Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.

Antwort
Alt 23.05.2013, 10:14   #1
simiange
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Hallo zusammen,

vor ein paar Tagen hat Avira bei mir folgende Schädlinge gefunden:
EXP/CVE-2013-2423.J
TR/Spy.ZBot.Intt.12

Der Rechner läuft und es gibt keine für mich ersichtlichen Probleme, außer dass der Rechner seit einiger Zeit langsamer hochfährt und Firefox seit etwa einer Woche nicht mehr funktioniert. Jetzt bin ich mit dem Internet Explorer im Internet.

Jetzt findet Avira keine Schädlinge mehr, aber ich traue dem Ganzen irgendwie nicht.

Zu meinem Laptop:
Sony Vaio VPCEA2S1E
Windows 7 Home Premium
Prozessor Intel (R) Core(TM) i3 CPU M 350
64 Bit-Betriebssystem



Hier ist die OTL.txt:
Code:
ATTFilter
OTL logfile created on: 23.05.2013 09:51:09 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Butcher\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16576)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,86 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 50,27% Memory free
7,71 Gb Paging File | 5,31 Gb Available in Paging File | 68,78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 454,73 Gb Total Space | 387,39 Gb Free Space | 85,19% Space Free | Partition Type: NTFS
Drive O: | 10,00 Gb Total Space | 10,00 Gb Free Space | 100,00% Space Free | Partition Type: FAT
 
Computer Name: BUTCHER-VAIO | User Name: Butcher | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.05.23 09:49:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butcher\Desktop\OTL.exe
PRC - [2013.05.15 11:39:09 | 000,295,512 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
PRC - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2013.04.16 03:09:04 | 000,233,048 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe
PRC - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2013.03.03 01:27:21 | 000,239,616 | ---- | M] (Mandiant) -- C:\Users\Butcher\AppData\Roaming\Udifyv\cavu.exe
PRC - [2012.08.13 11:08:08 | 010,376,704 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe
PRC - [2012.08.13 11:08:08 | 010,368,512 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin
PRC - [2012.08.13 11:08:08 | 000,103,936 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\swriter.exe
PRC - [2012.08.08 21:30:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.15 14:50:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.15 14:50:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2011.11.21 12:55:52 | 000,989,264 | ---- | M] (1&1 Internet AG) -- C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE
PRC - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe
PRC - [2011.01.29 06:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe
PRC - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
PRC - [2010.05.21 11:40:18 | 000,026,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\Marketing Tools\MarketingTools.exe
PRC - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
PRC - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.12.01 22:03:52 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe
PRC - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009.11.21 00:25:22 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
PRC - [2009.10.24 03:18:52 | 000,597,792 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\PMB\PMBVolumeWatcher.exe
PRC - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
PRC - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
PRC - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
PRC - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
PRC - [2009.10.15 16:34:34 | 000,099,624 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
PRC - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
PRC - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
PRC - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
PRC - [2009.09.04 22:35:14 | 000,013,600 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe
PRC - [2009.08.26 19:24:00 | 000,320,880 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\ISB Utility\ISBMgr.exe
PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe
PRC - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.05.16 03:08:56 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\30e3a21202000677d0a9270572251477\System.Windows.Forms.ni.dll
MOD - [2013.05.16 03:08:34 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\716959df79685a1eae0fc14275a32b0f\WindowsBase.ni.dll
MOD - [2013.05.16 03:08:25 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\764f15e86c82662e977bd418bd6318c1\System.Configuration.ni.dll
MOD - [2013.02.15 20:26:29 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\7ff638de44686eab4afaa8b3c8a9cfca\System.ServiceProcess.ni.dll
MOD - [2013.01.10 20:08:20 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\90b89f6e8032310e9ac72a309fd49e83\System.Runtime.Remoting.ni.dll
MOD - [2013.01.10 20:07:36 | 001,592,832 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\eead6629e384a5b69f9ae35284b7eeed\System.Drawing.ni.dll
MOD - [2013.01.10 20:07:12 | 005,453,312 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\f687c43e9fdec031988b33ae722c4613\System.Xml.ni.dll
MOD - [2013.01.10 20:07:06 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\369f8bdca364e2b4936d18dea582912c\System.ni.dll
MOD - [2013.01.10 20:07:00 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\7150b9136fad5b79e88f6c7f9d3d2c39\mscorlib.ni.dll
MOD - [2012.08.10 16:51:32 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll
MOD - [2012.08.10 16:50:56 | 000,170,496 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxslt.dll
MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2011.01.29 06:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector)
SRV:64bit: - [2010.10.08 08:55:08 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility)
SRV - [2013.05.22 14:52:26 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.04.16 03:07:06 | 000,039,056 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2013.02.28 18:45:16 | 000,161,384 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.26 10:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent)
SRV - [2012.05.15 14:50:59 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.15 14:50:58 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2011.02.14 14:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService)
SRV - [2010.08.11 08:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService)
SRV - [2010.05.28 11:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.03.18 12:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)
SRV - [2010.02.19 19:19:28 | 000,115,568 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper)
SRV - [2010.02.19 19:19:24 | 000,529,776 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr)
SRV - [2009.12.14 22:06:24 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2009.12.14 22:06:08 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2009.11.30 19:51:18 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management)
SRV - [2009.11.21 00:25:24 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009.10.24 03:18:54 | 000,360,224 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider)
SRV - [2009.10.15 16:34:36 | 000,427,304 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms)
SRV - [2009.10.15 16:34:36 | 000,091,432 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr)
SRV - [2009.10.15 16:34:36 | 000,075,048 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs)
SRV - [2009.10.15 16:34:34 | 000,120,104 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp)
SRV - [2009.10.15 16:34:34 | 000,070,952 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr)
SRV - [2009.09.14 19:24:08 | 000,206,336 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe -- (VzCdbSvc)
SRV - [2009.09.14 19:24:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Entertainment Platform\VzHardwareResourceManager\VzHardwareResourceManager\VzHardwareResourceManager.exe -- (VAIO Entertainment TV Device Arbitration Service)
SRV - [2009.09.14 18:53:48 | 000,642,416 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw)
SRV - [2009.09.04 22:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins)
SRV - [2009.09.01 21:42:00 | 000,361,840 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr)
SRV - [2009.08.31 01:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10)
SRV - [2009.08.31 01:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.09.18 10:59:10 | 000,104,960 | ---- | M] (ArcSoft, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.05.15 14:50:59 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.05.15 14:50:59 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.02.15 12:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011.11.21 12:52:50 | 000,199,752 | ---- | M] (1&1 Internet AG) [File_System | System | Running] -- C:\Windows\SysNative\drivers\ui11rdr.SYS -- (ui11rdr)
DRV:64bit: - [2011.10.11 15:00:01 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 11:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 006,661,120 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag)
DRV:64bit: - [2010.10.08 08:55:08 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap)
DRV:64bit: - [2009.12.16 22:03:59 | 000,244,736 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2009.12.16 22:03:04 | 007,778,176 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.16 06:04:17 | 000,293,936 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2009.12.16 04:49:48 | 000,213,280 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\RtHDMIVX.sys -- (RTHDMIAzAudService)
DRV:64bit: - [2009.12.14 22:06:07 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64)
DRV:64bit: - [2009.11.21 00:09:48 | 000,537,112 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.18 06:30:44 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid)
DRV:64bit: - [2009.11.18 06:30:32 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt)
DRV:64bit: - [2009.11.18 06:30:32 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio)
DRV:64bit: - [2009.11.18 06:30:21 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt)
DRV:64bit: - [2009.11.18 06:23:46 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap)
DRV:64bit: - [2009.11.13 22:08:21 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2009.11.12 22:16:19 | 000,395,264 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\yk62x64.sys -- (yukonw7)
DRV:64bit: - [2009.11.12 22:06:44 | 001,542,656 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.11.06 22:27:30 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci)
DRV:64bit: - [2009.09.15 22:09:08 | 000,075,776 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe)
DRV:64bit: - [2009.08.19 22:09:21 | 000,011,392 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter)
DRV:64bit: - [2009.05.20 12:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64)
DRV:64bit: - [2008.11.11 13:42:00 | 000,033,792 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64modem.sys -- (USBModem)
DRV:64bit: - [2008.11.11 13:42:00 | 000,017,920 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lgx64bus.sys -- (usbbus)
DRV:64bit: - [2007.05.14 17:06:18 | 000,027,520 | ---- | M] (Research In Motion Limited) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RimUsb_AMD64.sys -- (RimUsb)
DRV - [2009.07.29 02:55:42 | 000,011,576 | ---- | M] (Samsung Electronics) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\SSPORT.SYS -- (SSPORT)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/
IE - HKCU\..\SearchScopes,DefaultScope = {F308A562-30BE-4C2B-B0B0-10BEFD7A0300}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{5A14CC8B-4642-47CF-AA63-C4EAF5B74895}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}
IE - HKCU\..\SearchScopes\{919724FC-A48D-4B04-8F11-83A0CD7A7D00}: "URL" = hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550
IE - HKCU\..\SearchScopes\{E9BCF170-691C-429A-84B2-6A888FE9322F}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363
IE - HKCU\..\SearchScopes\{F308A562-30BE-4C2B-B0B0-10BEFD7A0300}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_202.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_202.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.21.2: C:\Windows\SysWOW64\npdeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.21.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.2: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.2.32: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.6: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FCE04E1F-9378-4f39-96F6-5689A9159E45}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2013.05.15 11:39:41 | 000,000,000 | ---D | M]
 
[2013.05.16 12:14:21 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.04.18 23:50:23 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.04.18 23:50:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2013.04.18 23:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
[2013.04.18 23:50:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013.05.15 11:39:16 | 000,124,504 | ---- | M] (RealPlayer) -- C:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
 
========== Chrome  ==========
 
CHR - homepage: hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=SVEC
 
O1 HOSTS File: ([2010.09.23 23:18:46 | 000,419,497 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 127.0.0.1	1-2005-search.com
O1 - Hosts: 127.0.0.1	123fporn.info
O1 - Hosts: 14473 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (no name) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - No CLSID value found.
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found.
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation)
O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation)
O4 - HKLM..\Run: [NortonOnlineBackupReminder] C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe (Symantec Corporation)
O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation)
O4 - HKLM..\Run: [SHTtray.exe] C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe (Sony Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKCU..\Run: [1&1_1&1 Upload-Manager] C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE (1&1 Internet AG)
O4 - HKCU..\Run: [Gyewl] C:\Users\Butcher\AppData\Roaming\Udifyv\cavu.exe (Mandiant)
O4 - HKCU..\Run: [ICQ] "C:\Program Files (x86)\ICQ7.2\ICQ.exe" silent loginmode=4 File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Users\Butcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~2\SPYBOT~1\SDHelper.dll (Safer Networking Limited)
O9 - Extra Button: Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O9 - Extra 'Tools' menuitem : Add to Evernote - {E0B8C461-F8FB-49b4-8373-FE32E92528A6} - C:\Program Files (x86)\Evernote\Evernote3.5\enbar.dll (Evernote Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Local intranet)
O15 - HKCU\..Trusted Domains: samsungsetup.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Ranges: Range37 ([*] in Local intranet)
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 10.21.2)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} Reg Error: Value error. (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0017-0000-0021-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_21-windows-i586.cab (Java Plug-in 1.7.0_21)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1EFB8A60-ADE3-4852-AA62-C8616E1EABDA}: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{927587AB-1894-493E-8E72-6063314BF69A}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{2e1c16af-8edf-11e2-8416-f07bcbef40ab}\Shell - "" = AutoRun
O33 - MountPoints2\{2e1c16af-8edf-11e2-8416-f07bcbef40ab}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O33 - MountPoints2\{6a99b01e-8e12-11e2-a015-5442495f0b65}\Shell - "" = AutoRun
O33 - MountPoints2\{6a99b01e-8e12-11e2-a015-5442495f0b65}\Shell\AutoRun\command - "" = G:\HTC_Sync_Manager_PC.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.05.23 09:49:30 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Butcher\Desktop\OTL.exe
[2013.05.23 09:27:02 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\sun
[2013.05.22 15:09:53 | 000,000,000 | --SD | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
[2013.05.22 14:57:24 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2
[2013.05.22 14:46:12 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Local\Secunia PSI
[2013.05.22 14:46:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.05.22 13:12:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.05.22 13:12:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\CCleaner
[2013.05.16 11:29:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2013.05.15 11:40:08 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Roaming\RealNetworks
[2013.05.15 11:39:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RealNetworks
[2013.05.15 11:39:39 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2013.05.15 11:39:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\xing shared
[2013.05.15 11:39:11 | 000,272,896 | ---- | C] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.05.15 11:39:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2013.05.15 11:19:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Adobe
[2013.05.14 01:35:44 | 000,000,000 | ---D | C] -- C:\Users\Butcher\Documents\Downloads
[2013.05.14 01:32:24 | 000,000,000 | ---D | C] -- C:\Windows\Sun
[2013.05.14 01:32:24 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Local\Sun
[2013.05.14 01:15:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.05.14 01:07:59 | 000,000,000 | ---D | C] -- C:\Users\Butcher\Desktop\Alte Firefox-Daten
[2013.05.14 00:49:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup
[2013.05.14 00:49:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MozBackup
[2013.05.13 21:17:02 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Roaming\Ugywor
[2013.05.13 21:17:02 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Roaming\Udifyv
[2013.05.13 21:17:02 | 000,000,000 | ---D | C] -- C:\Users\Butcher\AppData\Roaming\Gute
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.05.23 09:49:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Butcher\Desktop\OTL.exe
[2013.05.23 09:48:40 | 000,000,000 | ---- | M] () -- C:\Users\Butcher\defogger_reenable
[2013.05.23 09:47:04 | 000,050,477 | ---- | M] () -- C:\Users\Butcher\Desktop\Defogger.exe
[2013.05.23 09:46:04 | 000,012,856 | ---- | M] () -- C:\Users\Butcher\Desktop\Trojanerboard.odt
[2013.05.23 09:43:44 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 09:43:44 | 000,013,664 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.23 09:26:28 | 000,001,239 | ---- | M] () -- C:\Users\Butcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.23 09:26:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.23 09:21:52 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.23 09:21:51 | 000,322,808 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.23 09:21:28 | 3106,480,128 | -HS- | M] () -- C:\hiberfil.sys
[2013.05.22 14:51:49 | 000,001,070 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.22 14:05:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.22 14:05:57 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.20 21:37:18 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.20 21:37:18 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.20 21:37:18 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.20 21:37:18 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.20 21:37:18 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.16 12:21:54 | 004,959,021 | ---- | M] () -- C:\Users\Butcher\Documents\Firefox 21.0 (de) - 2013-05-16.pcv
[2013.05.16 11:29:28 | 000,002,070 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2013.05.16 03:34:09 | 000,000,342 | ---- | M] () -- C:\Windows\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3020034867-2444215615-2686408888-1000.job
[2013.05.15 12:25:44 | 000,015,734 | ---- | M] () -- C:\Users\Butcher\Desktop\RHF.odt
[2013.05.15 11:39:46 | 000,001,358 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.05.15 11:39:11 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\SysWow64\pncrt.dll
[2013.05.15 11:19:37 | 000,002,019 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.14 00:50:45 | 007,068,705 | ---- | M] () -- C:\Users\Butcher\Documents\Firefox 20.0.1 (de) - 2013-05-14.pcv
[2013.05.14 00:49:20 | 000,001,031 | ---- | M] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2013.05.01 20:15:22 | 000,013,863 | ---- | M] () -- C:\Users\Butcher\Desktop\VERKAUFEN.ods
[1 C:\Windows\SysNative\drivers\*.tmp files -> C:\Windows\SysNative\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.05.23 09:48:40 | 000,000,000 | ---- | C] () -- C:\Users\Butcher\defogger_reenable
[2013.05.23 09:46:59 | 000,050,477 | ---- | C] () -- C:\Users\Butcher\Desktop\Defogger.exe
[2013.05.23 09:26:28 | 000,001,239 | ---- | C] () -- C:\Users\Butcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
[2013.05.23 09:25:51 | 000,012,856 | ---- | C] () -- C:\Users\Butcher\Desktop\Trojanerboard.odt
[2013.05.22 14:58:08 | 000,000,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk
[2013.05.22 14:52:27 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.22 14:51:49 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.05.22 14:05:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.05.22 14:05:57 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.05.16 12:21:51 | 004,959,021 | ---- | C] () -- C:\Users\Butcher\Documents\Firefox 21.0 (de) - 2013-05-16.pcv
[2013.05.15 11:44:19 | 000,000,342 | ---- | C] () -- C:\Windows\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3020034867-2444215615-2686408888-1000.job
[2013.05.15 11:39:46 | 000,001,358 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2013.05.15 11:19:37 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013.05.15 11:19:37 | 000,002,019 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013.05.15 00:53:10 | 000,015,734 | ---- | C] () -- C:\Users\Butcher\Desktop\RHF.odt
[2013.05.14 00:50:41 | 007,068,705 | ---- | C] () -- C:\Users\Butcher\Documents\Firefox 20.0.1 (de) - 2013-05-14.pcv
[2013.05.14 00:49:20 | 000,001,031 | ---- | C] () -- C:\Users\Public\Desktop\MozBackup.lnk
[2013.04.24 14:35:47 | 000,013,863 | ---- | C] () -- C:\Users\Butcher\Desktop\VERKAUFEN.ods
[2013.03.17 12:02:05 | 000,051,058 | ---- | C] () -- C:\Users\Butcher\.recently-used.xbel
[2010.11.21 12:34:13 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
[2010.05.21 11:35:52 | 000,000,221 | ---- | C] () -- C:\ProgramData\MusicStation.xml
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.27 11:22:59 | 000,000,000 | -HSD | M] -- C:\Users\Butcher\AppData\Roaming\.#
[2012.05.16 23:16:31 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\1&1
[2010.09.23 14:46:28 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\CheckPoint
[2011.07.19 23:12:58 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\go
[2013.03.09 17:18:24 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\gtk-2.0
[2013.05.22 21:37:58 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\Gute
[2013.02.23 12:11:18 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\ICQ
[2011.02.25 18:29:07 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\kikin
[2010.09.26 22:39:21 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\OpenOffice.org
[2013.05.13 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\Udifyv
[2013.05.13 21:17:02 | 000,000,000 | ---D | M] -- C:\Users\Butcher\AppData\Roaming\Ugywor
 
========== Purity Check ==========
 
 

< End of report >
         
Die EXTRAS.txt und die Gmer.txt sind aufgrund der Größe im Anhang.

Kann mich bitte jemand unterstützen und meinen Rechner mal genauer ansehen?

Vielen Dank schon mal!

Alt 23.05.2013, 10:26   #2
smeenk
/// Malwareteam / Visitor
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Hi simiange

Ich bin Smeenk und ich werde versuchen Dir zu helfen


Systemscan mit ZOEK

Bitte lade die zoek.exe von hier: http://hijackthis.nl/smeenk/
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    emptyclsid;
    chromelook;
    autoclean;
    startupall;
    filesrcm;
    firefoxlook;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Bitte alles nach Möglichkeit hier in CODE-Tags posten: [code] Dein Log hier [/code]
__________________


Alt 23.05.2013, 11:30   #3
simiange
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Vielen Dank, dass Du mir hilfst!

Hier ist das zoek-results.log:

Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 22-May-2013
Tool run by Butcher on 23.05.2013 at 11:34:52,33.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Internet Explorer\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b} deleted successfully
HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_CLASSES_ROOT\CLSID\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435B-BC74-9C25C1C588A9} deleted successfully

==== Deleting CLSID Registry Values ======================

HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\{EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} deleted successfully

==== Batch Command(s) Run By Tool======================

C:\Windows\system32\appdata deleted

==== Deleting Files \ Folders ======================

"C:\ProgramData\ezsidmv.dat" deleted
"C:\Users\Butcher\AppData\Roaming\Udifyv\cavu.exe" deleted
"C:\Users\Butcher\AppData\Roaming\Ugywor\fyliu.atu" deleted
"C:\Program Files (x86)\kikin\ie_kikin.dll" deleted
"C:\Users\Butcher\AppData\Roaming\Gute" deleted
"C:\Users\Butcher\AppData\Roaming\Udifyv" deleted
"C:\Users\Butcher\AppData\Roaming\Ugywor" deleted
"C:\Windows\syswow64\appdata" deleted
"C:\Program Files (x86)\kikin" not deleted
"C:\Users\Butcher\AppData\Roaming\kikin" deleted
"C:\ProgramData\Partner" deleted
"C:\Users\Butcher\AppData\LocalLow\Conduit" deleted

==== Files Recently Created / Modified ======================

====== C:\Windows ====
====== C:\Users\Butcher\AppData\Local\Temp ====
====== C:\Windows\SysWOW64 =====
2013-05-22 12:05:58	F59A16A9418044C1D505C53DA370B099	2046976	----a-w-	C:\Windows\SysWOW64\iertutil.dll
2013-05-22 12:05:58	C28A634CF127DA67D566B5E14D0A0170	719360	----a-w-	C:\Windows\SysWOW64\mshtmlmedia.dll
2013-05-22 12:05:58	C225E5307D8D4982A1687F2702C37C78	158720	----a-w-	C:\Windows\SysWOW64\msls31.dll
2013-05-22 12:05:58	AF0332E09DDBE0172237D1958A7DADB8	79872	----a-w-	C:\Windows\SysWOW64\mshtmled.dll
2013-05-22 12:05:58	9DF7A7C74D8632CB5EBD37E3A374825E	204800	----a-w-	C:\Windows\SysWOW64\webcheck.dll
2013-05-22 12:05:58	96E0F0BED5D9EBABB899D8CA83C36A7E	523264	----a-w-	C:\Windows\SysWOW64\vbscript.dll
2013-05-22 12:05:58	87E71F2A83681F41B796CA685818EF2D	163840	----a-w-	C:\Windows\SysWOW64\msrating.dll
2013-05-22 12:05:58	81C4D657D37C3A5418B54BFECE821B84	57344	----a-w-	C:\Windows\SysWOW64\pngfilt.dll
2013-05-22 12:05:58	7A468BC721C1D34E60389D3F2F87BBEA	14323712	----a-w-	C:\Windows\SysWOW64\mshtml.dll
2013-05-22 12:05:58	65C95886E1B17001ADDF163AC18C5525	1130496	----a-w-	C:\Windows\SysWOW64\urlmon.dll
2013-05-22 12:05:58	5ABB3F36AF17007F33FA275E96A2C95E	1767424	----a-w-	C:\Windows\SysWOW64\wininet.dll
2013-05-22 12:05:58	5915AA67DECA289F7B4AFB686CDB09E9	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-22 12:05:58	52AA8A8DA4175580F365D275EB53DBE3	493056	----a-w-	C:\Windows\SysWOW64\msfeeds.dll
2013-05-22 12:05:58	52A7D73D5570F757D865DDECD087FB41	138752	----a-w-	C:\Windows\SysWOW64\wextract.exe
2013-05-22 12:05:58	49834B94A8E8383B700EDDEF46C2AE6A	2706432	----a-w-	C:\Windows\SysWOW64\mshtml.tlb
2013-05-22 12:05:58	338520304B99471BD0ED121954FE7863	82432	----a-w-	C:\Windows\SysWOW64\inseng.dll
2013-05-22 12:05:58	0402BFC25AB49E02256BC24E32829773	185344	----a-w-	C:\Windows\SysWOW64\elshyph.dll
2013-05-22 12:05:58	038F76279EC64878A072D988DE13C7B2	150528	----a-w-	C:\Windows\SysWOW64\iexpress.exe
2013-05-22 12:05:58	03180AFD271BFD88813F428421BC4A1A	39424	----a-w-	C:\Windows\SysWOW64\jsproxy.dll
2013-05-22 12:05:57	F0D4AE074D9BC0741DC6E91C741F2F8C	23040	----a-w-	C:\Windows\SysWOW64\licmgr10.dll
2013-05-22 12:05:57	E14A07B768EC49D382CABCE2F078D576	232960	----a-w-	C:\Windows\SysWOW64\url.dll
2013-05-22 12:05:57	DFDBC397D0DDBD1AFA3CB400D4C003A9	61440	----a-w-	C:\Windows\SysWOW64\iesetup.dll
2013-05-22 12:05:57	DEFB55D4FF094673DF31FA89A8A8A2F0	226816	----a-w-	C:\Windows\SysWOW64\dxtrans.dll
2013-05-22 12:05:57	D5E5A86F49ACC11768D8339094C3AFD8	13760512	----a-w-	C:\Windows\SysWOW64\ieframe.dll
2013-05-22 12:05:57	C9A062F32FF600C96795B43CD9A53151	2877440	----a-w-	C:\Windows\SysWOW64\jscript9.dll
2013-05-22 12:05:57	C68FBBF01E86CB6CF0B797748FBD6C1A	357888	----a-w-	C:\Windows\SysWOW64\dxtmsft.dll
2013-05-22 12:05:57	B96C13B5C85AC4240FE95DE115945D59	38400	----a-w-	C:\Windows\SysWOW64\imgutil.dll
2013-05-22 12:05:57	A7E8E3A9F92D9B0D495F636A1D282883	48640	----a-w-	C:\Windows\SysWOW64\mshtmler.dll
2013-05-22 12:05:57	9D9AC6CE9A9D951AC40DE91CD6F0A620	1441280	----a-w-	C:\Windows\SysWOW64\inetcpl.cpl
2013-05-22 12:05:57	9D6BD7D1EE59B6D0FD65F1A6DF5706F9	137216	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-05-22 12:05:57	932571EFF79B93F94E84ADF4989A277F	69120	----a-w-	C:\Windows\SysWOW64\icardie.dll
2013-05-22 12:05:57	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\SysWOW64\ieapfltr.dat
2013-05-22 12:05:57	8A45166CD9874463AB76B552C9C2D3AD	110592	----a-w-	C:\Windows\SysWOW64\IEAdvpack.dll
2013-05-22 12:05:57	828B4A41BE891A7AEC07E693422B4A3A	117248	----a-w-	C:\Windows\SysWOW64\iepeers.dll
2013-05-22 12:05:57	80B47F0F45C3EBF41C30E0BA367D25D3	125440	----a-w-	C:\Windows\SysWOW64\occache.dll
2013-05-22 12:05:57	6DF2C6438CFF6EFCBBB88AEE01795501	73728	----a-w-	C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-22 12:05:57	56E51C26745FF7413514EA4DDF33BC6C	11776	----a-w-	C:\Windows\SysWOW64\msfeedssync.exe
2013-05-22 12:05:57	4A47CAEA8D3B82DE439A79771ECED4B1	361984	----a-w-	C:\Windows\SysWOW64\html.iec
2013-05-22 12:05:57	414A3D9AAE072CDEFE0B64C2EBEE18D2	61952	----a-w-	C:\Windows\SysWOW64\tdc.ocx
2013-05-22 12:05:57	404FAD93ABFBD86D1AAAB47D5DFA6505	242200	----a-w-	C:\Windows\SysWOW64\iedkcs32.dll
2013-05-22 12:05:57	3CC9825BFFE7B7429C8B79B0395ACDA8	33280	----a-w-	C:\Windows\SysWOW64\iernonce.dll
2013-05-22 12:05:57	3AB2A38F7EA9E62D176A78FB58761E24	12800	----a-w-	C:\Windows\SysWOW64\mshta.exe
2013-05-22 12:05:57	366D8EA2ADCBA228C9487BC6D2427DDC	109056	----a-w-	C:\Windows\SysWOW64\iesysprep.dll
2013-05-22 12:05:57	2D7A29C35D0894481A69FA3AC45F18F0	41984	----a-w-	C:\Windows\SysWOW64\msfeedsbs.dll
2013-05-22 12:05:57	28AEB03752D716BF149DBC93A9ACC17E	391168	----a-w-	C:\Windows\SysWOW64\ieui.dll
2013-05-22 12:05:57	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\SysWOW64\ieuinit.inf
2013-05-22 12:05:57	0F44172A5B34E8F208CD0F209EDD4A73	629248	----a-w-	C:\Windows\SysWOW64\ieapfltr.dll
2013-05-22 12:05:57	0142341520F0A0F2B0E312335B96705B	690688	----a-w-	C:\Windows\SysWOW64\jscript.dll
2013-05-15 09:39:26	A8B28B52CE53F22C6E07A2C27E23FC18	201872	----a-w-	C:\Windows\SysWOW64\rmoc3260.dll
2013-05-15 09:39:12	B74E422BC81236042529DC8A42A18423	5632	----a-w-	C:\Windows\SysWOW64\pndx5032.dll
2013-05-15 09:39:12	33833B3EDA1B07EBD367FA9B38B23E60	6656	----a-w-	C:\Windows\SysWOW64\pndx5016.dll
2013-05-15 09:39:11	B4EB68502E52EBDC0B2C55EA3445284C	272896	----a-w-	C:\Windows\SysWOW64\pncrt.dll
2013-05-15 09:39:06	86F1895AE8C5E8B17D99ECE768A70732	348160	----a-w-	C:\Windows\SysWOW64\msvcr71.dll
2013-05-15 09:39:06	561FA2ABB31DFA8FAB762145F81667C2	499712	----a-w-	C:\Windows\SysWOW64\msvcp71.dll
2013-05-15 09:35:43	565D78187494FB5F08B5A52DEB2AEA7A	12872704	----a-w-	C:\Windows\SysWOW64\shell32.dll
2013-05-15 09:35:42	E904178851A6A44BFA97E064EF779E9D	1796096	----a-w-	C:\Windows\SysWOW64\authui.dll
2013-05-15 09:35:42	1F05F5A16881CD928C82D53CEFCF4477	180224	----a-w-	C:\Windows\SysWOW64\shdocvw.dll
2013-05-13 23:14:49	8255AD29A44B2E14B2DD99319F92A0AB	95648	----a-w-	C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
====== C:\Windows\SysWOW64\drivers =====
====== C:\Windows\Sysnative =====
2013-05-22 12:12:17	F6FF7917A2E1270C0DDE19E096A7808F	28672	----a-w-	C:\Windows\Sysnative\IEUDINIT.EXE
2013-05-22 12:05:58	5051BB40FFB2BA4870C0A059CA03294F	1054720	----a-w-	C:\Windows\Sysnative\MsSpellCheckingFacility.exe
2013-05-22 12:05:58	3531FA12A76A32ECECD972196775DF7C	226304	----a-w-	C:\Windows\Sysnative\elshyph.dll
2013-05-22 12:05:57	FE6CB2001A8C2A85B617CD3FC85D8242	526336	----a-w-	C:\Windows\Sysnative\ieui.dll
2013-05-22 12:05:57	FC6B4D5450871A4D5CB344AFF6C090EF	281600	----a-w-	C:\Windows\Sysnative\dxtrans.dll
2013-05-22 12:05:57	F651D95B5043EFC20A6108A853553984	92160	----a-w-	C:\Windows\Sysnative\SetIEInstalledDate.exe
2013-05-22 12:05:57	EC6E8273B6CB79CA5B7B00CA82D1FCEE	136704	----a-w-	C:\Windows\Sysnative\iesysprep.dll
2013-05-22 12:05:57	EC08E38751854C5B8899139B7DD29FF9	197120	----a-w-	C:\Windows\Sysnative\msrating.dll
2013-05-22 12:05:57	E965529C43D25F2BDA77D705098BF777	135680	----a-w-	C:\Windows\Sysnative\IEAdvpack.dll
2013-05-22 12:05:57	E34F0440799F9A0F9DC4265F4ADA75C1	1365504	----a-w-	C:\Windows\Sysnative\urlmon.dll
2013-05-22 12:05:57	E1055A7FAD39F1F7C44F6152044056EA	905728	----a-w-	C:\Windows\Sysnative\mshtmlmedia.dll
2013-05-22 12:05:57	D9C10A4A0B3411146E6FC8936B079934	167424	----a-w-	C:\Windows\Sysnative\iexpress.exe
2013-05-22 12:05:57	D8DD5CBB9668EEE98915EA49C72F78FA	441856	----a-w-	C:\Windows\Sysnative\html.iec
2013-05-22 12:05:57	D8076F8A3C34064582035AE6696DC34A	27648	----a-w-	C:\Windows\Sysnative\licmgr10.dll
2013-05-22 12:05:57	D0F66CFAED5B85543216EF526D380B8B	270848	----a-w-	C:\Windows\Sysnative\iedkcs32.dll
2013-05-22 12:05:57	D0D4CE6C6CE87269A34A184356475D17	149504	----a-w-	C:\Windows\Sysnative\occache.dll
2013-05-22 12:05:57	C56EF4C50A1FEED0CC9B7AE068CBBBBB	19231232	----a-w-	C:\Windows\Sysnative\mshtml.dll
2013-05-22 12:05:57	C2F21E3059AFF5E616F3E361D9FA10CD	62976	----a-w-	C:\Windows\Sysnative\pngfilt.dll
2013-05-22 12:05:57	BC0D4AFBE94D8E1F81C8926D805C3366	247296	----a-w-	C:\Windows\Sysnative\webcheck.dll
2013-05-22 12:05:57	ADE73A865A5F136E84F49BB6B1627C6E	1509376	----a-w-	C:\Windows\Sysnative\inetcpl.cpl
2013-05-22 12:05:57	A197763AA7487807279AB61CD6835CEF	89600	----a-w-	C:\Windows\Sysnative\RegisterIEPKEYs.exe
2013-05-22 12:05:57	9D6B9124B582F0FBF275B434CE5A672C	2647552	----a-w-	C:\Windows\Sysnative\iertutil.dll
2013-05-22 12:05:57	9B2BB51ED6D28860A48CFF46FD6D3DC1	2706432	----a-w-	C:\Windows\Sysnative\mshtml.tlb
2013-05-22 12:05:57	97588F2871E1FE8E3EB57B17B98DF03B	67072	----a-w-	C:\Windows\Sysnative\iesetup.dll
2013-05-22 12:05:57	942E110384668EEFF44751A02EDDF5E4	48640	----a-w-	C:\Windows\Sysnative\mshtmler.dll
2013-05-22 12:05:57	8C3D32A4A46326031309A43C52539D7F	1400416	----a-w-	C:\Windows\Sysnative\ieapfltr.dat
2013-05-22 12:05:57	82D602EBBBA6D08E4691F32269FD3494	12800	----a-w-	C:\Windows\Sysnative\msfeedssync.exe
2013-05-22 12:05:57	7EC25F7ABF7CE6B0FE93787524EE537B	452096	----a-w-	C:\Windows\Sysnative\dxtmsft.dll
2013-05-22 12:05:57	7DAA72F6C30D81EE31EC2BDC90054326	603136	----a-w-	C:\Windows\Sysnative\msfeeds.dll
2013-05-22 12:05:57	772EC073332D1BA2DBEC32C6D063811A	855552	----a-w-	C:\Windows\Sysnative\jscript.dll
2013-05-22 12:05:57	658E8FEC79A4AB5BFDE032627B5C9667	13824	----a-w-	C:\Windows\Sysnative\mshta.exe
2013-05-22 12:05:57	63CAE56FE4215F98FEB0188748A99378	52224	----a-w-	C:\Windows\Sysnative\msfeedsbs.dll
2013-05-22 12:05:57	5B15164486C66B76699E1CD2CD2F3A2A	51200	----a-w-	C:\Windows\Sysnative\imgutil.dll
2013-05-22 12:05:57	4E426A67C46379B75A5E671B46FC07F6	102912	----a-w-	C:\Windows\Sysnative\inseng.dll
2013-05-22 12:05:57	4CFBEC37E4FAD530E623E1541E1EA958	599552	----a-w-	C:\Windows\Sysnative\vbscript.dll
2013-05-22 12:05:57	42758AF68D3C4912C8D8A18088AD2555	51712	----a-w-	C:\Windows\Sysnative\ie4uinit.exe
2013-05-22 12:05:57	40738329209CBE2C9B48F7E30F7C1414	144896	----a-w-	C:\Windows\Sysnative\wextract.exe
2013-05-22 12:05:57	402D797A7905DC3C6FE11E75CD5252EB	235008	----a-w-	C:\Windows\Sysnative\url.dll
2013-05-22 12:05:57	31E219322B8D765F9F84B80D1D92A07F	173568	----a-w-	C:\Windows\Sysnative\ieUnatt.exe
2013-05-22 12:05:57	2C96C695B6015042AC867EA419A45C20	3958784	----a-w-	C:\Windows\Sysnative\jscript9.dll
2013-05-22 12:05:57	2AAE2B8FED8390879C2369FC63F7001F	97280	----a-w-	C:\Windows\Sysnative\mshtmled.dll
2013-05-22 12:05:57	27A9000C534AA9BADC9EE74940F50C6D	2242048	----a-w-	C:\Windows\Sysnative\wininet.dll
2013-05-22 12:05:57	254502230F2259D255D4149C235173B1	53248	----a-w-	C:\Windows\Sysnative\jsproxy.dll
2013-05-22 12:05:57	23556D116D5FB93395B2A648EEB24251	81408	----a-w-	C:\Windows\Sysnative\icardie.dll
2013-05-22 12:05:57	1FF56AC32B38A94C3C88497BD6E00C96	25185	----a-w-	C:\Windows\Sysnative\ieuinit.inf
2013-05-22 12:05:57	18A94D6E9D27D169D38DAB91F6A97518	136192	----a-w-	C:\Windows\Sysnative\iepeers.dll
2013-05-22 12:05:57	168602AB16D30D5D6E091CA609FC7E75	39936	----a-w-	C:\Windows\Sysnative\iernonce.dll
2013-05-22 12:05:57	1456EECCB5CF6B91513200F95D61706E	762368	----a-w-	C:\Windows\Sysnative\ieapfltr.dll
2013-05-22 12:05:57	112183DF91C9BAECB498E4A86ECDE598	216064	----a-w-	C:\Windows\Sysnative\msls31.dll
2013-05-22 12:05:56	7F4F74880E0B586EB7A9E225C34B1296	15404032	----a-w-	C:\Windows\Sysnative\ieframe.dll
2013-05-22 12:05:56	440104AEB9DAF8AC9842080AE59740FA	77312	----a-w-	C:\Windows\Sysnative\tdc.ocx
2013-05-15 09:35:56	943F527DF79E6B400104341AA7023C75	144384	----a-w-	C:\Windows\Sysnative\cdd.dll
2013-05-15 09:35:45	1BFC94665BCA35F9001ADC7BFB167C63	14172672	----a-w-	C:\Windows\Sysnative\shell32.dll
2013-05-15 09:35:43	3EF480BFED1B5947A32585E30A58D4ED	1930752	----a-w-	C:\Windows\Sysnative\authui.dll
2013-05-15 09:35:43	22A0AE97360C1B146FDD9AA55AC0E989	197120	----a-w-	C:\Windows\Sysnative\shdocvw.dll
2013-05-15 09:35:42	E948D1D42DC68923ABD75EEB5BCCD1D3	111448	----a-w-	C:\Windows\Sysnative\consent.exe
2013-05-15 09:35:42	9D2A2369AB4B08A4905FE72DB104498F	70144	----a-w-	C:\Windows\Sysnative\appinfo.dll
2013-05-15 09:35:22	FE90B750AB808FB9DD8FBB428B5FF83B	230400	----a-w-	C:\Windows\Sysnative\wwansvc.dll
2013-05-15 09:35:22	30B1489F2DCD8DC1AB6BB60CA6093615	48640	----a-w-	C:\Windows\Sysnative\wwanprotdim.dll
2013-05-15 09:35:20	A11523523B31086DD760C0189C763359	3153920	----a-w-	C:\Windows\Sysnative\win32k.sys
2013-05-13 23:11:08	315781E506D97F08E22F164B36EB5C11	108448	----a-w-	C:\Windows\Sysnative\WindowsAccessBridge-64.dll
====== C:\Windows\Sysnative\drivers =====
2013-05-15 09:35:56	AF2E16242AA723F68F461B6EAE2EAD3D	983400	----a-w-	C:\Windows\Sysnative\drivers\dxgkrnl.sys
2013-05-15 09:35:56	1F04CFB79DD5FB7694468CE3FB3DCC31	265064	----a-w-	C:\Windows\Sysnative\drivers\dxgmms1.sys
2013-04-24 12:34:54	B98F8C6E31CD07B2E6F71F7F648E38C0	1656680	----a-w-	C:\Windows\Sysnative\drivers\ntfs.sys
====== C:\Windows\Tasks ======
2013-05-22 12:52:27	2700099D93F799C16C010E218A13810C	884	----a-w-	C:\Windows\Tasks\Adobe Flash Player Updater.job
2013-05-15 09:44:19	41021124B66873BD0BDC34C14A484508	342	----a-w-	C:\Windows\Tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3020034867-2444215615-2686408888-1000.job
====== C:\Windows\Temp ======
======= C:\Program Files =====
2013-05-22 12:57:24	--------	d-----w-	C:\Program Files\GIMP 2
======= C:\Program Files (x86) =====
2013-05-22 12:46:06	--------	d-----w-	C:\Program Files (x86)\Secunia
2013-05-15 09:39:41	--------	d-----w-	C:\Program Files (x86)\RealNetworks
2013-05-15 09:39:32	--------	d-----w-	C:\Program Files (x86)\Common Files\xing shared
2013-05-15 09:19:36	--------	d-----w-	C:\Program Files (x86)\Common Files\Adobe
2013-05-13 22:49:20	--------	d-----w-	C:\Program Files (x86)\MozBackup
======= C: =====
====== C:\Users\Butcher\AppData\Roaming ======
2013-05-22 12:46:12	--------	d-----w-	C:\users\Butcher\AppData\Local\Secunia PSI
2013-05-15 09:40:08	--------	d-----w-	C:\users\Butcher\AppData\Roaming\RealNetworks
2013-05-13 23:32:24	--------	d-----w-	C:\users\Butcher\AppData\Local\Sun
====== C:\Users\Butcher ======
2013-05-23 07:48:40	D41D8CD98F00B204E9800998ECF8427E	0	----a-w-	C:\Users\Butcher\defogger_reenable
2013-05-22 13:09:53	--------	d-s---w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4.1
2013-05-16 09:29:28	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2013-05-15 09:39:39	--------	d-----w-	C:\ProgramData\RealNetworks
2013-05-15 09:39:11	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2013-05-13 22:49:20	--------	d-----w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MozBackup

====== C: exe-files ==
2013-05-23 08:16:18	60BF4AE8CC40B0E3E28613657ED2EED8	377856	----a-w-	C:\Users\Butcher\Desktop\gmer_2.1.19163.exe
2013-05-23 07:49:30	4ADCFEE16EE9978F06157634669D36FB	602112	----a-w-	C:\Users\Butcher\Desktop\OTL.exe
2013-05-23 07:46:59	9146F21288AB749C4C729343F5F285A1	50477	----a-w-	C:\Users\Butcher\Desktop\Defogger.exe
2013-05-23 07:24:20	20B8E9389DE13E793F622113E80B8B36	109065	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmp7ffa86a7\gw01.exe
2013-05-22 19:02:58	C9BA33919AE05DE7A7F5EF0AF3136DBE	108960	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmp25fa7cc2\gw01.exe
2013-05-22 13:06:25	AF18955096B8AA87CAA6575881388AED	473600	----a-w-	C:\Users\Butcher\AppData\Local\Temp\asdsd24312-a0fb-49b0-adba-9c435df33687\setup.exe
2013-05-22 13:02:51	FDE357AD891B8EE410EE7C7558D11BE5	108960	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmpc2b628fc\gw01.exe
2013-05-22 12:58:05	ED0FDE686788CAEC4F2CB1EC9C31680C	61440	----a-w-	C:\Program Files\GIMP 2\Python\Lib\distutils\command\wininst-8.0.exe
2013-05-22 12:58:05	AE6CE17005C63B7E9BF15A2A21ABB315	65536	----a-w-	C:\Program Files\GIMP 2\Python\Lib\distutils\command\wininst-7.1.exe
2013-05-22 12:58:05	8AA98031128EF0C81D34207E3C60D003	196096	----a-w-	C:\Program Files\GIMP 2\Python\Lib\distutils\command\wininst-9.0.exe
2013-05-22 12:58:05	7B112B1FB864C90EC5B65EAB21CB40B8	61440	----a-w-	C:\Program Files\GIMP 2\Python\Lib\distutils\command\wininst-6.0.exe
2013-05-22 12:58:05	5F1707646575D375C50155832477A437	223744	----a-w-	C:\Program Files\GIMP 2\Python\Lib\distutils\command\wininst-9.0-amd64.exe
2013-05-22 12:58:03	69EF407E98408509A74F0C0D34D5B058	63317	----a-w-	C:\Program Files\GIMP 2\libexec\dbus-bash-completion-helper.exe
2013-05-22 12:58:03	545EA4EA886B7948C958D0C2E0476475	27136	----a-w-	C:\Program Files\GIMP 2\Python\pythonw.exe
2013-05-22 12:58:03	1588F0003D06C1E58AE17F4C0FC40F18	26624	----a-w-	C:\Program Files\GIMP 2\Python\python.exe
2013-05-22 12:57:57	D969AEE485B4768C863AE0DE7CD5D4B2	63709	----a-w-	C:\Program Files\GIMP 2\bin\bzip2.exe
2013-05-22 12:57:57	6A7275144C6897C8F5357CCCBB8D9A0F	43847	----a-w-	C:\Program Files\GIMP 2\bin\gspawn-win64-helper-console.exe
2013-05-22 12:57:57	4821B41FDF5F7DFC12A650E1631ABA9F	43847	----a-w-	C:\Program Files\GIMP 2\bin\gspawn-win64-helper.exe
2013-05-22 12:57:47	FDB406BBF0D8B9F3333EF150185A6DAA	55824	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sinus.exe
2013-05-22 12:57:47	F723D76B4E7EED755BB680194CC7205C	46400	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\qbist.exe
2013-05-22 12:57:47	F1BA0088F580914DC5FAF6762C501213	54696	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\maze.exe
2013-05-22 12:57:47	F1361113D7B7FF340C5D0350B50F6208	65272	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\jigsaw.exe
2013-05-22 12:57:47	EA03C9A9F18E0AB7A38AAEE4716E7E38	41800	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\plasma.exe
2013-05-22 12:57:47	DCB76A11378B1D1635AEC4C3D5B40006	31112	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\web-browser.exe
2013-05-22 12:57:47	DCAB2D86ED76B5A0B4046C007A9299D6	64032	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\iwarp.exe
2013-05-22 12:57:47	DBF1FCC80D11B2D2C8621BE206710DB1	43456	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\wind.exe
2013-05-22 12:57:47	D477A97FB6A532658819CEA8EE4E7F47	31072	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\procedure-browser.exe
2013-05-22 12:57:47	D34A27C994319BDA2AAB53F49AB8883B	44680	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\unsharp-mask.exe
2013-05-22 12:57:47	D14884D5B86C70F9257FAD9EFC38F6F9	43760	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\noise-randomize.exe
2013-05-22 12:57:47	D05B6541B6B2959DEF60D586E5E436C1	79936	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\pagecurl.exe
2013-05-22 12:57:47	CEE48823EF61B6045796316FA62743CE	94552	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\metadata.exe
2013-05-22 12:57:47	C7CC89A3CD09DA2F6803CE0192025F96	33824	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\gradient-map.exe
2013-05-22 12:57:47	BE7D68E4A3F0B09D8E0E89057360078B	41832	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\illusion.exe
2013-05-22 12:57:47	BA12FA55ADFB4D20582B2984F3080B5F	46944	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\nl-filter.exe
2013-05-22 12:57:47	B8DC1F2BF99B2C0A58D55B95E88768E0	72872	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\video.exe
2013-05-22 12:57:47	B388368BEDEEF918C28940B328F6EAC5	46616	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\van-gogh-lic.exe
2013-05-22 12:57:47	AFB4D84AAABBA09FDEF82D0F7DE30D43	40920	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\smooth-palette.exe
2013-05-22 12:57:47	A8C71D89A5239A2562290056238CB3CD	34280	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\guillotine.exe
2013-05-22 12:57:47	A3A3136292B13B1EE67A34CEAD0A408D	31328	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\semi-flatten.exe
2013-05-22 12:57:47	9D310A3E8B6A3727F2D46132D8BA1D55	40480	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\shift.exe
2013-05-22 12:57:47	992260CD3B7241089ED1020BBDF96CC7	48664	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lens-flare.exe
2013-05-22 12:57:47	992219FF26DBDBBCC10B8D97F1323E78	82496	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\help-browser.exe
2013-05-22 12:57:47	98A461C6D293DEF116B5A7B6E54A874D	42784	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\noise-rgb.exe
2013-05-22 12:57:47	95DBB43C66F22A00DB38D56F372A25C7	86576	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sphere-designer.exe
2013-05-22 12:57:47	908F45B79BC73D8CEDE2A55BB7D4312E	48928	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\value-propagate.exe
2013-05-22 12:57:47	8D22011DC85BDA6DB60D4E581A6256E3	42496	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\pixelize.exe
2013-05-22 12:57:47	8B6369DB943573D2A48CE4E47FB2B1BA	37936	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\rotate.exe
2013-05-22 12:57:47	8912A1F719194A2C47F1706FBBC322C9	80040	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\print.exe
2013-05-22 12:57:47	8833756545ACBBA5E85BCFCB9CCFA9BE	40872	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sharpen.exe
2013-05-22 12:57:47	871902F1CE80B363E15119AD81E7341F	58608	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lcms.exe
2013-05-22 12:57:47	8000A7470A336415E676054880BA9872	44384	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\ripple.exe
2013-05-22 12:57:47	7BE743C349F52F8782201F45C5560E0E	61336	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\warp.exe
2013-05-22 12:57:47	77DF44DF1749CE5FC56BA721AA015E4E	43680	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\help.exe
2013-05-22 12:57:47	767C3A15D9C091C457B93D43AF737A76	34168	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\tile-seamless.exe
2013-05-22 12:57:47	7252AC4560F26AB0320BC1963AD1D07E	49088	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\unit-editor.exe
2013-05-22 12:57:47	7196C855CC63B3951A846B6A14C50CDC	43960	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\win-snap.exe
2013-05-22 12:57:47	71747365A73E141620C0FCE295E6C97B	37456	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\threshold-alpha.exe
2013-05-22 12:57:47	69254AF3FD8C1824E3FB19C29BFE4AEE	137464	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lighting.exe
2013-05-22 12:57:47	68CF5F9AD06E61B475D0C71855E039CB	48168	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\photocopy.exe
2013-05-22 12:57:47	67EAA359BAFAA4DFA749D3CA75BABAEA	40600	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\tile-glass.exe
2013-05-22 12:57:47	6224D576155A9512A9CB67A9B8D1613C	72808	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sample-colorize.exe
2013-05-22 12:57:47	5EFB8CC7E876AF1B560BEE92260C9E64	46976	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\whirl-pinch.exe
2013-05-22 12:57:47	5D2E2F8FE28AC29B7B35DDFD0CAE9E82	41568	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\waves.exe
2013-05-22 12:57:47	566384616AB2E6E1255146ECBC7E8E38	66912	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\mosaic.exe
2013-05-22 12:57:47	5484CA5ED96D01E3D831F395A3B22430	58360	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\sparkle.exe
2013-05-22 12:57:47	547A768F271D207505F32AF419FAF1F2	43712	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\noise-solid.exe
2013-05-22 12:57:47	53E43B160953B61A12F3256995981D5A	45760	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lens-distortion.exe
2013-05-22 12:57:47	53C6E11A147FE464FD623ED8B9D43655	40840	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\tile.exe
2013-05-22 12:57:47	52EBB5285838B831C79E82B684D35B0F	98064	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\ifs-compose.exe
2013-05-22 12:57:47	5079E289DBD9E3944E4F491F14783DF4	45208	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\polar-coords.exe
2013-05-22 12:57:47	4C18CA68DE56E943195C04E0BFF3CCBE	43680	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\hot.exe
2013-05-22 12:57:47	4B4A9D66E3E7B2D22B5DB75DD13277F3	42880	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\lens-apply.exe
2013-05-22 12:57:47	45AE6B8310AC4BEF9BC3BF76C09B10F8	155664	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\map-object.exe
2013-05-22 12:57:47	43F743A19059168C380C13CE47F2C029	48040	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\tile-paper.exe
2013-05-22 12:57:47	4147689A538A3A09EA868812AFA828C0	47280	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\plugin-browser.exe
2013-05-22 12:57:47	3C15B12DE0DD752ADD2230368BEE78A5	39792	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\noise-hsv.exe
2013-05-22 12:57:47	3BED7E0EE5CAC8692E2E6B5EAFEC52C2	79504	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\selection-to-path.exe
2013-05-22 12:57:47	39DE94ED82574D59095E5D8C217B6B72	79288	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-ps.exe
2013-05-22 12:57:47	31F0EEE58A5217DB94000F30AC6889DF	50728	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\tile-small.exe
2013-05-22 12:57:47	2BDCD08CD30DE1F90A5171E1922C6089	33272	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\value-invert.exe
2013-05-22 12:57:47	2B20E60C391C7E50ED692BB48D0CCE84	208112	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\imagemap.exe
2013-05-22 12:57:47	29D93E2366D3D6C33DF0092ACF78F7CF	45608	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\softglow.exe
2013-05-22 12:57:47	25C5DE953866A02E6E76E4C32DE68108	36544	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\max-rgb.exe
2013-05-22 12:57:47	19B6A578A2F19280BAA101EF88553F4D	61120	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\newsprint.exe
2013-05-22 12:57:47	17C46F782D22B2CADE7A89F286303C4D	39200	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\red-eye-removal.exe
2013-05-22 12:57:47	0F5F7EA91B19BAF5DAE85E77C29452B9	177840	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\script-fu.exe
2013-05-22 12:57:47	0BF9304BB620BF1250A85EE47293FEB6	49224	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\oilify.exe
2013-05-22 12:57:47	0B710BA952B9CAF3EE0A9DB8BFB33A6E	51696	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\grid.exe
2013-05-22 12:57:47	033F93BF529A81535DA62EB859A9F625	52232	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\nova.exe
2013-05-22 12:57:47	02714B8F86E01D43302AFD99C8D222AD	44488	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\web-page.exe
2013-05-22 12:57:47	002D6C8FD7D58A9F343599662B7DFAD9	39456	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\noise-spread.exe
2013-05-22 12:57:46	EEA9EF09FE2AC688CF09ADC3F440690A	61728	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pdf-save.exe
2013-05-22 12:57:46	E80F579595586393450502A7E8BE9576	51760	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-svg.exe
2013-05-22 12:57:46	DF053B8DAB15040BBC35E27754C92D49	44624	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-sgi.exe
2013-05-22 12:57:46	D240B3164A4A36E9A44BF72E532D33B0	39680	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pcx.exe
2013-05-22 12:57:46	CA9B0BD3B61B1C41524C2743D59961FD	57832	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pdf-load.exe
2013-05-22 12:57:46	C70ED8B12A21AC4B2BE583ECACDE0D59	50136	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-tiff-save.exe
2013-05-22 12:57:46	C61C0FD5BCC4127A0D9C7A378783FD03	64400	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-png.exe
2013-05-22 12:57:46	C077E641BF9A404776AC415F6819AA06	71608	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-psd-load.exe
2013-05-22 12:57:46	AD6172A4822A4505D61851AD4CE0F725	50048	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-raw.exe
2013-05-22 12:57:46	A68C58A7C883803052612376F9006748	147704	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\flame.exe
2013-05-22 12:57:46	A6329B37C95A63E36EC213506BE3E284	45496	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\fractal-trace.exe
2013-05-22 12:57:46	A5EC55CBD9626281C215412283F9C22F	168912	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\gfig.exe
2013-05-22 12:57:46	886D2548E07747D63C72AB5D9BF0D00C	101360	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\gradient-flare.exe
2013-05-22 12:57:46	86447CAFA759ED1C91EAB434DC6D9AF7	51520	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-wmf.exe
2013-05-22 12:57:46	71905A2E353B1F444E71717B93D4835A	78488	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\filter-pack.exe
2013-05-22 12:57:46	6CEDC234FF55310527E2832111A5F00C	49496	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-psp.exe
2013-05-22 12:57:46	69C80FCE6DDB1DD1F865D958791A290F	41752	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pat.exe
2013-05-22 12:57:46	657E24F25E04B58FA23D512798F79CBF	50600	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-xwd.exe
2013-05-22 12:57:46	5C4360B2953264C327B30EE53C62D62F	48024	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-psd-save.exe
2013-05-22 12:57:46	5BEF738120040726428DD6588BC273CB	45944	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pnm.exe
2013-05-22 12:57:46	5A9CDC431B4B5D6BAA4D556D467F75DC	50216	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-xbm.exe
2013-05-22 12:57:46	54A4BCAA6E46F80541CD1CAD7D999366	57576	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-tiff-load.exe
2013-05-22 12:57:46	53EB74E76C130CC070B2D904B7AB43F2	37352	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-uri.exe
2013-05-22 12:57:46	455E878F5AC0C774730B708ADB7F0677	58016	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\film.exe
2013-05-22 12:57:46	433522620FC55C1F88222C58ECA2C24A	84664	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\fractal-explorer.exe
2013-05-22 12:57:46	3F456F51D7858EB8B468E9D1C3100165	36296	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-pix.exe
2013-05-22 12:57:46	38CC52D8CDFEF95224740F873DD79380	147304	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\gimpressionist.exe
2013-05-22 12:57:46	2AAEF14AB1E19DDCC01F2A53BB627956	42656	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-xpm.exe
2013-05-22 12:57:46	0A8C22D251E2FC2E26BF7BD00E0776C3	46920	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-tga.exe
2013-05-22 12:57:46	09EA8A42C5EB66373E4EF9E5CAF0A659	47936	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-sunras.exe
2013-05-22 12:57:45	FBD8D287610BD281753C6A652D57D384	40784	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\edge-sobel.exe
2013-05-22 12:57:45	F6A9D74EE1606DBFE8ECACE5233E84D0	48928	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\edge-dog.exe
2013-05-22 12:57:45	F03855E406CFF358B14ADFE7A3BBDCEE	42384	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-gif-load.exe
2013-05-22 12:57:45	DAB4A1F72521C575F215B4B5F1757B02	56104	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\apply-canvas.exe
2013-05-22 12:57:45	DA4849B4A1ED06C3CC1644EE9C140957	45088	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\diffraction.exe
2013-05-22 12:57:45	D34E7CDE455AEEB8905459FCB4079351	45200	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\cubism.exe
2013-05-22 12:57:45	D320E161E1FD72900F99B1B62A9CAADD	39888	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\color-cube-analyze.exe
2013-05-22 12:57:45	D206A81537AFAA7C324C34DA1B7AAAE6	32720	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-glob.exe
2013-05-22 12:57:45	D101DD3CA5D2B8A1C7D4D296C224356E	39312	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-faxg3.exe
2013-05-22 12:57:45	CD9C035E532C51E6EEB134336C4CBF47	46368	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\edge.exe
2013-05-22 12:57:45	CB9C5E245FA4E90FD0F66C33B0FC916C	37464	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-jp2-load.exe
2013-05-22 12:57:45	C77EE97420B6A6DD2E72B50A890C547D	79616	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\cml-explorer.exe
2013-05-22 12:57:45	C640E3F3796FD371D56040E9D9D04A90	35648	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\crop-auto.exe
2013-05-22 12:57:45	C133BE7CC8100B2D2375E0EA3B21F1D9	47232	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\contrast-retinex.exe
2013-05-22 12:57:45	C042272BEA014C95E9F80E5F1CBB7A0F	46544	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-csource.exe
2013-05-22 12:57:45	BC90F3E03805859C0A3A388AC077BE9A	33104	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\contrast-stretch.exe
2013-05-22 12:57:45	BB5696B1B88B6EB361EE1E94C73A22B9	58456	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-bmp.exe
2013-05-22 12:57:45	B9886831382DF7325BA2947E4EF77B32	39704	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\checkerboard.exe
2013-05-22 12:57:45	B4015F31247A18CD53DF4D42F7FDA075	32560	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\contrast-normalize.exe
2013-05-22 12:57:45	B2A4B5C00CA8518A87A761B262466B06	31840	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-compressor.exe
2013-05-22 12:57:45	A8EA639BBC4FC58D5BAB4B15BD92E152	74080	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\curve-bend.exe
2013-05-22 12:57:45	A525EAC3FC2A593ECC403243F0C7A036	50896	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\blur-gauss-selective.exe
2013-05-22 12:57:45	A43E0AD30072ECCB3FE836431BF35F90	47768	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\cartoon.exe
2013-05-22 12:57:45	A3C39518C2949E928C7B64855D333DB1	41832	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\emboss.exe
2013-05-22 12:57:45	9F3716E7B18A8FCBFDE07AA8CAD94CB9	80680	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\color-rotate.exe
2013-05-22 12:57:45	9D519A23AC03E321A3B5426AF98C8131	44976	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-dicom.exe
2013-05-22 12:57:45	9C969DCCE05B225F20567AA45BE0968C	56256	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\blur-gauss.exe
2013-05-22 12:57:45	96B31FA69C851CC8F02AA51A2805EBEA	53032	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\channel-mixer.exe
2013-05-22 12:57:45	95231060B204DA7EF3BE6048B78D09E6	43256	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\animation-optimize.exe
2013-05-22 12:57:45	94B81C40D7DA9C2CC02D245977490471	63752	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-ico.exe
2013-05-22 12:57:45	9303277060FFFB81DF07D82A829C12B4	55960	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\animation-play.exe
2013-05-22 12:57:45	8D217838A9D14C01045F5F7C3502E935	59520	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\compose.exe
2013-05-22 12:57:45	877D1491D0DA014DCB691EE95E74E831	43056	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\blinds.exe
2013-05-22 12:57:45	82BFAC9426F21D1A86DDB3073C106694	31608	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-desktop-link.exe
2013-05-22 12:57:45	811CC05FC8244F2A1F46C52C1E507554	33968	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\crop-zealous.exe
2013-05-22 12:57:45	8064DBC1A268F77B590854EFDC55F743	48752	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\depth-merge.exe
2013-05-22 12:57:45	7562B979FD072B4E79318CC053E1C405	48136	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\displace.exe
2013-05-22 12:57:45	74DD191F1895E2E8391DA30D140BD134	55864	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\decompose.exe
2013-05-22 12:57:45	73E1AC7BFA0FA22A2050644C8559F262	56520	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-mng.exe
2013-05-22 12:57:45	710AD75C8B15131B2E679FF6B2F8C45F	64272	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-fits.exe
2013-05-22 12:57:45	6AAC2B035C803F860F36B0C1B10416E0	44352	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-gbr.exe
2013-05-22 12:57:45	67D41B3220D1F911DBD2CA32D624E3DE	51736	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-fli.exe
2013-05-22 12:57:45	5F63A8179B5ED20BDC846A98883AFB2B	45400	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-html-table.exe
2013-05-22 12:57:45	5D12A6553DB70C7C8B75C4F1EC69F4CD	40008	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\destripe.exe
2013-05-22 12:57:45	5190575C494ADC4880BAE1783C4BC0B5	41056	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-cel.exe
2013-05-22 12:57:45	4FE2F8DF533D79F8AD09C6288823FDFE	46848	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\colormap-remap.exe
2013-05-22 12:57:45	4A6600DBBA228CD67C61E9892DE3B4C8	46576	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\edge-neon.exe
2013-05-22 12:57:45	4901FA8FF398CF39F5D0586E66C50631	38000	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\deinterlace.exe
2013-05-22 12:57:45	457A1CACA0CB18BD883574DA6CA5FA2E	39336	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\engrave.exe
2013-05-22 12:57:45	3F83749EECBEA10D860EBE3D5EAE9A71	51112	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\blur-motion.exe
2013-05-22 12:57:45	3D709A3D3C6887459FDCD41BE587B65F	34784	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\blur.exe
2013-05-22 12:57:45	3CFC3738E71C10DC1E7829777835E03C	33280	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\color-enhance.exe
2013-05-22 12:57:45	3868A4B4F8074D7CD0CC0282C4692AC3	34120	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-header.exe
2013-05-22 12:57:45	382BB26940816D1F61A8DA3106E101F3	52952	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-gif-save.exe
2013-05-22 12:57:45	2900A7DE89B40C9E56ACFE8C38EE4E9A	50664	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\color-exchange.exe
2013-05-22 12:57:45	1F8B0D35F95BA1D84B2624D072788F25	86544	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-jpeg.exe
2013-05-22 12:57:45	1CCA35A52714A8CAEFD7F8D39342A7EB	40352	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\border-average.exe
2013-05-22 12:57:45	1ADEA517B6096C7A26FC3C1392EC4557	38840	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\color-to-alpha.exe
2013-05-22 12:57:45	149691EA2687CE1A3EB0B060211EEAA9	55144	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\file-gih.exe
2013-05-22 12:57:45	0ED436B73DA89175BB85A8CFECFBC1C2	54840	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\bump-map.exe
2013-05-22 12:57:45	08E70C11D3CB0DEF00DE07B8AAD9566F	38512	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\colorify.exe
2013-05-22 12:57:45	0726381BAB030F3A89B01E8B845AE164	34720	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\antialias.exe
2013-05-22 12:57:45	06697025E37EF7611A900E0B6A93ACB7	32720	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\contrast-stretch-hsv.exe
2013-05-22 12:57:45	04FE9C9085B0309A36F1745723FF40E3	45104	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\despeckle.exe
2013-05-22 12:57:45	007CE61177240A0B5DC06EF8A80A4725	48216	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\convolution-matrix.exe
2013-05-22 12:57:45	00599964FEC233999D402C6AC4ED3C89	34784	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\edge-laplace.exe
2013-05-22 12:57:44	DAFE858A9C410B93518700213DED33B4	2509008	----a-w-	C:\Program Files\GIMP 2\bin\gimp-console-2.8.exe
2013-05-22 12:57:44	931181DB81C61AFD17723DF8E7301387	40600	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\align-layers.exe
2013-05-22 12:57:44	8E305E7A82F1F8F7AD05F2A04FCB3CEF	33528	----a-w-	C:\Program Files\GIMP 2\bin\gimptool-2.0.exe
2013-05-22 12:57:44	637D9E1E3E7B9B4A86F46F85E80D2047	45112	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\alien-map.exe
2013-05-22 12:57:44	0141EB711A2DC24DE850E01C01E3947C	5331368	----a-w-	C:\Program Files\GIMP 2\bin\gimp-2.8.exe
2013-05-22 12:57:41	E96C4D0D07E1E15B4D996E213BC14E37	39664	----a-w-	C:\Program Files\GIMP 2\lib\gimp\2.0\plug-ins\twain.exe
2013-05-22 12:57:40	E87884D052C8E0B5AD3FE04A46C5C520	40290	----a-w-	C:\Program Files\GIMP 2\32\bin\gspawn-win32-helper-console.exe
2013-05-22 12:57:40	89909534A1390ADA768635622C55701F	40290	----a-w-	C:\Program Files\GIMP 2\32\bin\gspawn-win32-helper.exe
2013-05-22 12:57:24	DCAE21A3B9ED59EF050ABD39DAA50AB6	1175224	----a-w-	C:\Program Files\GIMP 2\uninst\unins000.exe
2013-05-22 12:54:19	C7A117E7370406448BD32FC99BA5C593	76902472	----a-w-	C:\Users\Butcher\Downloads\Software\gimp-2.8.4-setup.exe
2013-05-22 12:45:32	D80BA0E582F7C9CC70EEF2D39EC68D4D	3270960	----a-w-	C:\Users\Butcher\Downloads\Software\PSISetup7009.exe
2013-05-22 12:12:17	F6FF7917A2E1270C0DDE19E096A7808F	28672	----a-w-	C:\Windows\System32\IEUDINIT.EXE
2013-05-22 12:05:58	AAD90795E84E710543C6C7C2F7048E30	770608	----a-w-	C:\Program Files (x86)\Internet Explorer\iexplore.exe
2013-05-22 12:05:58	5915AA67DECA289F7B4AFB686CDB09E9	71680	----a-w-	C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-05-22 12:05:58	52A7D73D5570F757D865DDECD087FB41	138752	----a-w-	C:\Windows\SysWOW64\wextract.exe
2013-05-22 12:05:58	5051BB40FFB2BA4870C0A059CA03294F	1054720	----a-w-	C:\Windows\System32\MsSpellCheckingFacility.exe
2013-05-22 12:05:58	038F76279EC64878A072D988DE13C7B2	150528	----a-w-	C:\Windows\SysWOW64\iexpress.exe
2013-05-22 12:05:57	F651D95B5043EFC20A6108A853553984	92160	----a-w-	C:\Windows\System32\SetIEInstalledDate.exe
2013-05-22 12:05:57	D9C10A4A0B3411146E6FC8936B079934	167424	----a-w-	C:\Windows\System32\iexpress.exe
2013-05-22 12:05:57	CEA304830B4770BDA3572B87D0841848	775232	----a-w-	C:\Program Files\Internet Explorer\iexplore.exe
2013-05-22 12:05:57	A197763AA7487807279AB61CD6835CEF	89600	----a-w-	C:\Windows\System32\RegisterIEPKEYs.exe
2013-05-22 12:05:57	9D6BD7D1EE59B6D0FD65F1A6DF5706F9	137216	----a-w-	C:\Windows\SysWOW64\ieUnatt.exe
2013-05-22 12:05:57	82D602EBBBA6D08E4691F32269FD3494	12800	----a-w-	C:\Windows\System32\msfeedssync.exe
2013-05-22 12:05:57	6DF2C6438CFF6EFCBBB88AEE01795501	73728	----a-w-	C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-05-22 12:05:57	658E8FEC79A4AB5BFDE032627B5C9667	13824	----a-w-	C:\Windows\System32\mshta.exe
2013-05-22 12:05:57	56E51C26745FF7413514EA4DDF33BC6C	11776	----a-w-	C:\Windows\SysWOW64\msfeedssync.exe
2013-05-22 12:05:57	5397E32E882C0148CEC13D9EACFB7157	222208	----a-w-	C:\Program Files (x86)\Internet Explorer\ielowutil.exe
2013-05-22 12:05:57	42758AF68D3C4912C8D8A18088AD2555	51712	----a-w-	C:\Windows\System32\ie4uinit.exe
2013-05-22 12:05:57	40738329209CBE2C9B48F7E30F7C1414	144896	----a-w-	C:\Windows\System32\wextract.exe
2013-05-22 12:05:57	3AB2A38F7EA9E62D176A78FB58761E24	12800	----a-w-	C:\Windows\SysWOW64\mshta.exe
2013-05-22 12:05:57	31E219322B8D765F9F84B80D1D92A07F	173568	----a-w-	C:\Windows\System32\ieUnatt.exe
2013-05-22 12:05:57	3090B888E263E56744F8BFEF3A36D67D	467456	----a-w-	C:\Program Files (x86)\Internet Explorer\ieinstal.exe
2013-05-22 12:05:57	15CCEAC53648FF7C17AE98923BCD3D75	24576	----a-w-	C:\Program Files (x86)\Internet Explorer\ExtExport.exe
2013-05-22 12:05:57	05277EDA27E5A55CA22AC37DAC47DD23	223744	----a-w-	C:\Program Files\Internet Explorer\ielowutil.exe
2013-05-22 12:05:56	D57BCCD989555B0D6E47AE0F364DD4D3	327680	----a-w-	C:\Program Files\Internet Explorer\iediagcmd.exe
2013-05-22 12:05:56	4BA4770D890B320DAB575B07C7DAF59D	481280	----a-w-	C:\Program Files\Internet Explorer\ieinstal.exe
2013-05-22 12:00:55	615483B8E9439D63F6A79195A7D1D386	51415040	----a-w-	C:\Users\Butcher\Downloads\Software\IE10-Windows6.1-x64-de-de_b16521.exe
2013-05-22 12:00:04	32357DB0A54BB3CE2EEF53EA7738483B	8192	----a-w-	C:\Users\Butcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\N9MAEV8R\IE10-Windows6.1-x86-de-de_b16521[1].exe
2013-05-22 11:59:53	C4CEEF155128E61ED57BB3ECE4DCBC42	810108	----a-w-	C:\Users\Butcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\79M6MHVE\IE10-Windows6.1-x86-de-de_b16521[1].exe
2013-05-22 11:10:31	15B86AEBC342B42AB5CAFA3E7A743A60	4346816	----a-w-	C:\Users\Butcher\Downloads\Software\ccsetup401.exe
2013-05-22 07:02:27	F29E384CAAB7BED7767994F2E95E59C6	109061	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmp53aeb831\gw01.exe
2013-05-21 20:43:44	4F3E36CCB0FD550775B4257E79C39500	109077	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmp849019e7\gw01.exe
2013-05-21 14:43:08	BC069CFF6D790FE5E26D2551EFD25467	109030	----a-w-	C:\Users\Butcher\AppData\Local\Temp\tmp43e39d7f\gw01.exe
2013-05-16 14:18:53	CCB6C951E059A172CAAE39D7765016C8	21151576	----a-w-	C:\Users\Butcher\Downloads\Firefox_Setup_21.0.exe
=== C: other files ==

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"1&1_1&1 Upload-Manager"="C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE /hide"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"ICQ"="C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4"
"Gyewl"="C:\Users\Butcher\AppData\Roaming\Udifyv\cavu.exe"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
"MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SHTtray.exe"="C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe  -osboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"1&1_1&1 Upload-Manager"="C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE /hide"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"ICQ"="C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4"
"Gyewl"="C:\Users\Butcher\AppData\Roaming\Udifyv\cavu.exe"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-05-23 07:26:28	1239	----a-w-	C:\users\Butcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
2010-05-19 21:28:34	834	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undertermined Task]
C:\Windows\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3020034867-2444215615-2686408888-1000.job --a------ C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [16.04.2013 03:09]

==== Firefox Extensions ======================

AppDir: C:\Program Files (x86)\Mozilla Firefox
- Skype Click to Call - %AppDir%\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}
- Java Console - %AppDir%\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}

==== Firefox Plugins ======================


==== Chrome Look ======================

HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
idhngdhcfkoamngbedgpaokgjbnpdiji - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Chrome\Ext\realdownloader.crx[16.04.2013 03:11]
lifbcibllhkdhoafpjfnlhfpfgnpldfl - C:\Program Files (x86)\Skype\Toolbars\Skype for Chromium\skype_chrome_extension.crx[17.01.2012 11:45]

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="hxxp://www.web.de/"
"Default_Page_URL"="hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="hxxp://go.microsoft.com/fwlink/?LinkId=69157"
"Start Page"="hxxp://www.web.de/"

==== All HKCU SearchScopes ======================

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes
"DefaultScope"="{F308A562-30BE-4C2B-B0B0-10BEFD7A0300}"
{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Bing  Url="hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR"
{5A14CC8B-4642-47CF-AA63-C4EAF5B74895} eBay  Url="hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms}"
{6A1806CD-94D4-4689-BA73-E35EA1EA9990} Google  Url="hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}"
{919724FC-A48D-4B04-8F11-83A0CD7A7D00} Zinio  Url="hxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search"
{E9BCF170-691C-429A-84B2-6A888FE9322F} Shopping.com  Url="hxxp://de.shopping.com/?linkin_id=8056363"
{F308A562-30BE-4C2B-B0B0-10BEFD7A0300} Google  Url="hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC"

==== Deleting CLSID Registry Keys ======================

HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E601996F-E400-41CA-804B-CD6373A7EEE2} deleted successfully
HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E601996F-E400-41CA-804B-CD6373A7EEE2} deleted successfully
HKEY_CLASSES_ROOT\Wow6432Node\CLSID\{E601996F-E400-41CA-804B-CD6373A7EEE2} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E601996F-E400-41CA-804B-CD6373A7EEE2} deleted successfully

==== Deleting CLSID Registry Values ======================


==== Empty IE Cache ======================

C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Butcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Butcher\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5 emptied successfully
C:\Users\Default\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Kathrin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\LocalService\AppData\Local\Temp\Temporary Internet Files\Content.IE5 emptied successfully
C:\Windows\serviceprofiles\NetworkService\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully

==== Empty FireFox Cache ======================

C:\users\Kathrin\AppData\Local\Mozilla\Firefox\Profiles\h03qi354.default\Cache emptied successfully

==== Empty Chrome Cache ======================

C:\users\Butcher\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

Flash Cache is not empty, a reboot is needed

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\Windows\Temp successfully emptied
C:\Users\Butcher\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== Deleting Files / Folders ======================

"C:\Program Files (x86)\kikin"  not found
"C:\users\Kathrin\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\7XGQVWKC\admin.brightcove.com"  not found

==== EOF on 23.05.2013 at 12:25:20,70 ======================
         
__________________

Alt 23.05.2013, 11:43   #4
smeenk
/// Malwareteam / Visitor
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Es hat Prima gelaufen
  • Bitte deaktiviere während des Scans alle Virenscanner, da sie das Ergebnis beeinflussen.
  • Starte die Zoek.exe mit einem Doppelklick (nur Windows XP-Benutzer).
  • Windows Vista/7 Benutzer starten das Tool bitte per Rechtsklick auf das Icon und wählen "Als Administrator starten".
  • Kopiere untenstehende Code in das Textfeld:
    Code:
    ATTFilter
    [HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run];r
    "Gyewl"=-;r
    startupall;
             
  • Nun klicke auf "Run script" und warte geduldig, bis der Scan durchgelaufen ist.
  • Wenn das Tool fertig ist, wird sich Notepad mit dem Logfile öffnen (ggfs. erst nach einem Neustart).
    Nachträglich kannst Du den Bericht unter c:\zoek-results.log einsehen.
  • Poste mir das Log File zoek-results.log


Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers

Alt 23.05.2013, 12:16   #5
simiange
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Danke für die schnelle Antwort!

Hier ist das zoek-results.log:
Code:
ATTFilter
Zoek.exe Version 4.0.0.2 Updated 22-May-2013
Tool run by Butcher on 23.05.2013 at 12:52:22,27.
Microsoft Windows 7 Home Premium  6.1.7601 Service Pack 1 x64
Running in: Normal Mode Internet Access Detected

==== Older Logs ======================

C:\zoek-results23.05.2013-1225.log	55258 bytes

==== Registry Fix Code ======================

Windows Registry Editor Version 5.00

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run] 
"Gyewl"=- 

==== Startup Registry Enabled ======================

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="%ProgramFiles%\Windows\Sidebar.exe /autoRun"

[HKEY_USERS\S-1-5-21-3020034867-2444215615-2686408888-1000\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"1&1_1&1 Upload-Manager"="C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE /hide"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"ICQ"="C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4"

[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"mctadmin"="C:\Windows\System32\mctadmin.exe"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe"
"ISBMgr.exe"="C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe"
"NortonOnlineBackupReminder"="C:\Program Files (x86)\Symantec\Norton Online Backup\Activation\NobuActivation.exe UNATTENDED"
"PMBVolumeWatcher"="C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe"
"MarketingTools"="C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe"
"StartCCC"="C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe MSRun"
"APSDaemon"="C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"avgnt"="C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe /min"
"SHTtray.exe"="C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe"
"iTunesHelper"="C:\Program Files (x86)\iTunes\iTunesHelper.exe"
"QuickTime Task"="C:\Program Files (x86)\QuickTime\QTTask.exe -atboottime"
"Adobe ARM"="C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"TkBellExe"="C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe  -osboot"

[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe"
"1&1_1&1 Upload-Manager"="C:\Program Files (x86)\1&1\1&1 Upload-Manager\DAVSRV.EXE /hide"
"Skype"="C:\Program Files (x86)\Skype\Phone\Skype.exe /minimized /regrun"
"ICQ"="C:\Program Files (x86)\ICQ7.2\ICQ.exe silent loginmode=4"

==== Startup Registry Enabled x64 ======================

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe -s"
"SynTPEnh"="%ProgramFiles%\Synaptics\SynTP\SynTPEnh.exe "

==== Startup Folders ======================

2013-05-23 07:26:28	1239	----a-w-	C:\users\Butcher\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
2010-05-19 21:28:34	834	----a-w-	C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk

==== Task Scheduler Jobs ======================

C:\Windows\tasks\Adobe Flash Player Updater.job --a------ [Undertermined Task]
C:\Windows\tasks\RealDownloaderDownloaderScheduledTaskS-1-5-21-3020034867-2444215615-2686408888-1000.job --a------ C:\Program Files (x86)\RealNetworks\RealDownloader\recordingmanager.exe [16.04.2013 03:09]

==== EOF on 23.05.2013 at 12:53:34,32 ======================
         
Und hier das Logfile von Malwarebytes:
Code:
ATTFilter
Malwarebytes Anti-Rootkit BETA 1.05.0.1001
www.malwarebytes.org

Database version: v2013.05.23.05

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 10.0.9200.16576
Butcher :: BUTCHER-VAIO [administrator]

23.05.2013 13:10:44
mbar-log-2013-05-23 (13-10-44).txt

Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled: 
Objects scanned: 31046
Time elapsed: 12 minute(s), 50 second(s)

Memory Processes Detected: 0
(No malicious items detected)

Memory Modules Detected: 0
(No malicious items detected)

Registry Keys Detected: 0
(No malicious items detected)

Registry Values Detected: 0
(No malicious items detected)

Registry Data Items Detected: 0
(No malicious items detected)

Folders Detected: 0
(No malicious items detected)

Files Detected: 0
(No malicious items detected)

(end)
         


Alt 23.05.2013, 12:58   #6
smeenk
/// Malwareteam / Visitor
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Es sieht schon ziemlich sauber aus

Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).


Downloade Dir bitte SecurityCheck und:

  • Speichere es auf dem Desktop.
  • Starte SecurityCheck.exe und folge den Anweisungen in der DOS-Box.
  • Wenn der Scan beendet wurde sollte sich ein Textdokument (checkup.txt) öffnen.
Poste den Inhalt bitte hier.

Alt 23.05.2013, 13:45   #7
simiange
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Na das hört sich ja gut an!

AdwCleaner:
Code:
ATTFilter
# AdwCleaner v2.301 - Datei am 23/05/2013 um 14:29:54 erstellt
# Aktualisiert am 16/05/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Butcher - BUTCHER-VAIO
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Butcher\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Ordner Gelöscht : C:\Users\Kathrin\AppData\Local\Temp\boost_interprocess

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2613550
Schlüssel Gelöscht : HKLM\Software\DeviceVM
Schlüssel Gelöscht : HKLM\SOFTWARE\MozillaPlugins\@checkpoint.com/FFApi
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{E4A71A41-BCC8-480a-9E69-0DA29CBA7ECA}

***** [Internet Browser] *****

-\\ Internet Explorer v10.0.9200.16576

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Google Chrome v [Version kann nicht ermittelt werden]

Datei : C:\Users\Butcher\AppData\Local\Google\Chrome\User Data\Default\Preferences

[OK] Die Datei ist sauber.

*************************

AdwCleaner[S1].txt - [1509 octets] - [23/05/2013 14:29:54]

########## EOF - C:\AdwCleaner[S1].txt - [1569 octets] ##########
         

SecurityCheck:
Code:
ATTFilter
 Results of screen317's Security Check version 0.99.63  
 Windows 7 Service Pack 1 x64 (UAC is disabled!)  
 Internet Explorer 9  
``````````````Antivirus/Firewall Check:`````````````` 
Avira Desktop   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:````````` 
 Spybot - Search & Destroy 
 Java 7 Update 21  
 Adobe Flash Player 11.7.700.202  
 Adobe Reader XI  
````````Process Check: objlist.exe by Laurent````````  
 Avira Antivir avgnt.exe 
 Avira Antivir avguard.exe 
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  
````````````````````End of Log``````````````````````
         

Alt 23.05.2013, 14:36   #8
smeenk
/// Malwareteam / Visitor
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Meiner Meinung nach ist es jetzt sauber

Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich.


Tools deinstallieren

Die Reihenfolge ist hier entscheidend.
  1. Falls Defogger benutzt wurde: jetzt auf re-enable klicken.
  2. Downloade Dir bitte auf jeden Fall delfix auf deinen Desktop:
    • Schließe alle offenen Programme.
    • Starte die delfix.exe mit einem Doppelklick.
    • Setze vor jede Funktion ein Häkchen.
    • Klicke auf Start.
    • DelFix entfernt u. a. alle verwendeten Programme und löscht sich abschließend selbst.
  3. Sollten jetzt noch Programme aus unserer Bereinigung übrig sein kannst du sie bedenkenlos löschen.


Abschließend noch Tipps zu folgenden Themen:
  • Systemupdates
  • Softwareupdates
  • Sicherheitssoftware
  • Sicheres Surfen
Lesestoff:
Systemupdates
Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
  • Bitte überprüfe, ob dein System Windows Updates automatisch herunter lädt:
  • Windows Updates
    • Windows XP: Start --> Systemsteuerung --> Doppelklick auf Automatische Updates
    • Windows Vista / 7: Start --> Systemsteuerung --> System und Sicherheit --> Automatische Updates aktivieren oder deaktivieren
  • Gehe sicher das die automatischen Updates aktiviert sind.


Lesestoff:
Softwareupdates
Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:Auch nicht gelistete Programme sind natürlich wichtig. Ob es für diese eine neue Version gibt, kannst du auf deren Herstellerwebseite oder ganz bequem mit diesen Tools überprüfen:


Lesestoff:
Sicherheitssoftware
Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
  • Wenn du deine Antivirenlösung wechseln solltest, findest du hier Tools mit denen du die Überreste nach der Deinstallation deines alten Scanners entfernen kannst.
  • Installiere niemals mehr als einen Virenscanner. Deren Hintergrundwächter würden sich gegenseitig behindern und dein System ausbremsen.
  • Ein Browserplugin, das dich vor betrügerischen Webseiten schützt, kann dir gute Dienste leisten, wenn du dich nicht gut auskennst (siehe oben).
  • Sorge dafür, dass deine Sicherheitslösung ständig up-to-date ist und sich automatisch Updates besorgt. Wenn du auf manuelle Updates setzt bist du meistens zu spät, da die Virendatenbanken oft täglich sogar mehrfach erneuert werden.
  • Einen zusätzlichen Schutz (und dieser wäre auch erlaubt) bietet ein spezieller Malwarescanner. Hier empfehle ich dir dringend Malwarebytes und einmal wöchentlich damit zu scannen. In der kostenpflichtigen Version hat es sogar einen Hintergrundwächter. Hierfür haben wir eine Anleitung für dich.
Zuletzt empfehle ich dir deine Daten regelmässig (am besten automatisch) zu sichern. Dies kann eine professionelle Backuplösung, externe Festplatten, Brennen auf DVDs oder Überspielen auf ein Online-Laufwerk wie z.B. Dropbox sein. Erzeuge so viele Kopien wie möglich und halte sie aktuell. Nur so bist du auf den schlimmsten Fall vorbereitet, wenn dein Computer - wodurch auch immer - unbrauchbar werden sollte. Leider passiert das ja immer unangekündigt und immer dann wenn man ihn am Nötigsten braucht. Also sorge vor!


Lesestoff:
Sicheres Surfen
Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
  • Klicke nicht irgendwo hin, nur weil es bunt ist und leuchtet, in einer Ecke aufpoppt oder so aussieht, als wäre es eine Systemmeldung.
  • Lade dir keine illegale Software, keine Cracks, keine Keygens, keine Gametrainer usw ... die Webseiten, die so etwas anbieten, sind meist nicht seriös und die angeblichen Helfer sind meist verseuchter als du es dir ausmalen würdest. Es spielt dabei keine Rolle, ob du diese Dateien über einen Browser oder Filesharingprogramme beziehst.
  • Öffne keine Emailanhänge von Leuten, die du nicht kennst, Emails mit seltsamen Rechtschreibfehlern oder starte Dateien, die dir eine Webseite anbietet, ohne dass du sie wolltest.
  • Lasse niemand an deinem Computer surfen, der diese Regeln nicht auch befolgt.
  • Verlasse dich nicht darauf, dass dein Virenscanner schon alles findet. Keine Sicherheitslösung ist 100% sicher!

Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
  • WOT (Web of trust) Dieses Add-On warnt Dich bevor Du eine als schädlich gemeldete Seite besuchst. Hinweis: Avast enthält ein solches Plugin bereits.
  • Sandboxie schafft eine zusätzliche isolierte Programmumgebung, damit dein Browser wie ein Kleinkind im Sandkasten sicher ist. (Anleitung: Sandboxie)
  • Securebanking ist ein Software, die Verbindungen untersucht und dir meldet, wenn jemand "mithört". Wie der Name sagt, wurde es entwickelt, damit Onlinebanking wirklich sicher ist. Mehr Infos auf der Homepage: Secure Banking

Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.



Damit wünsche ich dir noch viel Spaß beim Surfen im Internet

... und vielleicht möchtest du ja das Trojaner-Board unterstützen?

Grüße
Smeenk

Alt 23.05.2013, 23:24   #9
simiange
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Super. Vielen Dank für Deine tolle Unterstützung Smeenk!

Habe alles durchgearbeitet und auch eine Spende gemacht.



Zwei kleine Abschlussfragen noch:
- Sollte ich den Windows Defender neben einem Virenscanner zusätzlich aktivieren oder deaktivieren?
- Ich hatte in einem andere Thread mal etwas gelesen, dass man unbedingt Service Pack 2 installieren soll? Soll ich das auch tun?

Alt 24.05.2013, 06:41   #10
smeenk
/// Malwareteam / Visitor
 
Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Standard

Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden



Zitat:
Zitat von simiange Beitrag anzeigen
Super. Vielen Dank für Deine tolle Unterstützung Smeenk!

Habe alles durchgearbeitet und auch eine Spende gemacht.



Zwei kleine Abschlussfragen noch:
- Sollte ich den Windows Defender neben einem Virenscanner zusätzlich aktivieren oder deaktivieren?
- Ich hatte in einem andere Thread mal etwas gelesen, dass man unbedingt Service Pack 2 installieren soll? Soll ich das auch tun?
Ich habe Dir gerne geholfen
Im namen Trojaner-Board danke für deine Spende

SP 2 fur Windows 7 gibt es noch gar nicht: Service Pack Center - Microsoft Windows
Windows Defender kann Problemlos aktiviert werden, nur wenn man Microsoft Security Essentials als AV verwendet wird Windows Defender automatisch deaktiviert.

Antwort

Themen zu Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden
adobe, antivir, avg, avira, bho, bonjour, cpu, error, exp/cve-2013-2423.j, explorer, firefox, flash player, format, home, homepage, internet, internet explorer, intranet, logfile, object, opera, realtek, registry, safer networking, scan, server, software, symantec



Ähnliche Themen: Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden


  1. Diverse Malware ("CoolSaleCoupon", "ddownlloaditkeep", "omiga-plus", "SaveSense", "SaleItCoupon"); lahmer PC & viel Werbung!
    Plagegeister aller Art und deren Bekämpfung - 11.01.2015 (16)
  2. Windows 8.1: Avira findet "TR/Swrort.A.10259" in "C:\Program Files (x86)\Google\Chrome\Application\old_chrome.exe"
    Plagegeister aller Art und deren Bekämpfung - 23.07.2014 (3)
  3. Avira: (Win7) Trojaner "TR/Rogue.11186992" in "C:\Windows\Temp\44158_updater.exe" gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.04.2014 (77)
  4. "Prozedureinsprungpunkt"_iob_func" wurde in der DLL "MSVCR70.dll" nicht gefunden
    Plagegeister aller Art und deren Bekämpfung - 11.03.2014 (4)
  5. Win XP: Avira fand "EXP/CVE-2013-2465.G.Gen"; ClamWin findet Trojaner
    Log-Analyse und Auswertung - 14.01.2014 (15)
  6. "monstermarketplace.com" Infektion und ihre Folgen; "Anti-Virus-Blocker"," unsichtbare Toolbars" + "Browser-Hijacker" von selbst installiert
    Log-Analyse und Auswertung - 16.11.2013 (21)
  7. Sicherheitscenter deaktiviert und Virus "ADWARE/InstallCo.HA" "ADWARE/bProtect.D" "TR/Mevade.A.95" gefunden
    Log-Analyse und Auswertung - 10.09.2013 (10)
  8. SIGINT 2013: "Ruby is Magic!", "Transparenzgesetz – Quo Vadis?"
    Nachrichten - 11.06.2013 (0)
  9. TR/Spy.ZBot.lntt.12 und EXP/CVE-2013-2423.J von Avira gefunden
    Log-Analyse und Auswertung - 10.06.2013 (4)
  10. Avira meldet "TR/Downloader.Gen8" und "TR/Matsnu.EB.130" nach öffnen von Malware
    Plagegeister aller Art und deren Bekämpfung - 20.03.2013 (32)
  11. "Deutsche Post(eMail-Anhang)" Alle "EXE(Programme)" werden blockiert "WIN 7 Defender"
    Plagegeister aller Art und deren Bekämpfung - 27.12.2012 (3)
  12. "The document has moved. Redirecting"+"Popup unten rechts"+"Nicht alle Links anklickbar"
    Plagegeister aller Art und deren Bekämpfung - 24.10.2012 (38)
  13. AVIRA meldet "W32/Patched.ZA", "TR/ATRAPS.Gen2", "TR/ATRAPS.Gen", "ZR/sirefe.P.487"
    Log-Analyse und Auswertung - 30.07.2012 (9)
  14. "WORM/Conficker.AK" & "WORM/Kido.IH.40" nach USB-Stick-Anschluss durch AVIRA gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.01.2011 (28)
  15. "Trojan.Vundo-Variant/F" in Datei "C:\Windows\Syswow64\avsredirect.dll" + vorher weitere Schädlinge
    Plagegeister aller Art und deren Bekämpfung - 19.12.2010 (15)
  16. "Adware.Virtumonde"/"Downloader.MisleadApp"/"TR/VB.agt.4"/"NewDotNet.A.1350"/"Fakerec
    Plagegeister aller Art und deren Bekämpfung - 22.08.2008 (6)
  17. ">"">><meta http-equiv="Refresh" content="0;url=http://askimizsonsuza.com/code/">"">
    Plagegeister aller Art und deren Bekämpfung - 04.09.2006 (4)

Zum Thema Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden - Hallo zusammen, vor ein paar Tagen hat Avira bei mir folgende Schädlinge gefunden: EXP/CVE-2013-2423.J TR/Spy.ZBot.Intt.12 Der Rechner läuft und es gibt keine für mich ersichtlichen Probleme, außer dass der Rechner - Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden...
Archiv
Du betrachtest: Schädlinge "EXP/CVE-2013-2423.J" und "TR/Spy.ZBot.Intt.12" über Avira gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.