| |
| |||||||
Log-Analyse und Auswertung: Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc.Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
11.04.2013, 13:36
| #7 |
 |  Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. Hallo cosinus, hier die Logs: JRT Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 8 x64
Ran by *** on 11.04.2013 at 14:13:18,17
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\windows nt\currentversion\windows\\AppInit_DLLs
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\invalidprefs.js
Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\minidumps [2 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 11.04.2013 at 14:16:55,99
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdWareCleaner Code:
ATTFilter # AdwCleaner v2.200 - Datei am 11/04/2013 um 14:21:45 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 (64 bits)
# Benutzer : *** - ABC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Gelöscht mit Neustart : C:\Users\ANDREA~1\AppData\Local\Temp\OCS
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\naokmbcz.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [984 octets] - [10/04/2013 15:20:23]
AdwCleaner[R2].txt - [1043 octets] - [10/04/2013 15:20:41]
AdwCleaner[R3].txt - [1164 octets] - [10/04/2013 16:49:56]
AdwCleaner[S1].txt - [4288 octets] - [10/04/2013 14:32:30]
AdwCleaner[S2].txt - [1112 octets] - [10/04/2013 15:20:48]
AdwCleaner[S3].txt - [1233 octets] - [10/04/2013 16:50:12]
AdwCleaner[S4].txt - [335 octets] - [10/04/2013 16:52:28]
AdwCleaner[S5].txt - [1221 octets] - [11/04/2013 14:21:45]
########## EOF - C:\AdwCleaner[S5].txt - [1281 octets] ##########
Code:
ATTFilter OTL logfile created on: 11.04.2013 14:27:18 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- An unknown product (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,71 Gb Total Physical Memory | 6,25 Gb Available Physical Memory | 81,02% Memory free 8,90 Gb Paging File | 7,47 Gb Available in Paging File | 83,99% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 118,90 Gb Total Space | 48,20 Gb Free Space | 40,54% Space Free | Partition Type: NTFS Drive E: | 978,72 Mb Total Space | 224,55 Mb Free Space | 22,94% Space Free | Partition Type: FAT Drive F: | 931,28 Gb Total Space | 722,16 Gb Free Space | 77,54% Space Free | Partition Type: FAT32 Drive G: | 3,73 Gb Total Space | 0,13 Gb Free Space | 3,39% Space Free | Partition Type: FAT32 Computer Name: ABC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Update\realsched.exe (RealNetworks, Inc.) PRC - C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () PRC - C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) PRC - C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia) PRC - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.) PRC - C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cf561d65486360afb324d26c80b9aac2\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\65220f0f32ec84454f9a811fba883c2e\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ae31f7dc9817e359d05c9c8efdd5f359\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\7e6b074d3f3e3cc8e0270a3552c47aaa\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28c2c6e7f48ff80c680a97b08df66a72\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\8d2929ad589e1092eb62a43424361465\mscorlib.ni.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\VirtualTreesDXE150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\JSDialogPack150.bpl () MOD - C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () MOD - C:\PROGRAM FILES (X86)\NORTON 360\ENGINE\20.3.0.36\wincfi39.dll () ========== Services (SafeList) ========== SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (RealNetworks Downloader Resolver Service) -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe () SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AddonsHelper) -- C:\Users\***\AppData\Local\Temp\OCS\Downloads\0674e23d6502b36621d489f1b4fbd22a\8a2438a7aa1e858526caff1f4deab159\AddonsHelper.exe () SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia) SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia) SRV - (N360) -- C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\ccSvcHst.exe (Symantec Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\Drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (PSI) -- C:\Windows\SysNative\Drivers\psi_mf_amd64.sys (Secunia) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symnets.sys (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symefa64.sys (Symantec Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtsp64.sys (Symantec Corporation) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\srtspx64.sys (Symantec Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symds64.sys (Symantec Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\Drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ironx64.sys (Symantec Corporation) DRV:64bit: - (ccSet_N360) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (SymELAM) -- C:\Windows\SysNative\Drivers\N360x64\1403000.024\symelam.sys (Symantec Corporation) DRV:64bit: - (RTL8168) -- C:\Windows\SysNative\Drivers\Rt630x64.sys (Realtek ) DRV:64bit: - (ISCT) -- C:\Windows\SysNative\Drivers\ISCTD64.sys () DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\BASHDefs\20130322.001\BHDrvx64.sys (Symantec Corporation) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\VirusDefs\20130410.022\eng64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\Definitions\IPSDefs\20130410.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (usbccgp) -- C:\Windows\SysWOW64\drivers\usbccgp.sys (Microsoft Corporation) DRV - (usbhub) -- C:\Windows\SysWOW64\drivers\usbhub.sys (Microsoft Corporation) DRV - (usbuhci) -- C:\Windows\SysWOW64\drivers\usbuhci.sys (Microsoft Corporation) DRV - (usbohci) -- C:\Windows\SysWOW64\drivers\usbohci.sys (Microsoft Corporation) DRV - (usbehci) -- C:\Windows\SysWOW64\drivers\usbehci.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E7 57 CA 49 DB 0E CE 01 [binary data] IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com.anonymize-me.de/?anonymto=687474703A2F2F7777772E62696E672E636F6D2F7365617263683F713D7B7365617263685465726D737D267372633D49452D536561726368426F7826464F524D3D494531305352&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{08E831E0-63F4-4C5D-A912-63AE5B429055}: "URL" = hxxp://www.otto.de.anonymize-me.de/?to=6F74746F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{696E239D-21FC-4DEF-8735-883C752844CC}: "URL" = hxxp://www.pricerunner.de.anonymize-me.de/?to=707269636572756E6E65722E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{721061fb-eb79-4568-a03c-3ce26d68dae9}: "URL" = hxxp://de.search.yahoo.com/search/?p={searchTerms}&fr=vc_trans_de_8197&type=ds2se&d IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{7B50B11E-A19B-4362-BDC8-2D4ABFD36BBC}: "URL" = hxxp://search.ebay.de.anonymize-me.de/?to=656261792E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{8266E361-AF9E-46E1-99CB-7B881846ACB5}: "URL" = hxxp://de.wikipedia.org.anonymize-me.de/?to=64652E77696B6970656469612E6F7267&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{C4C4172E-71F5-4F42-803A-6F83F3D2B70B}: "URL" = hxxp://www.myvideo.de.anonymize-me.de/?to=6D79766964656F2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\SearchScopes\{D9750635-1F05-462A-95D8-ABB260077148}: "URL" = hxxp://www.amazon.de.anonymize-me.de/?to=616D617A6F6E2E6465&st={searchTerms}&clid=86c17e9c-58e5-4092-9400-7bb6f3e5385e&pid=freewarede&mode=bounce&k=0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.parfumo.de/" FF - prefs.js..extensions.enabledAddons: %7Bc1970c0d-dbe6-4d91-804f-c9c0de643a57%7D:1.3.2.13 FF - prefs.js..extensions.enabledAddons: %7BB17C1C5A-04B1-11DB-9804-B622A1EF5492%7D:1.2.1 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: readable%40evernote.com:7.3346.273.222 FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.9 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.3.0.9%20-%204 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2013.3.4.3 FF - prefs.js..extensions.enabledAddons: %7Ba0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7%7D:20130402 FF - prefs.js..extensions.enabledAddons: %7Bbee6eb20-01e0-ebd1-da83-080329fb9a3a%7D:1.31 FF - prefs.js..extensions.enabledAddons: %7BDAC3F861-B30D-40dd-9166-F4E75327FAC7%7D:1.3.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_169.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.1.18: c:\program files\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.1.18: c:\program files\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\dnshelp@dnshelp.com: C:\Users\***\AppData\Roaming\Helper [2013.02.20 03:38:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPlgn\ [2013.02.22 21:54:05 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\coFFPlgn\ [2013.04.10 16:52:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{DAC3F861-B30D-40dd-9166-F4E75327FAC7}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.04.10 19:24:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\components [2013.04.10 08:38:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\plugins [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.04.10 19:24:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.17 14:09:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.04.10 17:42:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (WOT) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2013.04.10 19:24:22 | 000,000,000 | ---D | M] (Flash and Video Download) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\naokmbcz.default\extensions\{bee6eb20-01e0-ebd1-da83-080329fb9a3a} [2013.03.05 23:38:36 | 001,190,001 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\readable@evernote.com.xpi [2013.02.17 14:20:42 | 000,021,093 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.04.03 07:36:04 | 000,531,916 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2013.02.17 14:20:42 | 000,089,442 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{B17C1C5A-04B1-11DB-9804-B622A1EF5492}.xpi [2013.04.03 07:34:35 | 000,221,336 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}.xpi [2013.02.17 14:20:42 | 000,017,971 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{c1970c0d-dbe6-4d91-804f-c9c0de643a57}.xpi [2013.02.17 14:17:51 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.20 03:38:29 | 000,002,080 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\naokmbcz.default\searchplugins\7c9dbe2c-3ee2-46de-bf3e-380666a439a5.xml [2013.04.10 13:25:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.04.10 16:52:28 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\COFFPLGN [2013.02.22 21:54:05 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_20.1.0.24\IPSFFPLGN [2013.04.10 19:24:23 | 000,000,000 | ---D | M] (RealDownloader) -- C:\PROGRAMDATA\REALNETWORKS\REALDOWNLOADER\BROWSERPLUGINS\FIREFOX\EXT [2013.03.27 04:17:36 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.27 05:32:09 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.27 05:32:09 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.27 05:32:09 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.27 05:32:09 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.27 05:32:09 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.27 05:32:09 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (CmjBrowserHelperObject Object) - {6FE6A929-59D1-4763-91AD-29B61CFFB35B} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O2 - BHO: (DNS Error Helper) - {9B6B03F1-16CF-4491-BBBB-E872802DD717} - C:\ProgramData\DNSErrorHelper\bho.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O3 - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\20.3.0.36\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.) O4 - HKLM..\Run: [TkBellExe] c:\program files\Update\realsched.exe (RealNetworks, Inc.) O4 - HKU\S-1-5-21-1427359656-2598300182-1699052561-1001..\Run: [1&1 EasyLogin] C:\Program Files (x86)\1&1\1&1 EasyLogin\EasyLogin.exe (1&1 Internet AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9 - Extra Button: An Mindjet MindManager senden - {2F72393D-2472-4F82-B600-ED77F354B7FF} - C:\Program Files (x86)\Mindjet\MindManager 8\Mm8InternetExplorer.dll (Mindjet) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A964C56F-DAD2-4CFC-A2AF-13162601EC96}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - AppInit_DLLs: (c:\progra~3\browse~1\261095~1.52\{c16c1~1\browse~1.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.11 14:13:16 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.11 14:13:11 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.11 14:13:01 | 000,551,587 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.11 12:59:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.04.11 12:59:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2013.04.11 12:36:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.11 12:12:06 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.11 11:50:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar-1.01.0.1022 [2013.04.10 22:43:08 | 001,161,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\sppobjs.dll [2013.04.10 22:43:06 | 001,627,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WindowsCodecs.dll [2013.04.10 22:43:05 | 010,116,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.04.10 22:43:05 | 008,857,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.04.10 22:43:04 | 005,978,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.04.10 22:43:04 | 001,048,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mfasfsrcsnk.dll [2013.04.10 22:43:04 | 000,850,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mfasfsrcsnk.dll [2013.04.10 22:43:04 | 000,328,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ubpm.dll [2013.04.10 22:43:03 | 005,091,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.04.10 22:43:03 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.04.10 22:43:03 | 001,149,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winmde.dll [2013.04.10 22:43:03 | 001,101,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wmpmde.dll [2013.04.10 22:43:03 | 000,951,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Globalization.dll [2013.04.10 22:43:03 | 000,893,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\winmde.dll [2013.04.10 22:43:03 | 000,760,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapi.dll [2013.04.10 22:43:03 | 000,645,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Security.Authentication.OnlineId.dll [2013.04.10 22:43:03 | 000,601,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Globalization.dll [2013.04.10 22:43:03 | 000,411,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\FWPKCLNT.SYS [2013.04.10 22:43:03 | 000,389,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\BCP47Langs.dll [2013.04.10 22:43:03 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcfgx.dll [2013.04.10 22:43:03 | 000,332,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.04.10 22:43:03 | 000,327,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\Classpnp.sys [2013.04.10 22:43:03 | 000,309,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\BCP47Langs.dll [2013.04.10 22:43:03 | 000,246,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ubpm.dll [2013.04.10 22:43:03 | 000,180,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll [2013.04.10 22:43:03 | 000,171,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\TimeBrokerServer.dll [2013.04.10 22:43:02 | 002,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.04.10 22:43:02 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.04.10 22:43:02 | 001,619,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wucltux.dll [2013.04.10 22:43:02 | 000,703,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drvstore.dll [2013.04.10 22:43:02 | 000,621,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapi.dll [2013.04.10 22:43:02 | 000,550,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\drvstore.dll [2013.04.10 22:43:02 | 000,504,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Security.Authentication.OnlineId.dll [2013.04.10 22:43:02 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcfgx.dll [2013.04.10 22:43:02 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.04.10 22:43:02 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.04.10 22:43:02 | 000,337,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBXHCI.SYS [2013.04.10 22:43:02 | 000,283,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\spaceport.sys [2013.04.10 22:43:02 | 000,245,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\usbmon.dll [2013.04.10 22:43:02 | 000,194,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\sdbus.sys [2013.04.10 22:43:02 | 000,156,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\powercfg.cpl [2013.04.10 22:43:02 | 000,150,016 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\discan.dll [2013.04.10 22:43:02 | 000,148,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\tpm.sys [2013.04.10 22:43:02 | 000,125,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\dumpsd.sys [2013.04.10 22:43:02 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\NdisImPlatform.dll [2013.04.10 22:43:02 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2013.04.10 22:43:02 | 000,077,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storahci.sys [2013.04.10 22:43:02 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.04.10 22:43:02 | 000,058,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuauclt.exe [2013.04.10 22:43:02 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wups.dll [2013.04.10 22:43:01 | 000,251,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WUSettingsProvider.dll [2013.04.10 22:43:01 | 000,173,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\storewuauth.dll [2013.04.10 22:43:01 | 000,145,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\powercfg.cpl [2013.04.10 22:43:01 | 000,141,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuwebv.dll [2013.04.10 22:43:01 | 000,128,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSyncInfo.dll [2013.04.10 22:43:01 | 000,125,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuwebv.dll [2013.04.10 22:43:01 | 000,100,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSyncInfo.dll [2013.04.10 22:43:01 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wudriver.dll [2013.04.10 22:43:01 | 000,083,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wudriver.dll [2013.04.10 22:43:01 | 000,072,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhostex.exe [2013.04.10 22:43:01 | 000,071,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WSDPrintProxy.DLL [2013.04.10 22:43:01 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DevDispItemProvider.dll [2013.04.10 22:43:01 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wuapp.exe [2013.04.10 22:43:01 | 000,036,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\DevDispItemProvider.dll [2013.04.10 22:43:01 | 000,034,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wuapp.exe [2013.04.10 17:47:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy [2013.04.10 17:47:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2 [2013.04.10 17:47:33 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe [2013.04.10 17:47:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2 [2013.04.10 16:56:41 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.10 16:46:47 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.04.10 13:57:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.04.10 13:56:49 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.04.10 13:56:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 13:56:03 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.04.10 13:43:48 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.10 13:25:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.04.10 13:23:25 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\RealNetworks [2013.04.10 13:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\templates [2013.04.10 13:23:13 | 000,045,184 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Filters [2013.04.10 13:23:01 | 000,390,384 | ---- | C] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared [2013.04.10 13:23:00 | 000,000,000 | ---D | C] -- C:\Program Files\Producer [2013.04.10 13:22:55 | 000,000,000 | ---D | C] -- C:\Program Files\library [2013.04.10 13:01:51 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Secunia PSI [2013.04.10 13:01:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia [2013.04.10 08:34:47 | 003,958,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.04.10 08:34:45 | 000,915,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.04.10 08:34:44 | 000,855,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.04.10 08:34:44 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.04.10 08:34:44 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.04.10 08:34:44 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.04.10 08:34:44 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.04.10 08:34:44 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.04.10 08:34:44 | 000,051,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.04.10 08:34:44 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.04.10 08:34:26 | 006,991,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2013.04.10 08:34:25 | 001,011,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.04.10 08:34:25 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.04.09 16:45:05 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\Samsung_USB_Drivers [2013.04.09 16:45:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Samsung [2013.04.08 10:19:00 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Die Einzelheiten Ihres Einkaufs [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Amazon MP3 [2013.04.06 18:16:21 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Amazon [2013.04.06 18:00:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon [2013.04.06 18:00:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Amazon [2013.04.05 13:33:17 | 000,466,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\capicom.dll [2013.04.05 13:33:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Labtec [2013.04.05 13:33:03 | 001,060,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71.dll [2013.04.05 13:33:03 | 001,047,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71u.dll [2013.04.05 13:33:03 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71DEU.DLL [2013.04.05 13:33:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ITA.DLL [2013.04.05 13:33:03 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ESP.DLL [2013.04.05 13:33:03 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71ENU.DLL [2013.04.05 13:33:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71KOR.DLL [2013.04.05 13:33:03 | 000,049,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71JPN.DLL [2013.04.05 13:33:03 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHT.DLL [2013.04.05 13:33:03 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC71CHS.DLL [2013.04.05 13:33:02 | 000,933,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFC48906.rra [2013.04.05 13:33:02 | 000,089,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\atl71.dll [2013.04.05 13:32:59 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Logitech [2013.04.05 13:32:56 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information [2013.04.05 13:31:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2013.04.04 14:45:46 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Outlook-Dateien [2013.04.04 12:28:46 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\ORPALIS [2013.04.04 12:27:50 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Downloaded Installations [2013.04.02 19:16:31 | 000,000,000 | --SD | C] -- C:\Users\***\Documents\Meine Shapes [2013.04.01 16:24:38 | 000,000,000 | R--D | C] -- C:\Users\***\Documents\Scanned Documents [2013.04.01 16:24:38 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Fax [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Apple Computer [2013.04.01 01:07:52 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple Computer [2013.04.01 01:07:41 | 000,033,240 | ---- | C] (GEAR Software Inc.) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys [2013.04.01 01:07:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2013.04.01 01:07:35 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Apple Software Update [2013.04.01 01:07:23 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Apple [2013.04.01 01:07:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour [2013.04.01 01:07:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Bonjour [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple [2013.04.01 01:07:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Apple [2013.03.31 20:39:49 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Skype [2013.03.31 20:39:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.03.31 20:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.03.31 20:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype [2013.03.31 07:57:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\IrfanView [2013.03.31 07:57:31 | 001,931,472 | ---- | C] (Irfan Skiljan) -- C:\Users\***\Desktop\iview435g_setup.exe [2013.03.31 07:54:53 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView [2013.03.30 08:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.30 08:30:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2013.03.30 08:30:54 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Google [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\searchplugins [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\extensions [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\defaults [2013.03.26 13:03:05 | 000,000,000 | ---D | C] -- C:\Program Files\components [2013.03.17 13:03:35 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Geburtstage etc [2013.03.14 11:03:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2013.03.14 11:02:51 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2013.03.14 11:01:45 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.14 11:01:45 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.14 11:01:23 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.14 11:01:22 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.14 11:01:20 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.14 11:01:20 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.14 11:01:20 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.14 11:01:20 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.14 11:01:20 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.14 11:01:20 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.14 11:01:20 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.14 11:01:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.14 11:01:20 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.14 11:01:20 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.14 11:01:20 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.14 11:01:20 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.14 11:01:20 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.14 11:01:20 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.14 11:01:20 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.14 11:01:20 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.14 11:01:20 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.14 11:01:20 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.14 11:01:20 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.14 11:01:20 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.14 11:01:19 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.14 11:01:19 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.14 11:01:19 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.14 11:01:19 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.14 11:01:19 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.14 11:01:19 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.14 11:01:15 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.14 11:01:15 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.14 11:01:15 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.14 11:01:13 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.14 11:01:13 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.14 11:01:11 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.14 11:01:11 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.02.27 22:19:28 | 000,370,176 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.02.27 22:19:28 | 000,139,264 | ---- | C] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.02.27 22:19:28 | 000,031,232 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.02.27 22:19:28 | 000,016,384 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.02.27 22:19:27 | 002,041,072 | ---- | C] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.02.27 22:19:27 | 001,115,376 | ---- | C] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.02.27 22:19:27 | 000,943,344 | ---- | C] (Gracenote) -- C:\Program Files\cddblink.dll [2013.02.27 22:19:27 | 000,641,536 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.02.27 22:19:27 | 000,073,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.02.27 22:19:27 | 000,056,320 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.02.27 22:19:27 | 000,048,640 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.02.27 22:19:27 | 000,045,568 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.02.27 22:19:27 | 000,044,544 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.02.27 22:19:27 | 000,022,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.02.27 22:19:27 | 000,008,704 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.02.27 22:19:26 | 003,303,936 | ---- | C] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.02.27 22:19:26 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.02.27 22:19:22 | 000,384,088 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.02.27 22:19:22 | 000,355,416 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.02.27 22:19:21 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.02.27 22:19:21 | 000,389,712 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.02.27 22:19:21 | 000,136,784 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.02.27 22:19:21 | 000,115,200 | ---- | C] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.02.27 22:19:21 | 000,069,632 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.02.27 22:19:20 | 000,047,616 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.02.27 22:19:16 | 000,112,248 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.02.27 22:19:16 | 000,087,552 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.02.27 22:19:16 | 000,086,016 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.02.27 22:19:16 | 000,071,280 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.02.27 22:19:16 | 000,030,816 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.02.27 22:19:15 | 000,501,328 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.02.27 22:19:15 | 000,017,528 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.02.27 22:19:15 | 000,009,216 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.02.26 16:38:49 | 017,887,640 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xul.dll [2013.02.26 16:38:49 | 002,954,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\gkmedias.dll [2013.02.26 16:38:49 | 000,812,440 | ---- | C] (sqlite.org) -- C:\Program Files\mozsqlite3.dll [2013.02.26 16:38:49 | 000,770,384 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcr100.dll [2013.02.26 16:38:49 | 000,641,944 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nss3.dll [2013.02.26 16:38:49 | 000,478,104 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libGLESv2.dll [2013.02.26 16:38:49 | 000,421,200 | ---- | C] (Microsoft Corporation) -- C:\Program Files\msvcp100.dll [2013.02.26 16:38:49 | 000,375,192 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssckbi.dll [2013.02.26 16:38:49 | 000,277,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\freebl3.dll [2013.02.26 16:38:49 | 000,272,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\updater.exe [2013.02.26 16:38:49 | 000,193,584 | ---- | C] (Mozilla Corporation) -- C:\Program Files\maintenanceservice_installer.exe [2013.02.26 16:38:49 | 000,172,440 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nspr4.dll [2013.02.26 16:38:49 | 000,170,232 | ---- | C] (Mozilla Corporation) -- C:\Program Files\webapp-uninstaller.exe [2013.02.26 16:38:49 | 000,155,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\ssl3.dll [2013.02.26 16:38:49 | 000,151,960 | ---- | C] (Mozilla Foundation) -- C:\Program Files\softokn3.dll [2013.02.26 16:38:49 | 000,131,480 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozglue.dll [2013.02.26 16:38:49 | 000,115,608 | ---- | C] (Mozilla Foundation) -- C:\Program Files\maintenanceservice.exe [2013.02.26 16:38:49 | 000,104,344 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssutil3.dll [2013.02.26 16:38:49 | 000,096,664 | ---- | C] (Mozilla Foundation) -- C:\Program Files\webapprt-stub.exe [2013.02.26 16:38:49 | 000,092,056 | ---- | C] (Mozilla Foundation) -- C:\Program Files\smime3.dll [2013.02.26 16:38:49 | 000,091,544 | ---- | C] (Mozilla Foundation) -- C:\Program Files\nssdbm3.dll [2013.02.26 16:38:49 | 000,059,288 | ---- | C] (Mozilla Foundation) -- C:\Program Files\libEGL.dll [2013.02.26 16:38:49 | 000,021,912 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plc4.dll [2013.02.26 16:38:49 | 000,021,400 | ---- | C] (Mozilla Foundation) -- C:\Program Files\plds4.dll [2013.02.26 16:38:49 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\xpcom.dll [2013.02.26 16:38:49 | 000,017,304 | ---- | C] (Mozilla Corporation) -- C:\Program Files\plugin-container.exe [2013.02.26 16:38:49 | 000,016,280 | ---- | C] (Mozilla Foundation) -- C:\Program Files\mozalloc.dll [2013.02.26 16:38:48 | 002,106,216 | ---- | C] (Microsoft Corporation) -- C:\Program Files\D3DCompiler_43.dll [2013.02.26 16:38:48 | 001,998,168 | ---- | C] (Microsoft Corporation) -- C:\Program Files\d3dx9_43.dll [2013.02.26 16:38:48 | 000,917,400 | ---- | C] (Mozilla Corporation) -- C:\Program Files\firefox.exe [2013.02.26 16:38:48 | 000,116,120 | ---- | C] (Mozilla Foundation) -- C:\Program Files\crashreporter.exe [2013.02.26 16:38:48 | 000,074,136 | ---- | C] (Mozilla Foundation) -- C:\Program Files\breakpadinjector.dll [2013.02.26 16:38:48 | 000,019,352 | ---- | C] (Mozilla Foundation) -- C:\Program Files\AccessibleMarshal.dll [2013.02.26 16:38:12 | 020,426,896 | ---- | C] (Mozilla) -- C:\Users\***\Firefox Setup 19.0.exe [2013.02.25 21:29:10 | 001,646,288 | ---- | C] (Irfan Skiljan) -- C:\Users\***\iview435_setup.exe [2013.02.22 21:46:38 | 154,147,384 | ---- | C] (Symantec Corporation) -- C:\Users\***\norton_360_setup.exe [2013.02.21 20:34:55 | 001,356,599 | ---- | C] (Wondersoft ) -- C:\Users\***\pdfwriter_setup.exe [2013.02.21 02:51:33 | 006,325,760 | ---- | C] (TreeCardGames.com ) -- C:\Users\***\free_spider_solitaire2010_v21_setup.exe [2013.02.20 03:24:04 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\8gadgetpacksetup-Downloader.exe [2013.02.20 03:20:57 | 000,593,472 | ---- | C] (www.download-sponsor.de) -- C:\Program Files (x86)\vlc-2.0.5-win64-Downloader.exe [2013.02.19 22:58:20 | 006,020,336 | ---- | C] (1&1 Internet AG) -- C:\Program Files (x86)\EasyLogin_setup_DE.exe ========== Files - Modified Within 30 Days ========== [2013.04.11 14:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 14:22:59 | 000,001,150 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.04.11 14:22:30 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.11 14:22:23 | 2327,932,927 | -HS- | M] () -- C:\hiberfil.sys [2013.04.11 14:21:53 | 000,000,432 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2013.04.11 14:19:45 | 000,613,083 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.11 14:13:02 | 000,551,587 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.04.11 13:35:00 | 000,001,154 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.04.11 12:40:35 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.11 12:40:35 | 000,751,892 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.11 12:40:35 | 000,710,046 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.11 12:40:35 | 000,155,620 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.11 12:40:35 | 000,132,416 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.11 12:36:31 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.04.11 12:13:28 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.04.11 11:50:00 | 012,894,739 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.11 09:50:36 | 000,000,333 | ---- | M] () -- C:\Windows\BRCALIB.INI [2013.04.10 19:58:48 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.10 19:40:59 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2013.04.10 17:47:36 | 000,002,177 | ---- | M] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:56:41 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.04.10 16:46:48 | 000,000,782 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 13:57:48 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:35 | 000,421,080 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:25:16 | 000,001,075 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.04.10 13:23:15 | 000,370,176 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjdlg.dll [2013.04.10 13:23:15 | 000,139,264 | ---- | M] (Inner Media, Inc.) -- C:\Program Files\dunzip32.dll [2013.04.10 13:23:15 | 000,031,232 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjprog.dll [2013.04.10 13:23:15 | 000,016,384 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\wmdmhelper.dll [2013.04.10 13:23:14 | 002,041,072 | ---- | M] (Gracenote, Inc.) -- C:\Program Files\cddbcontrol.dll [2013.04.10 13:23:14 | 001,115,376 | ---- | M] (Gracenote) -- C:\Program Files\cddbmusicid.dll [2013.04.10 13:23:14 | 000,943,344 | ---- | M] (Gracenote) -- C:\Program Files\cddblink.dll [2013.04.10 13:23:14 | 000,641,536 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjbres.dll [2013.04.10 13:23:14 | 000,119,808 | ---- | M] () -- C:\Program Files\waiting.avi [2013.04.10 13:23:14 | 000,073,216 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tsasdk.dll [2013.04.10 13:23:14 | 000,056,320 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpwa3260.dll [2013.04.10 13:23:14 | 000,048,640 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tpasdk.dll [2013.04.10 13:23:14 | 000,045,568 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\ierjplug.dll [2013.04.10 13:23:14 | 000,044,544 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\mmcdda32.dll [2013.04.10 13:23:14 | 000,027,278 | ---- | M] () -- C:\Program Files\frw.bmp [2013.04.10 13:23:14 | 000,022,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\tnetdtct.dll [2013.04.10 13:23:14 | 000,008,704 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\fixrjb.exe [2013.04.10 13:23:14 | 000,002,851 | ---- | M] () -- C:\Program Files\cdroms.cfg [2013.04.10 13:23:13 | 003,303,936 | ---- | M] (MediaArea.net) -- C:\Program Files\mediainfo.dll [2013.04.10 13:23:13 | 000,389,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realcleaner.exe [2013.04.10 13:23:13 | 000,067,473 | ---- | M] () -- C:\Program Files\realplay.chm [2013.04.10 13:23:13 | 000,057,762 | ---- | M] () -- C:\Program Files\howto.chm [2013.04.10 13:23:13 | 000,045,184 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpshellsearch.dll [2013.04.10 13:23:13 | 000,016,296 | ---- | M] () -- C:\Program Files\realtfon.fon [2013.04.10 13:23:13 | 000,000,751 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:23:02 | 000,476,724 | ---- | M] () -- C:\Program Files\converter.vs [2013.04.10 13:23:02 | 000,384,088 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realconverter.exe [2013.04.10 13:23:02 | 000,355,416 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\convert.exe [2013.04.10 13:23:01 | 000,390,384 | ---- | M] (MainConcept GmbH) -- C:\Program Files\mc_enc_h263.dll [2013.04.10 13:23:00 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Program Files\dbghelp.dll [2013.04.10 13:23:00 | 000,389,712 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realtrimmer.exe [2013.04.10 13:23:00 | 000,136,784 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realshare.exe [2013.04.10 13:23:00 | 000,115,200 | ---- | M] (RealPlayer) -- C:\Program Files\rpshellextension.dll [2013.04.10 13:23:00 | 000,069,632 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rjwmapln.dll [2013.04.10 13:23:00 | 000,045,428 | ---- | M] () -- C:\Program Files\sharemedia.vs [2013.04.10 13:23:00 | 000,001,209 | ---- | M] () -- C:\Program Files\flvplay.swf [2013.04.10 13:22:59 | 000,047,616 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpau3260.dll [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\RealNetworks License.html [2013.04.10 13:22:59 | 000,033,157 | ---- | M] () -- C:\Program Files\playrlic.html [2013.04.10 13:22:58 | 001,109,362 | ---- | M] () -- C:\Program Files\normal.vs [2013.04.10 13:22:58 | 000,201,872 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\rmoc3260.dll [2013.04.10 13:22:58 | 000,061,495 | ---- | M] () -- C:\Program Files\ssimages.vs [2013.04.10 13:22:58 | 000,000,480 | ---- | M] () -- C:\Program Files\keys.dat [2013.04.10 13:22:55 | 000,112,248 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rdsf3260.dll [2013.04.10 13:22:55 | 000,087,552 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\hxaudiodevicehook.dll [2013.04.10 13:22:55 | 000,086,016 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpplugprot.dll [2013.04.10 13:22:55 | 000,071,280 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rpshell.dll [2013.04.10 13:22:55 | 000,030,816 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rndevicedbbuilder.exe [2013.04.10 13:22:55 | 000,001,161 | ---- | M] () -- C:\Program Files\autoplaylist.dat [2013.04.10 13:22:55 | 000,000,043 | ---- | M] () -- C:\Program Files\strs23.dat [2013.04.10 13:22:55 | 000,000,013 | ---- | M] () -- C:\Program Files\strs26.dat [2013.04.10 13:22:54 | 000,017,528 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\rphelperapp.exe [2013.04.10 13:22:54 | 000,009,216 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realjbox.exe [2013.04.10 13:22:54 | 000,006,656 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5016.dll [2013.04.10 13:22:54 | 000,005,632 | ---- | M] (RealNetworks, Inc.) -- C:\Windows\SysWow64\pndx5032.dll [2013.04.10 13:22:53 | 000,501,328 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\realplay.exe [2013.04.10 13:22:53 | 000,427,405 | ---- | M] () -- C:\Program Files\calibrate.rv [2013.04.10 13:22:53 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll [2013.04.10 13:22:53 | 000,017,846 | ---- | M] () -- C:\Program Files\videotest.rm [2013.04.10 13:22:53 | 000,000,221 | ---- | M] () -- C:\Program Files\subscription.rnx [2013.04.10 13:22:53 | 000,000,177 | ---- | M] () -- C:\Program Files\freeoffers.rnx [2013.04.10 13:01:46 | 000,001,110 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.04 14:50:32 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.04.03 00:08:01 | 000,692,576 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.04.03 00:08:01 | 000,078,176 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.04.01 01:07:52 | 000,001,783 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | M] () -- C:\Users\***\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | M] () -- C:\Users\***\Desktop\IrfanView.lnk [2013.03.31 07:57:34 | 001,931,472 | ---- | M] (Irfan Skiljan) -- C:\Users\***\Desktop\iview435g_setup.exe [2013.03.24 13:08:35 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf ========== Files Created - No Company Name ========== [2013.04.11 14:19:44 | 000,613,083 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.04.11 11:49:49 | 012,894,739 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.01.0.1022.zip [2013.04.10 22:43:01 | 000,387,867 | ---- | C] () -- C:\Windows\SysNative\ApnDatabase.xml [2013.04.10 19:58:48 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.04.10 19:40:59 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2013.04.10 17:47:36 | 000,002,189 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk [2013.04.10 17:47:36 | 000,002,177 | ---- | C] () -- C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk [2013.04.10 16:46:48 | 000,000,782 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.04.10 14:35:11 | 000,000,432 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2013.04.10 13:56:49 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.04.10 13:45:32 | 000,421,080 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.04.10 13:23:13 | 000,000,751 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk [2013.04.10 13:01:46 | 000,001,110 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2013.04.10 13:01:46 | 000,001,073 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk [2013.04.01 01:07:52 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.04.01 01:07:23 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.03.31 20:39:41 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.03.31 07:57:57 | 000,001,894 | ---- | C] () -- C:\Users\***\Desktop\IrfanView Thumbnails.lnk [2013.03.31 07:57:57 | 000,001,006 | ---- | C] () -- C:\Users\***\Desktop\IrfanView.lnk [2013.03.30 08:30:59 | 000,001,154 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.03.30 08:30:58 | 000,001,150 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.24 13:08:35 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdMtpDr_01_11_00.Wdf [2013.03.02 11:23:26 | 000,054,769 | ---- | C] () -- C:\Program Files\blocklist.xml [2013.02.27 22:19:27 | 000,119,808 | ---- | C] () -- C:\Program Files\waiting.avi [2013.02.27 22:19:27 | 000,027,278 | ---- | C] () -- C:\Program Files\frw.bmp [2013.02.27 22:19:27 | 000,016,296 | ---- | C] () -- C:\Program Files\realtfon.fon [2013.02.27 22:19:27 | 000,002,851 | ---- | C] () -- C:\Program Files\cdroms.cfg [2013.02.27 22:19:26 | 000,067,473 | ---- | C] () -- C:\Program Files\realplay.chm [2013.02.27 22:19:26 | 000,057,762 | ---- | C] () -- C:\Program Files\howto.chm [2013.02.27 22:19:22 | 000,476,724 | ---- | C] () -- C:\Program Files\converter.vs [2013.02.27 22:19:21 | 000,045,428 | ---- | C] () -- C:\Program Files\sharemedia.vs [2013.02.27 22:19:21 | 000,001,209 | ---- | C] () -- C:\Program Files\flvplay.swf [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\RealNetworks License.html [2013.02.27 22:19:20 | 000,033,157 | ---- | C] () -- C:\Program Files\playrlic.html [2013.02.27 22:19:19 | 001,109,362 | ---- | C] () -- C:\Program Files\normal.vs [2013.02.27 22:19:19 | 000,061,495 | ---- | C] () -- C:\Program Files\ssimages.vs [2013.02.27 22:19:19 | 000,000,480 | ---- | C] () -- C:\Program Files\keys.dat [2013.02.27 22:19:16 | 000,001,161 | ---- | C] () -- C:\Program Files\autoplaylist.dat [2013.02.27 22:19:16 | 000,000,043 | ---- | C] () -- C:\Program Files\strs23.dat [2013.02.27 22:19:16 | 000,000,013 | ---- | C] () -- C:\Program Files\strs26.dat [2013.02.27 22:19:15 | 000,427,405 | ---- | C] () -- C:\Program Files\calibrate.rv [2013.02.27 22:19:15 | 000,017,846 | ---- | C] () -- C:\Program Files\videotest.rm [2013.02.27 22:19:15 | 000,000,221 | ---- | C] () -- C:\Program Files\subscription.rnx [2013.02.27 22:19:15 | 000,000,177 | ---- | C] () -- C:\Program Files\freeoffers.rnx [2013.02.26 16:38:49 | 009,643,305 | ---- | C] () -- C:\Program Files\omni.ja [2013.02.26 16:38:49 | 003,069,848 | ---- | C] () -- C:\Program Files\mozjs.dll [2013.02.26 16:38:49 | 000,036,107 | ---- | C] () -- C:\Program Files\removed-files [2013.02.26 16:38:49 | 000,001,723 | ---- | C] () -- C:\Program Files\precomplete [2013.02.26 16:38:49 | 000,001,245 | ---- | C] () -- C:\Program Files\updater.ini [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\softokn3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\nssdbm3.chk [2013.02.26 16:38:49 | 000,000,899 | ---- | C] () -- C:\Program Files\freebl3.chk [2013.02.26 16:38:49 | 000,000,142 | ---- | C] () -- C:\Program Files\platform.ini [2013.02.26 16:38:49 | 000,000,132 | ---- | C] () -- C:\Program Files\update-settings.ini [2013.02.26 16:38:48 | 000,004,284 | ---- | C] () -- C:\Program Files\crashreporter.ini [2013.02.26 16:38:48 | 000,000,706 | ---- | C] () -- C:\Program Files\crashreporter-override.ini [2013.02.26 16:38:48 | 000,000,463 | ---- | C] () -- C:\Program Files\application.ini [2013.02.26 16:38:48 | 000,000,183 | ---- | C] () -- C:\Program Files\dependentlibs.list [2013.02.21 14:33:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.02.20 03:21:52 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll [2013.02.20 03:04:46 | 009,539,515 | ---- | C] () -- C:\Program Files (x86)\Minianwendungen-fuer-Windows-8-DE-x64.zip [2013.02.20 00:22:51 | 097,375,792 | ---- | C] () -- C:\Program Files (x86)\MM82-G-319.exe [2013.02.19 22:04:17 | 000,000,333 | ---- | C] () -- C:\Windows\BRCALIB.INI [2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin [2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin [2012.10.31 06:22:12 | 000,045,056 | ---- | C] () -- C:\Windows\SysWow64\BRTCPCON.DLL [2012.10.31 06:22:12 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\BRLMW03A.INI [2012.07.29 03:20:07 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [2013.02.20 00:34:46 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.03.02 04:45:01 | 019,748,864 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.03.02 10:23:07 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > VG, ansuno Geändert von ansuno (11.04.2013 um 13:44 Uhr) |
| Themen zu Backdoor-Trojaner Bublik.B, Worm Gamarue.I: PUM.UserWLoad entfernen etc. |
| backdoor trojaner bublik.b, defender, error, gamarue.i, harddisk, logfile, neu aufsetzen, pum.userwload, realplayer, registry, safer networking, security, software, symantec, system volume information, temp, trojan:win32/bublik.b, win32/adware.1clickdownload, win32/adware.toolplugin.a, win32k.sys, windows, winlogon, worm:win32/gamarue.i |
Baum-Darstellung