DPortIO.sys -- (DritekPortIO)
DRV - [2006.09.18 22:58:54 | 000,097,184 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdm.sys -- (SE27mdm)
DRV - [2006.09.18 22:58:52 | 000,009,360 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27mdfl.sys -- (SE27mdfl)
DRV - [2006.09.18 22:58:48 | 000,061,600 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\SE27bus.sys -- (SE27bus)
DRV - [2006.06.29 12:11:48 | 000,017,408 | ---- | M] (DTV-DVB) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\UDXTTM6000HID.sys -- (UDXTTM6000HID)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://de.intl.acer.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.intl.acer.yahoo.com
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://hotmail.com/ [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\..\SearchScopes,DefaultScope = {64094BE8-3896-4249-B613-56DCC8F62C1B}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src=IE-SearchBox&Form=IE8SRC
IE - HKCU\..\SearchScopes\{64094BE8-3896-4249-B613-56DCC8F62C1B}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-acer
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.3.1
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.12.2.16749
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.5
FF - prefs.js..network.proxy.backup.ftp: "81.223.49.107"
FF - prefs.js..network.proxy.backup.ftp_port: 8080
FF - prefs.js..network.proxy.backup.socks: "81.223.49.107"
FF - prefs.js..network.proxy.backup.socks_port: 8080
FF - prefs.js..network.proxy.backup.ssl: "81.223.49.107"
FF - prefs.js..network.proxy.backup.ssl_port: 8080
FF - prefs.js..network.proxy.ftp: "85.93.2.63"
FF - prefs.js..network.proxy.ftp_port: 8080
FF - prefs.js..network.proxy.http: "85.93.2.63"
FF - prefs.js..network.proxy.http_port: 8080
FF - prefs.js..network.proxy.no_proxies_on: ""
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "85.93.2.63"
FF - prefs.js..network.proxy.socks_port: 8080
FF - prefs.js..network.proxy.ssl: "85.93.2.63"
FF - prefs.js..network.proxy.ssl_port: 8080
FF - user.js - File not found
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\ZoomBrowser EX\Program\NPCIG.dll (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: C:\Program Files\DivX\DivX Player\npDivxPlayerPlugin.dll (DivX, Inc)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Sassi\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Sassi\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Sassi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Sassi\AppData\Local\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.07.24 17:00:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.19 16:45:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.18 15:08:48 | 000,000,000 | ---D | M]
 
[2006.12.28 13:56:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sassi\AppData\Roaming\mozilla\Extensions
[2012.09.12 13:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions
[2010.04.28 03:44:15 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011.09.04 20:53:04 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.09.12 13:29:25 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2012.03.01 14:45:54 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2012.02.29 21:14:44 | 000,000,000 | ---D | M] (FoxyProxy Standard) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\foxyproxy@eric.h.jung
[2010.03.06 05:16:26 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\moveplayer@movenetworks.com
[2006.12.27 00:06:03 | 000,000,000 | ---D | M] (Ask Toolbar) -- C:\Users\Sassi\AppData\Roaming\mozilla\Firefox\Profiles\6kitd8lf.default\extensions\toolbar@ask.com
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2011.10.31 20:14:21 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.02.28 20:56:14 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.07.24 17:00:04 | 000,000,000 | ---D | M] (McAfee SiteAdvisor) -- C:\PROGRAM FILES\MCAFEE\SITEADVISOR
[2012.04.18 13:47:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}
[2012.02.19 16:45:46 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012.04.18 13:46:21 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2006.12.26 23:03:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2006.12.26 23:03:26 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2006.12.26 23:03:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2006.12.26 23:03:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2006.12.26 23:03:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2006.12.26 23:03:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2006.09.19 07:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (McAfee Phishing Filter) - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\Programme\McAfee\MSK\mcapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\McAfee\VirusScan\scriptsn.dll (McAfee, Inc.)
O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (no name) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - No CLSID value found.
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Programme\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.)
O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask)
O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Programme\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated)
O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated)
O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.)
O4 - HKLM..\Run: [eRecoveryService]  File not found
O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\LManager.exe (Dritek System Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NeroCheck] C:\Windows\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.)
O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe ()
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [WarReg_PopUp] C:\Programme\Acer\WR_PopUp\WarReg_PopUp.exe (Acer Incorporated)
O4 - HKLM..\Run: [Xerox PanelMgr] C:\Windows\Xerox\PanelMgr\ssmmgr.exe ()
O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware  (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Sassi\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk = C:\Programme\Microsoft Office\Office12\ONENOTEM.EXE (Microsoft Corporation)
O4 - Startup: C:\Users\Sassi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 2.4.lnk = C:\Programme\OpenOffice.org 2.4\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Sassi\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : &Gears-Einstellungen - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - Reg Error: Key error. File not found
O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Programme\ICQ6.5\ICQ.exe (ICQ, LLC.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} hxxp://static.pe.studivz.net/photouploader/ImageUploader5.cab?nocache=1226678251 (Image Uploader Control)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (System Requirements Lab Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab (Java Plug-in 1.6.0_04)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5A61437B-C150-41CB-A18F-460FB092226E}: DhcpNameServer = 192.168.0.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64689E79-7455-4308-9F40-EEFBBFF93B49}: DhcpNameServer = 10.3.64.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8117.0416.dll (Microsoft Corporation)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FB} - Deskscapes - C:\Programme\Stardock\Object Desktop\DeskScapes\deskscapes.dll (Stardock Corporation)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FD} - Stardock Vista ControlPanel Extension - C:\Programme\Stardock\Object Desktop\DeskScapes\DesktopControlPanel.dll (Stardock)
O22 - SharedTaskScheduler: {EC654325-1273-C2A9-2B7C-45D29BCE68FF} - StardockDreamController - C:\Programme\Stardock\Object Desktop\DeskScapes\DreamControl.dll (Stardock)
O24 - Desktop WallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O24 - Desktop BackupWallPaper: C:\Users\Public\Pictures\Sample Pictures\Dock.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.19 07:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{6be49bb5-30e7-11e1-b18c-00a0d1a6290c}\Shell - "" = AutoRun
O33 - MountPoints2\{6be49bb5-30e7-11e1-b18c-00a0d1a6290c}\Shell\AutoRun\command - "" = J:\Startme.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.08 20:56:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch
[2012.09.12 08:36:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\STOPzilla
[2012.09.12 08:36:13 | 000,000,000 | ---D | C] -- C:\Program Files\STOPzilla!
[2012.09.12 08:36:08 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\iS3
[2012.09.12 08:36:05 | 000,000,000 | ---D | C] -- C:\ProgramData\STOPzilla!
[2012.09.12 07:57:22 | 000,200,976 | ---- | C] (Trend Micro Inc.) -- C:\Windows\System32\drivers\tmcomm.sys
[2012.08.05 20:08:38 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
[2012.08.05 18:30:44 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\Malwarebytes
[2012.08.05 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.08.05 18:28:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.08.05 18:28:10 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.08.05 18:28:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.08.05 17:09:27 | 000,000,000 | ---D | C] -- C:\ProgramData\036DFF610055EE5B2DE11A966C44B0BF
[2012.07.30 17:40:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Phoenix Online
[2012.07.30 17:33:36 | 000,000,000 | ---D | C] -- C:\Program Files\Phoenix Online
[2012.07.27 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\MagicIndie
[2012.07.27 15:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Intenium
[2012.07.27 15:16:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DEUTSCHLAND SPIELT
[2012.07.27 15:14:30 | 000,000,000 | ---D | C] -- C:\Program Files\DEUTSCHLAND SPIELT
[2012.07.27 15:08:39 | 000,000,000 | ---D | C] -- C:\Program Files\OXXOGames
[2012.07.24 16:35:51 | 000,081,920 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssdevm.dll
[2012.07.24 16:35:51 | 000,049,152 | ---- | C] (Samsung Electronics) -- C:\Windows\System32\ssusbpn.dll
[2012.07.24 16:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xerox Phaser 3160
[2012.07.24 16:35:29 | 000,000,000 | ---D | C] -- C:\Windows\Xerox
[2012.07.24 16:31:23 | 000,151,552 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.exe
[2012.07.24 16:31:23 | 000,065,536 | ---- | C] (SS) -- C:\Windows\System32\sxp4mci.dll
[2012.07.24 16:30:45 | 000,000,000 | ---D | C] -- C:\Program Files\Xerox
[2012.07.18 16:10:34 | 000,000,000 | ---D | C] -- C:\7fdb029b1bdae4e1b5dacb11f3b33964
[2012.07.17 07:50:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Yahoo! Companion
[2012.07.17 07:50:46 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\Yahoo!
[2012.07.14 20:42:35 | 000,000,000 | ---D | C] -- C:\Users\Sassi\AppData\Roaming\vlc
[2012.07.14 20:21:56 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2010.06.10 02:36:09 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpeE16D.dll
[1 C:\Users\Sassi\*.tmp files -> C:\Users\Sassi\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.09.12 07:57:02 | 000,000,036 | ---- | M] () -- C:\Users\Sassi\AppData\Local\housecall.guid.cache
[2012.08.05 20:11:57 | 000,636,104 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012.08.05 20:11:57 | 000,602,432 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012.08.05 20:11:57 | 000,129,416 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012.08.05 20:11:57 | 000,106,248 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012.08.05 20:05:38 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.05 20:04:03 | 000,039,326 | ---- | M] () -- C:\Windows\System32\Config.MPF
[2012.08.05 19:43:02 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat
[2012.08.05 19:40:36 | 000,000,418 | -H-- | M] () -- C:\Windows\tasks\User_Feed_Synchronization-{363E0893-6B77-4BE7-84BF-70F432F394DF}.job
[2012.08.05 19:39:44 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml
[2012.08.05 19:39:41 | 000,001,090 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.08.05 19:39:32 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 19:39:30 | 000,003,344 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.05 19:30:58 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Sassi\Desktop\OTL.exe
[2012.08.05 18:35:20 | 000,008,268 | ---- | M] () -- C:\Users\Sassi\AppData\Local\d3d9caps.dat
[2012.08.05 17:44:16 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.05 17:11:01 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1091895334-1960353516-1711741289-1000UA.job
[2012.08.05 16:59:00 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.08.05 11:53:00 | 000,002,299 | ---- | M] () -- C:\Users\Sassi\AppData\Roaming\acervcmtmp.ini
[2012.07.30 20:26:04 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.001
[2012.07.30 20:23:02 | 000,055,117 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2012.07.30 17:40:00 | 000,001,935 | ---- | M] () -- C:\Users\Public\Desktop\The Silver Lining.lnk
[2012.07.28 18:40:32 | 000,028,454 | ---- | M] () -- C:\Users\Sassi\Desktop\hundkatz.jpg
[2012.07.27 15:16:45 | 000,001,834 | ---- | M] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2012.07.27 15:16:40 | 000,001,166 | ---- | M] () -- C:\Users\Public\Desktop\Brink of Consciousness Dorian-Gray-Syndrom.lnk
[2012.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\tasks\McDefragTask.job
[1 C:\Users\Sassi\*.tmp files -> C:\Users\Sassi\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.09.12 07:57:02 | 000,000,036 | ---- | C] () -- C:\Users\Sassi\AppData\Local\housecall.guid.cache
[2012.08.05 17:19:56 | 000,001,712 | ---- | C] () -- C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\U\00000001.@
[2012.07.30 17:40:00 | 000,001,935 | ---- | C] () -- C:\Users\Public\Desktop\The Silver Lining.lnk
[2012.07.28 18:40:26 | 000,028,454 | ---- | C] () -- C:\Users\Sassi\Desktop\hundkatz.jpg
[2012.07.27 15:16:45 | 000,001,834 | ---- | C] () -- C:\Users\Public\Desktop\RTL GAME CENTER.lnk
[2012.07.27 15:16:40 | 000,001,166 | ---- | C] () -- C:\Users\Public\Desktop\Brink of Consciousness Dorian-Gray-Syndrom.lnk
[2012.07.24 16:35:35 | 000,479,232 | ---- | C] () -- C:\Windows\ssndii.exe
[2012.07.24 16:31:32 | 000,026,624 | ---- | C] () -- C:\Windows\System32\sxp4ml3.dll
[2012.07.24 16:31:32 | 000,000,361 | ---- | C] () -- C:\Windows\System32\sxp4ml3.smt
[2012.07.21 14:38:45 | 000,000,633 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\DSL-Manager.lnk
[2012.07.04 18:46:04 | 000,006,178 | ---- | C] () -- C:\Users\Sassi\.recently-used.xbel
[2012.05.13 16:20:55 | 000,075,209 | ---- | C] () -- C:\Users\Sassi\bavarian_beer_cafe.jpg
[2012.02.02 16:46:48 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011.10.05 03:14:52 | 000,026,453 | ---- | C] () -- C:\Users\Sassi\SassiMotorrad.JPG
[2011.02.10 17:03:08 | 000,002,048 | -HS- | C] () -- C:\Users\Sassi\AppData\Local\{a0fe0212-eacb-51fa-04ed-139340fb4fc8}\@
[2010.11.16 05:57:21 | 000,000,047 | RH-- | C] () -- C:\Windows\ghdc.dat
[2009.11.02 22:54:23 | 000,002,299 | ---- | C] () -- C:\Users\Sassi\AppData\Roaming\acervcmtmp.ini
[2008.06.08 23:07:55 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.001
[2008.06.08 20:54:28 | 000,055,117 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2008.06.08 05:33:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2008.06.07 05:04:42 | 000,075,776 | ---- | C] () -- C:\Users\Sassi\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008.06.07 04:18:23 | 000,008,268 | ---- | C] () -- C:\Users\Sassi\AppData\Local\d3d9caps.dat
 
========== LOP Check ==========
 
[2008.04.08 20:50:57 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Acer GameZone Console
[2008.07.14 22:14:56 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Canneverbe_Limited
[2008.08.27 06:04:19 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Canon
[2012.08.05 11:53:07 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Dropbox
[2011.09.04 21:03:01 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\DVDVideoSoft
[2011.09.04 20:53:03 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\DVDVideoSoftIEHelpers
[2008.08.30 19:13:55 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\eSobi
[2012.07.04 00:31:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\gtk-2.0
[2010.04.22 06:26:34 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\ICQ
[2011.04.14 00:38:10 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Leadertech
[2012.07.27 15:21:17 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\MagicIndie
[2011.12.28 10:54:25 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\MyPhoneExplorer
[2012.02.02 16:46:54 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\pdfforge
[2010.12.20 22:18:17 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\PowerCinema
[2010.11.16 06:01:30 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Quantitative Micro Software
[2012.03.07 17:41:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\QuickScan
[2011.05.18 20:13:56 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Scilab
[2010.12.09 04:40:24 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\SoftDMA
[2010.09.30 04:11:35 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Spider Player
[2012.02.24 23:37:50 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\TeamViewer
[2011.10.19 04:51:51 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\UseNeXT
[2008.06.06 01:44:16 | 000,000,000 | ---D | M] -- C:\Users\Sassi\AppData\Roaming\Validity
[2012.07.15 01:00:00 | 000,000,372 | ---- | M] () -- C:\Windows\Tasks\McDefragTask.job
[2012.07.01 01:00:00 | 000,000,348 | ---- | M] () -- C:\Windows\Tasks\McQcTask.job
[2012.08.05 19:43:02 | 000,032,542 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2012.08.05 19:40:36 | 000,000,418 | -H-- | M] () -- C:\Windows\Tasks\User_Feed_Synchronization-{363E0893-6B77-4BE7-84BF-70F432F394DF}.job
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 156 bytes -> C:\ProgramData\Temp:CB0AACC9

< End of report >
--- --- ---

Die Extras- und Gmer-log habe ich angehängt.

Vieeeeelen herzlichen Dank schon mal für eure Hilfe!!!

Xenja
Geändert von Xenja (05.08.2012 um 13:12 Uhr)

 

Themen zu Live Security Premium eingefangen
antivir, avira, converter, cyberghost, desktop, email, firefox, flash player, google, helper, internet explorer, iph.trojan.agent.cpn, launch, live security premium trojaner, msimg32.dll, plug-in, realtek, registry, rogue.livesecurityplatinum, rootkit.0access, rules.ref, security, siteadvisor, software, trojan.lameshield, trojan.zaccess, trojaner, vista


« BKA Trojaner mit Virenscanner entfernt - ist jetzt alles in Ordnung? | SUISA Trojaner auf Windofs XP »


Ähnliche Themen: Live Security Premium eingefangen


  1. Live Security Permium eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 07.10.2012 (2)
  2. Rootkit.0Access + Live security Premium gleichzeitig: ist das system jetzt wieder ok ?
    Log-Analyse und Auswertung - 20.09.2012 (7)
  3. Live Premium Security Scareware
    Plagegeister aller Art und deren Bekämpfung - 10.09.2012 (1)
  4. Live Security Platinium eingefangen
    Plagegeister aller Art und deren Bekämpfung - 09.09.2012 (1)
  5. Live Security Premium - entfernt?
    Log-Analyse und Auswertung - 06.09.2012 (3)
  6. Live Security Premium
    Plagegeister aller Art und deren Bekämpfung - 06.09.2012 (7)
  7. Live Security Platinum Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (28)
  8. Live security platinum eingefangen-wie soll ich vorgehen?
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (30)
  9. Live Security Premium - Absturz im abgesicherten Modus
    Plagegeister aller Art und deren Bekämpfung - 14.08.2012 (12)
  10. live security platinum eingefangen
    Plagegeister aller Art und deren Bekämpfung - 12.08.2012 (4)
  11. Live Security Premium Logfile Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (7)
  12. Live Security Platinum - Virus eingefangen
    Log-Analyse und Auswertung - 01.08.2012 (5)
  13. Live Security eingefangen - Firefox leitet zu Windows Live um - immer noch Viren auf meinem PC?
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (27)
  14. Live Security Platinum-Virus eingefangen
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (6)
  15. Live Security Platinum eingefangen
    Plagegeister aller Art und deren Bekämpfung - 25.07.2012 (1)
  16. Live Security Premium Virus
    Plagegeister aller Art und deren Bekämpfung - 19.07.2012 (3)
  17. Live Security Platinum eingefangen!
    Plagegeister aller Art und deren Bekämpfung - 16.07.2012 (9)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Live Security Premium eingefangen - Hallo, ich habe mir heute anscheinend auch den Live Security Platinum Trojaner eingefangen. Allerdings nicht, wie anscheinend meistens, durch eine Email sondern beim normalen Surfen (ich habe Daten über Indien - Live Security Premium eingefangen...
Archiv
Du betrachtest: Live Security Premium eingefangen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131