EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

Maucat · 13.08.2012, 16:12

Guten Tag,

Nachdem ich heute einen Antivir-Scan durchgeführt habe, wurden folgende Viren/unerwünschten Programme gefunden. Hierzu die Reportdatei des Avira-Scans:

Avira AntiVir Personal
Erstellungsdatum der Reportdatei: Montag, 13. August 2012 13:32

Es wird nach 4096284 Virenstämmen gesucht.

Das Programm läuft als uneingeschränkte Vollversion.
Online-Dienste stehen zur Verfügung.

Lizenznehmer : Avira AntiVir Personal - Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 x64
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Normal gebootet
Benutzername : SYSTEM
Computername : ERIKS-PC

Versionsinformationen:
BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00
AVSCAN.EXE : 10.3.0.7 484008 Bytes 08.07.2011 12:07:34
AVSCAN.DLL : 10.0.5.0 57192 Bytes 08.07.2011 12:07:34
LUKE.DLL : 10.3.0.5 45416 Bytes 08.07.2011 12:07:34
LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:47
AVSCPLR.DLL : 10.3.0.7 119656 Bytes 08.07.2011 12:07:34
AVREG.DLL : 10.3.0.9 88833 Bytes 15.07.2011 07:46:22
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 08:05:36
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 13:36:27
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 16:43:02
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 12:08:45
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 13:54:26
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 13:02:50
VBASE006.VDF : 7.11.34.117 2048 Bytes 29.06.2012 13:02:50
VBASE007.VDF : 7.11.34.118 2048 Bytes 29.06.2012 13:02:50
VBASE008.VDF : 7.11.34.119 2048 Bytes 29.06.2012 13:02:50
VBASE009.VDF : 7.11.34.120 2048 Bytes 29.06.2012 13:02:50
VBASE010.VDF : 7.11.34.121 2048 Bytes 29.06.2012 13:02:51
VBASE011.VDF : 7.11.34.122 2048 Bytes 29.06.2012 13:02:51
VBASE012.VDF : 7.11.34.123 2048 Bytes 29.06.2012 13:02:51
VBASE013.VDF : 7.11.34.124 2048 Bytes 29.06.2012 13:02:51
VBASE014.VDF : 7.11.38.18 2554880 Bytes 30.07.2012 11:35:45
VBASE015.VDF : 7.11.38.70 556032 Bytes 31.07.2012 11:35:46
VBASE016.VDF : 7.11.38.143 171008 Bytes 02.08.2012 11:35:46
VBASE017.VDF : 7.11.38.221 178176 Bytes 06.08.2012 09:46:48
VBASE018.VDF : 7.11.39.37 168448 Bytes 08.08.2012 09:46:48
VBASE019.VDF : 7.11.39.89 131072 Bytes 09.08.2012 09:47:31
VBASE020.VDF : 7.11.39.145 142336 Bytes 11.08.2012 20:03:54
VBASE021.VDF : 7.11.39.146 2048 Bytes 11.08.2012 20:03:54
VBASE022.VDF : 7.11.39.147 2048 Bytes 11.08.2012 20:03:54
VBASE023.VDF : 7.11.39.148 2048 Bytes 11.08.2012 20:03:54
VBASE024.VDF : 7.11.39.149 2048 Bytes 11.08.2012 20:03:54
VBASE025.VDF : 7.11.39.150 2048 Bytes 11.08.2012 20:03:54
VBASE026.VDF : 7.11.39.151 2048 Bytes 11.08.2012 20:03:54
VBASE027.VDF : 7.11.39.152 2048 Bytes 11.08.2012 20:03:54
VBASE028.VDF : 7.11.39.153 2048 Bytes 11.08.2012 20:03:55
VBASE029.VDF : 7.11.39.154 2048 Bytes 11.08.2012 20:03:55
VBASE030.VDF : 7.11.39.155 2048 Bytes 11.08.2012 20:03:55
VBASE031.VDF : 7.11.39.170 45568 Bytes 12.08.2012 20:03:55
Engineversion : 8.2.10.132
AEVDF.DLL : 8.1.2.10 102772 Bytes 13.07.2012 12:57:33
AESCRIPT.DLL : 8.1.4.42 459129 Bytes 10.08.2012 09:47:42
AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:53:44
AESBX.DLL : 8.2.5.12 606578 Bytes 15.06.2012 15:45:24
AERDL.DLL : 8.1.9.15 639348 Bytes 09.09.2011 13:28:34
AEPACK.DLL : 8.3.0.24 811381 Bytes 09.08.2012 09:46:50
AEOFFICE.DLL : 8.1.2.42 201083 Bytes 20.07.2012 10:59:58
AEHEUR.DLL : 8.1.4.86 5165429 Bytes 10.08.2012 09:47:41
AEHELP.DLL : 8.1.23.2 258422 Bytes 29.06.2012 13:02:58
AEGEN.DLL : 8.1.5.34 434548 Bytes 20.07.2012 10:59:01
AEEXP.DLL : 8.1.0.74 86387 Bytes 05.08.2012 11:35:51
AEEMU.DLL : 8.1.3.2 393587 Bytes 13.07.2012 12:55:04
AECORE.DLL : 8.1.27.4 201078 Bytes 09.08.2012 09:46:49
AEBB.DLL : 8.1.1.0 53618 Bytes 04.03.2011 13:36:00
AVWINLL.DLL : 10.0.0.0 19304 Bytes 04.03.2011 13:36:13
AVPREF.DLL : 10.0.3.2 44904 Bytes 08.07.2011 12:07:34
AVREP.DLL : 10.0.0.10 174120 Bytes 20.05.2011 16:19:48
AVARKT.DLL : 10.0.26.1 255336 Bytes 08.07.2011 12:07:34
AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 08.07.2011 12:07:34
SQLITE3.DLL : 3.6.19.0 355688 Bytes 17.06.2010 13:27:02
AVSMTP.DLL : 10.0.0.17 63848 Bytes 04.03.2011 13:36:12
NETNT.DLL : 10.0.0.0 11624 Bytes 17.06.2010 13:27:01
RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 08.07.2011 12:07:33
RCTEXT.DLL : 10.0.64.0 98664 Bytes 08.07.2011 12:07:33

Konfiguration für den aktuellen Suchlauf:
Job Name..............................: Vollständige Systemprüfung
Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\sysscan.avp
Protokollierung.......................: standard
Primäre Aktion........................: löschen
Sekundäre Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:,
Durchsuche aktive Programme...........: ein
Laufende Programme erweitert..........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: ein
Integritätsprüfung von Systemdateien..: aus
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschränken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert

Beginn des Suchlaufs: Montag, 13. August 2012 13:32

Der Suchlauf nach versteckten Objekten wird begonnen.
Fehler in der ARK Library

Der Suchlauf über gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '85' Modul(e) wurden durchsucht
Durchsuche Prozess 'avscan.exe' - '39' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '61' Modul(e) wurden durchsucht
Durchsuche Prozess 'FlashPlayerPlugin_11_3_300_270.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '72' Modul(e) wurden durchsucht
Durchsuche Prozess 'plugin-container.exe' - '64' Modul(e) wurden durchsucht
Durchsuche Prozess 'firefox.exe' - '135' Modul(e) wurden durchsucht
Durchsuche Prozess 'SteamService.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastUI.exe' - '87' Modul(e) wurden durchsucht
Durchsuche Prozess 'hamachi-2-ui.exe' - '44' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '75' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCU.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'Skype.exe' - '155' Modul(e) wurden durchsucht
Durchsuche Prozess 'TeaTimer.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'steam.exe' - '134' Modul(e) wurden durchsucht
Durchsuche Prozess 'MT.exe' - '46' Modul(e) wurden durchsucht
Durchsuche Prozess 'SDWinSec.exe' - '54' Modul(e) wurden durchsucht
Durchsuche Prozess 'nvSCPAPISvr.exe' - '33' Modul(e) wurden durchsucht
Durchsuche Prozess 'ESSVR.EXE' - '28' Modul(e) wurden durchsucht
Durchsuche Prozess 'BCUService.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'avguard.exe' - '66' Modul(e) wurden durchsucht
Durchsuche Prozess 'sched.exe' - '48' Modul(e) wurden durchsucht
Durchsuche Prozess 'AvastSvc.exe' - '107' Modul(e) wurden durchsucht

Der Suchlauf über die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf über die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!

Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '191' Dateien ).

Der Suchlauf über die ausgewählten Dateien wird begonnen:

Beginne mit der Suche in 'C:\'
C:\Program Files (x86)\Steam\SteamApps\common\terraria\dotNetFx40_Full_x86_x64.exe
[WARNUNG] Die Datei konnte nicht gelesen werden!
C:\Users\Erik\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57\27a74139-2772f224
[0] Archivtyp: ZIP
--> Field.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/CVE-2010-0840.HG
--> Inc.class
[FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
--> P.class
[FUND] Ist das Trojanische Pferd TR/Agent.464.4
HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Policies\System\EnableLUA
[HINWEIS] Eine Sicherungskopie wurde unter dem Namen 56bf7725.qua erstellt ( QUARANTÄNE )
[HINWEIS] Die Datei wurde gelöscht.

Ende des Suchlaufs: Montag, 13. August 2012 15:17
Benötigte Zeit: 1:44:18 Stunde(n)

29160 Verzeichnisse wurden überprüft
644539 Dateien wurden geprüft
3 Viren bzw. unerwünschte Programme wurden gefunden
0 Dateien wurden als verdächtig eingestuft
1 Dateien wurden gelöscht
0 Viren bzw. unerwünschte Programme wurden repariert
1 Dateien wurden in die Quarantäne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
644536 Dateien ohne Befall
5154 Archive wurden durchsucht
1 Warnungen
1 Hinweise
63 Objekte wurden beim Rootkitscan durchsucht
0 Versteckte Objekte wurden gefunden

Nachdem alle Löschversuche (Ja, mir ist bewusst, das ich die Dateien wohl hätte aufbewahren sollen

) fehlgeschlagen sind, also die Dateien beim nächsten Scan erneut aufgetaucht sind, habe ich mich entschlossen, mich auf der Seite Trojaner-Board anzumelden. Ich bin ziemlich verzweifelt.

Bevor ich die OTLs poste, bleibt zu sagen, das der Defogger keinen Alarm geschlagen hat. Es lief alles glatt. Ich hoffe das hilft

Aber genug geredet, hier die OTLs...
OTL:OTL Logfile:

Code:

ATTFilter

OTL logfile created on: 13.08.2012 16:03:19 - Run 1
OTL by OldTimer - Version 3.2.57.0     Folder = C:\Users\Erik\Desktop\Trojaner Board Programme\OTL
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
4,00 Gb Total Physical Memory | 1,62 Gb Available Physical Memory | 40,46% Memory free
7,99 Gb Paging File | 5,39 Gb Available in Paging File | 67,41% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 521,16 Gb Free Space | 55,95% Space Free | Partition Type: NTFS
Drive D: | 319,44 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
 
Computer Name: ERIKS-PC | User Name: Erik | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.08.13 16:01:59 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Erik\Desktop\Trojaner Board Programme\OTL\OTL.exe
PRC - [2012.08.04 08:31:39 | 001,353,080 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Steam\steam.exe
PRC - [2012.08.03 20:39:20 | 001,536,712 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_270.exe
PRC - [2012.08.01 18:59:27 | 000,529,232 | ---- | M] (Valve Corporation) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe
PRC - [2012.07.03 18:21:30 | 004,273,976 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe
PRC - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe
PRC - [2012.06.27 12:29:26 | 001,996,200 | ---- | M] (LogMeIn Inc.) -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe
PRC - [2012.05.28 20:02:45 | 000,924,600 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe
PRC - [2012.05.03 14:07:06 | 000,073,360 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe
PRC - [2011.07.08 14:07:34 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.05.17 11:14:00 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2011.03.04 15:36:11 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2010.06.01 14:30:00 | 001,412,096 | ---- | M] (Mirko Böer Softwareentwicklungen) -- C:\Program Files (x86)\MT\MT.exe
PRC - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe
PRC - [2009.10.15 15:06:42 | 000,375,000 | ---- | M] (DeviceVM, Inc.) -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe
PRC - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2009.03.05 17:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.03 20:39:19 | 009,465,032 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll
MOD - [2012.08.01 18:59:27 | 020,316,496 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\libcef.dll
MOD - [2012.08.01 18:59:25 | 001,099,576 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avcodec-53.dll
MOD - [2012.08.01 18:59:25 | 000,900,944 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\chromehtml.DLL
MOD - [2012.08.01 18:59:25 | 000,190,776 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avformat-53.dll
MOD - [2012.08.01 18:59:25 | 000,123,192 | ---- | M] () -- C:\Program Files (x86)\Steam\bin\avutil-51.dll
MOD - [2012.05.28 20:02:45 | 001,952,696 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.30 20:08:52 | 000,225,280 | ---- | M] () -- C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll
MOD - [2012.04.30 20:06:40 | 000,221,184 | ---- | M] () -- C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\components\MozillaDownload.dll
MOD - [2009.06.27 11:11:12 | 000,503,202 | ---- | M] () -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\sqlite3.dll
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 17:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2012.08.03 20:39:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.08.01 18:59:27 | 000,529,232 | ---- | M] (Valve Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service)
SRV - [2012.07.03 18:21:29 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2012.06.27 12:29:24 | 002,369,960 | ---- | M] (LogMeIn Inc.) [Auto | Running] -- C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2.exe -- (Hamachi2Svc)
SRV - [2012.06.05 15:17:44 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.05.29 13:09:52 | 002,143,072 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.05.28 20:02:45 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.03 14:10:02 | 002,446,872 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\Program Files (x86)\CheckPoint\ZoneAlarm\vsmon.exe -- (vsmon)
SRV - [2012.04.30 21:08:10 | 000,827,520 | ---- | M] (Check Point Software Technologies) [Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWSVC.exe -- (IswSvc)
SRV - [2011.07.08 14:07:34 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.05.17 11:14:00 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.10.15 15:06:46 | 000,223,464 | ---- | M] (DeviceVM, Inc.) [Auto | Running] -- C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)
SRV - [2009.08.24 15:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.07.03 18:21:52 | 000,958,400 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx)
DRV:64bit: - [2012.07.03 18:21:52 | 000,355,856 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP)
DRV:64bit: - [2012.07.03 18:21:52 | 000,071,064 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012.07.03 18:21:52 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi)
DRV:64bit: - [2012.07.03 18:21:52 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr)
DRV:64bit: - [2012.07.03 18:21:51 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.09 18:59:32 | 000,485,680 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.01.09 18:59:30 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2012.01.09 18:59:30 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.07.08 14:07:34 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2011.07.08 14:07:34 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2011.05.29 12:15:43 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt)
DRV:64bit: - [2011.05.29 12:15:43 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt)
DRV:64bit: - [2011.05.07 17:51:32 | 000,454,232 | ---- | M] (Check Point Software Technologies LTD) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vsdatant.sys -- (Vsdatant)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.07.01 14:21:50 | 000,038,992 | ---- | M] (Screaming Bee LLC) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ScreamingBAudio64.sys -- (ScreamBAudioSvc)
DRV:64bit: - [2010.06.22 00:07:36 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2010.04.27 12:56:38 | 000,021,544 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.03.22 11:57:20 | 000,347,680 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.11.10 12:02:50 | 000,222,016 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emDevice64.sys -- (DCamUSBEMPIA)
DRV:64bit: - [2009.11.10 12:02:50 | 000,012,608 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emFilter64.sys -- (FiltUSBEMPIA)
DRV:64bit: - [2009.11.10 12:02:50 | 000,012,352 | ---- | M] (eMPIA Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\emscan64.sys -- (ScanUSBEMPIA)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.03.18 17:35:42 | 000,033,856 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\hamachi.sys -- (hamachi)
DRV - [2012.08.13 12:09:38 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.05.08 15:21:42 | 000,011,856 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.30 21:08:32 | 000,033,672 | ---- | M] (Check Point Software Technologies) [Kernel | Auto | Running] -- C:\Programme\CheckPoint\ZAForceField\ISWKL.sys -- (ISWKL)
DRV - [2011.07.08 14:03:47 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2010.11.01 06:08:46 | 000,014,544 | ---- | M] (OpenLibSys.org) [File_System | On_Demand | Stopped] -- C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys -- (WinRing0_1_2_0)
DRV - [2010.03.12 06:40:48 | 000,052,280 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\Gigabyte\ET6\amd64\AODDriver.sys -- (AODDriver)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://home.sweetim.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = D9 1D EE 00 A7 E5 CB 01  [binary data]
IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found
IE - HKCU\..\URLSearchHook: {BC86E1AB-EDA5-4059-938F-CE307B0C6F0A} - C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\AddressBarSearch.dll (DeviceVM, Inc.)
IE - HKCU\..\URLSearchHook: {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/web/{searchTerms}?babsrc=SP_ss&affID=100489&mntrId=ced7fee70000000000001c6f658e4086
IE - HKCU\..\SearchScopes\{30124DD9-5A24-4339-9F86-A000334362DA}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A4067623346&ie=UTF-8&q={searchTerms}&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A4067623346
IE - HKCU\..\SearchScopes\{3B5B4004-0D78-4D67-91F2-4F634FB2A481}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=100000027&src=crm&q={searchTerms}&locale=de_DE&apn_ptnrs=U3&apn_dtid=OSJ000&apn_uid=22B486B4-F770-48D0-91B2-D2304750A3D4&apn_sauid=5E91A9B0-9082-490D-8F8B-392E3A7528BC
IE - HKCU\..\SearchScopes\{658DEA32-757A-4643-B59B-04818BBA5BD6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR2&pc=SPLH
IE - HKCU\..\SearchScopes\{722F6DEE-F6D0-4d04-BC00-6EE73340A241}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=STDVM
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = hxxp://dts.search-results.com/sr?src=ieb&appid=102&systemid=406&q={searchTerms}
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "DVDVideoSoftTB Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2269050&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu"
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.19
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.9.0.9216
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.2.145
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:2.0.3
FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.10
FF - prefs.js..extensions.enabledItems: ffxtlbr@zonealarm.com:1.5.0
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&q="
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaultenginename: "Search Results"
FF - prefs.js..sweetim.toolbar.previous.browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2613550&SearchSource=3&q={searchTerms}"
FF - prefs.js..sweetim.toolbar.previous.browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "hxxp://www.searchqu.com/406"
FF - prefs.js..sweetim.toolbar.previous.keyword.URL: "hxxp://dts.search-results.com/sr?src=ffb&appid=102&systemid=406&q="
 
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Erik\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
 
64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\TRUSTCHECKER [2012.05.23 09:51:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker [2012.05.12 16:49:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.08.02 17:40:49 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.13 00:50:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.28 20:02:46 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.28 20:02:46 | 000,000,000 | ---D | M]
 
[2012.03.03 17:13:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions
[2011.10.01 09:30:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Extensions\prism@developer.mozilla.org
[2012.08.08 17:53:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions
[2012.04.21 10:58:06 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}
[2012.08.07 15:41:33 | 000,000,000 | ---D | M] (zonealarm.com) -- C:\Users\Erik\AppData\Roaming\mozilla\Firefox\Profiles\3iop93dz.default\extensions\ffxtlbr@zonealarm.com
[2012.04.19 09:17:32 | 000,000,931 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\conduit.xml
[2011.07.01 23:26:20 | 000,002,501 | ---- | M] () -- C:\Users\Erik\AppData\Roaming\Mozilla\Firefox\Profiles\3iop93dz.default\searchplugins\SearchResults.xml
[2012.05.28 20:02:49 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.04.03 19:54:07 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2012.08.13 00:50:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012.05.12 16:49:23 | 000,000,000 | ---D | M] (ZoneAlarm Security Engine) -- C:\PROGRAM FILES\CHECKPOINT\ZAFORCEFIELD\WOW64\TRUSTCHECKER
[2012.07.31 22:01:39 | 000,010,449 | ---- | M] () (No name found) -- C:\USERS\ERIK\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\3IOP93DZ.DEFAULT\EXTENSIONS\YOUTUBEUNBLOCKER@UNBLOCKER.YT.XPI
[2012.05.28 20:02:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.05.28 20:02:43 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2011.09.30 16:02:54 | 000,002,288 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012.05.28 20:02:43 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.05.28 20:02:43 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.05.28 20:02:43 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2011.07.01 23:26:20 | 000,002,501 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\SearchResults.xml
[2012.05.28 20:02:43 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.05.28 20:02:43 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.08.13 11:20:09 | 000,444,061 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	www.123fporn.info
O1 - Hosts: 15250 more lines...
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Zonealarm Helper Object) - {2A841F7A-A014-4DA5-B6D9-8B913DFB7A8C} - C:\Program Files (x86)\Check Point Software Technologies LTD\zonealarm\1.5.23.8\bh\zonealarm.dll (Montera Technologeis LTD)
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (ZoneAlarm Security Engine Registrar) - {8A4A36C2-0535-4D2C-BD3D-496CB7EED6E3} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - !{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3:64bit: - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{438FAE3E-BDEF-44D3-AB8B-0C7C8350DF59} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{98889811-442D-49dd-99D7-DC866BE87DBC} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{DB4E9724-F518-4dfd-9C7C-78B52103CAB9} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - !{EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (no name) - {99079a25-328f-4bd4-be04-00955acaa0a7} - No CLSID value found.
O3 - HKLM\..\Toolbar: (ZoneAlarm-Sicherheit Toolbar) - {fc2b76fc-2132-4d80-a9a3-1f5c6e49066b} - C:\Program Files (x86)\ZoneAlarm-Sicherheit\tbZone.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O3 - HKCU\..\Toolbar\WebBrowser: (ZoneAlarm Security Engine) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - C:\Programme\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\TrustCheckerIEPlugin.dll (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [ISW] C:\Program Files\CheckPoint\ZAForceField\ForceField.exe (Check Point Software Technologies)
O4:64bit: - HKLM..\Run: [itype] c:\Program Files\Microsoft IntelliType Pro\itype.exe (Microsoft Corporation)
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BCU] C:\Program Files (x86)\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)
O4 - HKLM..\Run: [LogMeIn Hamachi Ui] C:\Program Files (x86)\LogMeIn Hamachi\hamachi-2-ui.exe (LogMeIn Inc.)
O4 - HKLM..\Run: [ZoneAlarm] C:\Program Files (x86)\CheckPoint\ZoneAlarm\zatray.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [Meine Traffic] C:\PROGRA~2\MT\MT.EXE (Mirko Böer Softwareentwicklungen)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [Steam] C:\Program Files (x86)\Steam\steam.exe (Valve Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F92C7CF2-74E0-4972-B0AA-721176BCBC3E}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{65ffda03-5192-11e0-8de1-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{65ffda03-5192-11e0-8de1-806e6f6e6963}\Shell\AutoRun\command - "" = D:\SETUP.EXE
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.08.13 15:58:59 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\#ISW.FS#
[2012.08.13 15:58:16 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Trojaner Board Programme
[2012.08.13 10:37:22 | 000,034,656 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe
[2012.08.13 10:37:18 | 000,025,952 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll
[2012.08.13 10:37:17 | 000,021,344 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll
[2012.08.13 10:37:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012
[2012.08.13 10:36:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2012
[2012.08.13 10:35:13 | 000,000,000 | -HSD | C] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2012.08.13 10:35:13 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2012.08.13 00:51:11 | 000,355,856 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSP.sys
[2012.08.13 00:51:11 | 000,025,232 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswFsBlk.sys
[2012.08.13 00:51:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus
[2012.08.13 00:51:04 | 000,059,728 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswTdi.sys
[2012.08.13 00:51:04 | 000,054,072 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswRdr2.sys
[2012.08.13 00:51:03 | 000,958,400 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswSnx.sys
[2012.08.13 00:51:01 | 000,285,328 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2012.08.13 00:51:01 | 000,071,064 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\drivers\aswMonFlt.sys
[2012.08.13 00:50:37 | 000,227,648 | ---- | C] (AVAST Software) -- C:\Windows\SysWow64\aswBoot.exe
[2012.08.13 00:50:37 | 000,041,224 | ---- | C] (AVAST Software) -- C:\Windows\avastSS.scr
[2012.08.13 00:50:27 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2012.08.13 00:50:27 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012.08.06 13:44:53 | 000,222,016 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emDevice64.sys
[2012.08.06 13:44:53 | 000,012,608 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emFilter64.sys
[2012.08.06 13:44:53 | 000,012,352 | ---- | C] (eMPIA Technology, Inc.) -- C:\Windows\SysNative\drivers\emscan64.sys
[2012.08.06 13:44:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\TerraTec
[2012.08.06 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\MAGIX Downloads
[2012.08.06 13:42:33 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\MAGIX
[2012.08.06 13:42:24 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\MAGIX
[2012.08.06 13:42:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX
[2012.08.06 13:41:41 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX
[2012.08.06 13:41:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX
[2012.08.06 13:41:21 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MSXML 4.0
[2012.08.06 13:18:04 | 000,000,000 | ---D | C] -- C:\Kopierte VHS
[2012.08.06 13:07:24 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Grabster
[2012.08.04 13:23:31 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Shiner
[2012.08.03 00:10:59 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\dvdcss
[2012.08.02 18:30:52 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Cubase
[2012.08.02 18:28:18 | 001,177,600 | ---- | C] (AD) -- C:\Windows\SysWow64\SYNSOEMU.DLL
[2012.08.02 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\VST3
[2012.08.02 18:26:17 | 000,000,000 | ---D | C] -- C:\ProgramData\VST3 Presets
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg HALionOne
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Steinberg
[2012.08.02 18:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Steinberg
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steinberg Cubase 5
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\Steinberg
[2012.08.02 18:23:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Steinberg
[2012.08.02 18:17:04 | 000,000,000 | ---D | C] -- C:\ProgramData\PopCap Games
[2012.08.02 17:51:27 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\FFOutput
[2012.08.02 17:51:10 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\FormatFactory
[2012.08.02 17:48:13 | 000,000,000 | ---D | C] -- C:\Users\Erik\AppData\Roaming\vlc
[2012.08.02 17:47:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VideoLAN
[2012.07.21 10:08:16 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Achron
[2012.07.21 10:08:13 | 000,466,456 | ---- | C] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.07.21 10:08:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\OpenAL
[2012.07.21 10:08:12 | 000,444,952 | ---- | C] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[2012.07.21 03:24:30 | 000,000,000 | ---D | C] -- C:\Users\Erik\Documents\Rockstar Games
[2012.07.21 03:23:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Rockstar Games
[2012.07.21 03:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Rockstar Games
[2012.07.20 13:41:28 | 000,000,000 | ---D | C] -- C:\Users\Erik\Desktop\Windows-Crack
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.08.13 16:00:41 | 000,000,000 | ---- | M] () -- C:\Users\Erik\defogger_reenable
[2012.08.13 15:39:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012.08.13 12:22:05 | 000,012,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 12:22:05 | 000,012,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.08.13 12:09:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.08.13 12:09:21 | 3219,300,352 | -HS- | M] () -- C:\hiberfil.sys
[2012.08.13 11:20:09 | 000,444,061 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.08.13 11:18:17 | 000,001,288 | ---- | M] () -- C:\Users\Erik\Desktop\Spybot - Search & Destroy.lnk
[2012.08.13 10:37:07 | 000,002,209 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.13 10:37:07 | 000,002,189 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.08.13 09:28:47 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2012.08.13 00:51:11 | 000,001,922 | ---- | M] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.13 00:47:16 | 089,340,632 | ---- | M] () -- C:\Users\Erik\Desktop\avast_free_antivirus_setup.exe
[2012.08.06 22:14:50 | 003,342,421 | ---- | M] () -- C:\Users\Erik\Desktop\Do what you want cause a pirate is free you are a pirate.mp3
[2012.08.06 18:42:15 | 000,375,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.08.03 00:16:03 | 001,642,740 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.08.03 00:16:03 | 000,707,446 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.08.03 00:16:03 | 000,661,064 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.08.03 00:16:03 | 000,153,038 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.08.03 00:16:03 | 000,125,254 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.08.02 17:48:06 | 000,001,066 | ---- | M] () -- C:\Users\Erik\Desktop\VLC media player.lnk
[2012.07.21 10:08:13 | 000,466,456 | ---- | M] (Creative Labs) -- C:\Windows\SysNative\wrap_oal.dll
[2012.07.21 10:08:12 | 000,444,952 | ---- | M] (Creative Labs) -- C:\Windows\SysWow64\wrap_oal.dll
[3 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.08.13 16:00:41 | 000,000,000 | ---- | C] () -- C:\Users\Erik\defogger_reenable
[2012.08.13 10:37:07 | 000,002,209 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk
[2012.08.13 10:37:07 | 000,002,189 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities 2012.lnk
[2012.08.13 10:37:06 | 000,002,201 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2012.lnk
[2012.08.13 00:51:11 | 000,001,922 | ---- | C] () -- C:\Users\Public\Desktop\avast! Free Antivirus.lnk
[2012.08.13 00:51:01 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2012.08.13 00:45:27 | 089,340,632 | ---- | C] () -- C:\Users\Erik\Desktop\avast_free_antivirus_setup.exe
[2012.08.06 22:14:40 | 003,342,421 | ---- | C] () -- C:\Users\Erik\Desktop\Do what you want cause a pirate is free you are a pirate.mp3
[2012.08.02 17:48:06 | 000,001,066 | ---- | C] () -- C:\Users\Erik\Desktop\VLC media player.lnk
[2012.07.14 22:17:51 | 000,040,448 | ---- | C] () -- C:\Users\Erik\Desktop\SDL_image.dll
[2012.06.23 14:39:01 | 000,000,092 | ---- | C] () -- C:\Users\Erik\AppData\Local\fusioncache.dat
[2012.04.01 14:06:10 | 000,000,218 | ---- | C] () -- C:\Users\Erik\AppData\Local\recently-used.xbel
[2012.02.26 12:47:49 | 000,075,482 | ---- | C] () -- C:\Users\Erik\AppData\Roaming\icarus-dxdiag.xml
[2011.08.19 21:31:37 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe
[2011.04.18 10:36:57 | 000,681,980 | ---- | C] () -- C:\Windows\unins000.exe
[2011.04.18 10:36:57 | 000,051,251 | ---- | C] () -- C:\Windows\unins000.dat
[2011.04.08 13:45:13 | 001,669,102 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.18 23:06:22 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2011.03.18 22:17:28 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.03.18 22:05:56 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2011.03.18 21:48:10 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== LOP Check ==========
 
[2012.08.13 15:59:22 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\#ISW.FS#
[2012.03.31 14:13:24 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\.minecraft
[2012.05.12 16:49:26 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\CheckPoint
[2012.04.22 22:59:29 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Deckadance19
[2012.04.21 10:58:30 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoft
[2012.04.21 10:58:06 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.06.01 17:11:49 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\go
[2011.09.17 22:05:42 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Hi-Rez Studios
[2011.12.21 22:22:48 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\LolClient
[2012.05.24 16:43:19 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\LolClient2
[2012.08.06 13:42:35 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\MAGIX
[2012.03.03 16:04:44 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Meine Traffic
[2011.10.31 00:13:43 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Mount&Blade Warband
[2011.05.21 18:18:13 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Mount&Blade With Fire and Sword
[2012.03.09 19:32:29 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Origin
[2011.10.01 09:30:46 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Prism
[2011.03.19 00:26:54 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\PunkBuster
[2012.02.03 17:29:52 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\RenPy
[2011.04.24 00:06:02 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Screaming Bee
[2012.04.22 23:08:56 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\SongManager
[2012.08.02 18:29:36 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Steinberg
[2012.01.27 00:23:32 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TeamViewer
[2011.10.09 08:53:28 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\The Creative Assembly
[2012.08.13 10:36:50 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\TuneUp Software
[2011.12.09 22:32:36 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Ubisoft
[2011.07.16 23:33:33 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\Unity
[2011.05.29 12:16:20 | 000,000,000 | ---D | M] -- C:\Users\Erik\AppData\Roaming\WorldShift
[2012.08.13 09:25:07 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 

< End of report >

--- --- ---

Der "Extras"-Report befindet sich im Anhang.
Ich hoffe das reicht derzeitig an Informationen. Dies ist mein erster Beitrag/Thread, also sind Verbesserungsvorschläge gern gesehen. Es existieren von meiner Seite noch 2 Fragen: 1. Sind die Viren tatsächlich stark bedrohlich?

2. Ist es legitim, das ich gleich mein vollständiges Virenproblem (3 Stück an der Zahl) gepostet habe? Ich kann mir vorstellen, dass das schnell überfordert :/ Aber dann hat man wenigstens alle auf einmal weg und kann beruhigt schlafen ^^"

Ich freue mich das ich meinen Weg in dieses Forum gefunden habe

Auf eine gute Zusammenarbeit!

Erwartungsvoll,
Maucat

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

Plagegeister aller Art und deren Bekämpfung: EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen

Ähnliche Themen: EXP/CVE-2010-0840.HG(Exploit), EXP/JAVA.Ternub.Gen(Exploit) und TR/Agent.464.4(Trojaner) - nicht totzukriegen