Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden


Log-Analyse und Auswertung: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 13.07.2013, 09:03   #1
gonde
 
PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Standard

PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden


Hallo,
ich habe von Malwarebytes diese Einträge gefunden und durch das Prg. entfernen lassen. Nach Neustart habe ich ungewohnterweise den Malwarebyte nocheinmal, zur Bestätigung der Entfernung der Reg Einträge, laufen lassen. Siehe da: Die Einträge sind noch immer da!
Neuerlicher Start als Administrator und dann sogar im abgesicherten Modus halfen leider nicht. Ebensowenig wie Löschversuche in der Reg.

Dann fand ich bei meinen Recherchen den Hinweis auf Kaspersky Virus Removal Tool, dieses Programm fand zwar angeblich gleich in den ersten 3% drei Hinweise, aber ich kann das nicht belegen, weil ich einen BlueScreen bekam mit den Hinweis auf Bad_Pool_Header.

Daher heute meine Bitte, könnt ihr meine Logs anschauen und mir helfen?

Zuerst die Meldung von Malwarebytes
Code:
ATTFilter
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.07.11.02

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16635
Standard :: PC-I7 [Administrator]

11.07.2013 14:20:59
MBAM-log-2013-07-11 (14-33-00).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 268912
Laufzeit: 5 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: C:\Users\Standard\LOCALS~1\Temp\msuryr.cmd -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom) -> Daten: C:\Users\Standard\LOCALS~1\Temp\msuryr.cmd -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
OTL
Code:
ATTFilter
OTL logfile created on: 13.07.2013 08:53:04 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Standard\Downloads
 Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
 
3,50 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 62,83% Memory free
6,99 Gb Paging File | 5,71 Gb Available in Paging File | 81,70% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 488,28 Gb Total Space | 389,98 Gb Free Space | 79,87% Space Free | Partition Type: NTFS
Drive D: | 443,13 Gb Total Space | 46,05 Gb Free Space | 10,39% Space Free | Partition Type: NTFS
Drive E: | 915,75 Gb Total Space | 428,80 Gb Free Space | 46,83% Space Free | Partition Type: NTFS
Drive F: | 947,26 Gb Total Space | 280,59 Gb Free Space | 29,62% Space Free | Partition Type: NTFS
 
Computer Name: PC-I7 | User Name: Standard | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.07.13 08:39:42 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Standard\Downloads\OTL.exe
PRC - [2013.06.24 11:35:54 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2013.06.24 11:35:41 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe
PRC - [2013.06.24 11:35:40 | 000,076,856 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2013.06.24 11:35:38 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe
PRC - [2013.06.24 11:35:37 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2013.06.24 11:35:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2013.02.10 02:35:07 | 000,866,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe
PRC - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.10.09 10:00:00 | 001,314,000 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNABCSWK.EXE
PRC - [2012.07.04 11:49:06 | 001,220,960 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
PRC - [2012.07.04 11:49:04 | 001,528,672 | ---- | M] (TuneUp Software) -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
PRC - [2012.02.16 13:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programme\DU Meter\DUMeterSvc.exe
PRC - [2012.02.16 13:31:16 | 001,946,352 | ---- | M] (Hagel Technologies Ltd.) -- C:\Programme\DU Meter\DUMeter.exe
PRC - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2012.01.15 09:12:36 | 000,337,888 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\GwkTools\USBDLM\USBDLM.exe
PRC - [2012.01.15 09:11:32 | 000,022,496 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) -- C:\GwkTools\USBDLM\USBDLM_usr.exe
PRC - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Programme\Nero\Update\NASvc.exe
PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Programme\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2010.10.15 10:00:00 | 000,226,784 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE
PRC - [2010.10.15 10:00:00 | 000,181,696 | ---- | M] (CANON INC.) -- C:\Windows\System32\spool\drivers\w32x86\3\CNAP2RPK.EXE
PRC - [2009.10.02 19:42:22 | 006,154,240 | ---- | M] (ASUSTeK Computer Inc.) -- C:\Programme\ASUS\Six Engine\SixEngine.exe
PRC - [2009.03.02 16:33:00 | 000,643,600 | ---- | M] (TypingMaster, Inc) -- C:\GwkTools\QuickPhrase\quickphrase.exe
PRC - [2008.04.23 03:08:13 | 000,483,328 | ---- | M] (Adobe Systems Inc.) -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.11.29 23:59:32 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll
MOD - [2010.03.15 11:28:22 | 000,141,824 | ---- | M] () -- C:\Programme\WinRAR\RarExt.dll
MOD - [2009.09.30 05:33:07 | 000,024,576 | R--- | M] () -- C:\Windows\System32\AsIO.dll
MOD - [2009.08.27 19:41:46 | 000,565,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\pngio.dll
MOD - [2009.08.27 19:41:46 | 000,053,248 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsSpindownTimeout.dll
MOD - [2009.04.22 20:20:00 | 000,179,712 | ---- | M] () -- C:\Programme\ASUS\Six Engine\AsusService.dll
MOD - [2007.05.23 15:26:26 | 000,027,928 | ---- | M] () -- C:\GwkTools\QuickPhrase\PhraseDll.dll
MOD - [2006.01.12 22:20:26 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.DEU
MOD - [2006.01.12 22:13:46 | 000,019,968 | ---- | M] () -- C:\Programme\Adobe\Acrobat 7.0\Distillr\acrotray.FRA
 
 
========== Services (SafeList) ==========
 
SRV - [2013.07.11 17:33:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.06.27 09:22:06 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013.06.24 11:35:54 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013.06.24 11:35:41 | 000,589,368 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService)
SRV - [2013.06.24 11:35:38 | 000,371,768 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013.06.24 11:35:37 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013.06.13 02:15:26 | 000,101,888 | ---- | M] (Freemake) [Disabled | Stopped] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver)
SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013.05.11 12:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013.02.10 11:20:38 | 001,266,464 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.31 18:57:06 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.10.22 17:43:44 | 000,027,768 | ---- | M] (VIA Technologies, Inc.) [Disabled | Stopped] -- C:\Windows\System32\ViakaraokeSrv.exe -- (VIAKaraokeService)
SRV - [2012.09.17 07:39:30 | 000,171,600 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Programme\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor11.0)
SRV - [2012.07.04 11:49:04 | 001,528,672 | ---- | M] (TuneUp Software) [Auto | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012.06.11 11:33:26 | 000,724,376 | ---- | M] (Nokia) [Disabled | Stopped] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.02.16 13:31:20 | 001,110,480 | ---- | M] (Hagel Technologies Ltd.) [Auto | Running] -- C:\Program Files\DU Meter\DUMeterSvc.exe -- (DUMeterSvc)
SRV - [2012.02.01 17:29:58 | 000,013,592 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.01.15 09:12:36 | 000,337,888 | ---- | M] (Uwe Sieber - www.uwe-sieber.de) [Auto | Running] -- C:\GwkTools\USBDLM\USBDLM.exe -- (USBDLM)
SRV - [2011.11.25 16:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Programme\Nero\Update\NASvc.exe -- (NAUpdate)
SRV - [2010.11.20 23:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.10.28 09:10:40 | 000,189,776 | ---- | M] (DATA BECKER GmbH & Co KG) [Disabled | Stopped] -- C:\Programme\Common Files\DATA BECKER Shared\DBService.exe -- (DBService)
SRV - [2010.03.10 15:26:48 | 000,189,728 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2009.08.19 13:56:38 | 000,090,112 | R--- | M] (ASUSTeK Computer Inc.) [Disabled | Stopped] -- C:\Programme\ASUS\AsSysCtrlService\1.00.02\AsSysCtrlService.exe -- (AsSysCtrlService)
SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc)
SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)
SRV - [2006.11.02 20:40:12 | 000,174,656 | ---- | M] () [Disabled | Stopped] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing)
SRV - [2003.07.28 14:28:22 | 000,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.07.04 16:38:20 | 000,188,176 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2013.07.04 16:37:08 | 000,115,984 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2013.07.04 16:37:08 | 000,104,720 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2013.07.04 16:37:08 | 000,094,480 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2013.07.04 16:37:08 | 000,084,752 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VBoxUSB.sys -- (VBoxUSB)
DRV - [2013.03.25 14:12:09 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013.03.25 14:12:09 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013.03.25 14:12:09 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013.03.23 20:23:32 | 000,023,456 | ---- | M] (Phoenix Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\DrvAgent32.sys -- (DrvAgent32)
DRV - [2013.02.13 12:12:06 | 000,063,464 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2013.02.10 11:20:38 | 008,944,416 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012.12.19 13:41:52 | 000,154,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2012.11.20 15:48:13 | 000,011,936 | ---- | M] (Highresolution Enterprises [www.highrez.co.uk]) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\inpout32.sys -- (inpout32)
DRV - [2012.11.20 10:57:46 | 000,003,026 | ---- | M] (Logix4u) [Kernel | System | Running] -- C:\Windows\System32\drivers\hwinterface.sys -- (hwinterface)
DRV - [2012.10.22 17:43:36 | 001,841,272 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\viahduaa.sys -- (VIAHdAudAddService)
DRV - [2012.08.27 15:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 16:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2012.07.30 11:24:30 | 000,132,608 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ser2pl.sys -- (Ser2plx86)
DRV - [2012.06.21 19:30:36 | 000,085,088 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxppalx.sys -- (SNXPPALX)
DRV - [2012.06.21 19:30:34 | 000,048,224 | ---- | M] (SUNIX Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\snxpcard.sys -- (SNXPCARD)
DRV - [2012.06.11 11:33:46 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.03 11:43:34 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand | Running] -- C:\Programme\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2012.04.13 11:05:06 | 000,073,096 | ---- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2012.03.08 18:42:38 | 000,131,000 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\WimFltr.sys -- (WimFltr)
DRV - [2012.02.16 13:31:26 | 000,019,832 | ---- | M] (Hagel Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Programme\DU Meter\DUMetr32.sys -- (DUMeterDrv)
DRV - [2012.01.19 09:24:16 | 000,276,784 | ---- | M] (Marvell Semiconductor, Inc.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\mv91xx.sys -- (mv91xx)
DRV - [2011.12.01 11:40:16 | 000,056,496 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVol.sys -- (NBVol)
DRV - [2011.12.01 11:40:16 | 000,012,464 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\NBVolUp.sys -- (NBVolUp)
DRV - [2011.11.04 16:00:00 | 000,039,696 | ---- | M] (www.winchiphead.com) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CH341SER.SYS -- (CH341SER)
DRV - [2011.09.15 10:46:02 | 000,005,248 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Windows\giveio.sys -- (giveio)
DRV - [2011.05.28 11:25:00 | 000,035,776 | ---- | M] (hxxp://libusb-win32.sourceforge.net) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\libusb0.sys -- (libusb0)
DRV - [2011.02.10 15:52:10 | 000,141,952 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV - [2011.02.10 15:52:10 | 000,063,872 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)
DRV - [2011.01.27 20:18:32 | 000,047,176 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabenm.sys -- (silabenm)
DRV - [2011.01.10 12:35:42 | 000,050,688 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\hcdriver.sys -- (hcdriver)
DRV - [2010.11.25 11:27:32 | 000,103,000 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\jraid.sys -- (JRAID)
DRV - [2010.11.20 23:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus)
DRV - [2010.11.20 23:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\dmvsc.sys -- (dmvsc)
DRV - [2010.11.20 23:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt)
DRV - [2010.11.20 23:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc)
DRV - [2010.11.20 23:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID)
DRV - [2010.11.20 23:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap)
DRV - [2010.08.31 13:43:36 | 000,195,968 | ---- | M] (Jungo) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\windrvr6.sys -- (WinDriver6)
DRV - [2010.07.21 16:51:20 | 000,058,112 | ---- | M] (Silicon Laboratories) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\silabser.sys -- (silabser)
DRV - [2010.01.07 09:05:26 | 000,182,304 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RtsUStor.sys -- (RSUSBSTOR)
DRV - [2009.09.23 03:19:31 | 000,294,912 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcvmm.sys -- (vpcvmm)
DRV - [2009.09.23 03:19:31 | 000,055,040 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\vpcnfltr.sys -- (vpcnfltr)
DRV - [2009.09.23 03:18:08 | 000,078,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpcusb.sys -- (vpcusb)
DRV - [2009.09.23 03:18:07 | 000,165,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vpchbus.sys -- (vpcbus)
DRV - [2009.09.23 03:18:07 | 000,012,800 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpcuxd.sys -- (vpcuxd)
DRV - [2009.08.04 04:28:18 | 000,011,296 | R--- | M] () [Kernel | System | Running] -- C:\Windows\System32\drivers\AsIO.sys -- (AsIO)
DRV - [2009.07.16 05:36:30 | 000,013,216 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2009.07.14 01:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial)
DRV - [2009.06.11 14:09:56 | 001,516,544 | ---- | M] (C-Media Electronics Inc) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CM106.sys -- (USBMULCD)
DRV - [2005.03.30 11:12:38 | 000,014,544 | ---- | M] (EnTech Taiwan) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\TVicPort.sys -- (TVicPort)
DRV - [1998.11.25 17:48:36 | 000,013,728 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\System32\drivers\GLPNTDRV.SYS -- (glpntdrv)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
IE - HKLM\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKLM\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoEMonYB&dpid=SnapdoEMonYB&co=AT&userid=75bfa797-4670-495a-9c80-40a02cc290f4&searchtype=ds&q={searchTerms}&installDate=09/05/2013
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 55 D3 AA 5A E4 CA 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5}
IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=SnapdoOCYB&dpid=SnapdoOCYB&co=AT&userid=0fc19f6f-25b3-434c-a122-a869b70aea4c&searchtype=ds&q={searchTerms}&installDate={installDate}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
 
========== FireFox ==========
 
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "file:///C:/Program%20Files/Mozilla%20Firefox/bookmarks.html"
FF - prefs.js..extensions.enabledAddons: %7B5384767E-00D9-40E9-B72F-9CC39D655D6F%7D:1.4.2.1
FF - prefs.js..extensions.enabledAddons: %7BDDC359D1-844A-42a7-9AA1-88A850A938A8%7D:2.0.16
FF - prefs.js..extensions.enabledAddons: %7BACAA314B-EEBA-48e4-AD47-84E31C44796C%7D:4.3.3.15
FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.15
FF - prefs.js..extensions.enabledAddons: %7B81328583-3CA7-4809-B4BA-570A85818FBB%7D:0.9
FF - prefs.js..extensions.enabledAddons: scrapbookplus%40addons.mozilla.org:1.9.23.40
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:22.0
 
 
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_8_800_94.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1202122.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40818.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~1\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.7: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf:  File not found
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}: C:\Program Files\Common Files\DVDVideoSoft\plugins\ff\ [2013.05.21 10:23:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.05.25 08:26:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.18 07:06:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013.01.31 17:23:06 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Components: C:\Program Files\SeaMonkey\components [2013.01.31 17:26:08 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 2.14.1\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2013.05.18 07:06:24 | 000,000,000 | ---D | M]
 
[2013.01.31 17:41:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions
[2010.04.26 19:01:43 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2010.04.29 08:14:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2013.07.05 09:57:15 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions
[2013.03.31 10:56:06 | 000,000,000 | ---D | M] (EPUBReader) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\{5384767E-00D9-40E9-B72F-9CC39D655D6F}
[2013.05.29 13:05:03 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Standard\AppData\Roaming\mozilla\Firefox\Profiles\fpj4oink.default-1361704049564\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2013.05.13 08:48:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions
[2013.02.09 17:24:54 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2013.05.13 08:48:59 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Users\Standard\AppData\Roaming\mozilla\SeaMonkey\Profiles\5z0bbbd1.default\extensions\inspector@mozilla.org
[2013.07.05 09:57:16 | 000,254,237 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\scrapbookplus@addons.mozilla.org.xpi
[2013.07.01 07:14:42 | 000,043,390 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{81328583-3CA7-4809-B4BA-570A85818FBB}.xpi
[2013.05.09 11:33:59 | 000,870,680 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2013.05.01 12:15:25 | 000,714,654 | ---- | M] () (No name found) -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}.xpi
[2013.05.21 10:23:42 | 000,021,695 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\mozilla\firefox\profiles\fpj4oink.default-1361704049564\searchplugins\Web Search.xml
[2013.05.25 08:26:57 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.06.27 09:22:06 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013.05.21 10:23:29 | 000,000,000 | ---D | M] ("DVDVideoSoft YouTube MP3 and Video Download") -- C:\PROGRAM FILES\COMMON FILES\DVDVIDEOSOFT\PLUGINS\FF
 
O1 HOSTS File: ([2011.09.07 18:49:37 | 000,000,832 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (DVDVideoSoft WebPageAdjuster Class) - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [Acrobat Assistant 7.0] C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [CNAP2 Launcher] C:\Windows\System32\spool\drivers\w32x86\3\CNAP2LAK.EXE (CANON INC.)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation)
O4 - HKCU..\Run: [DU Meter] C:\Program Files\DU Meter\DUMeter.exe (Hagel Technologies Ltd.)
O4 - Startup: C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\quickphrase.exe.lnk = C:\GwkTools\QuickPhrase\quickphrase.exe (TypingMaster, Inc)
F3 - HKCU WinNT: Load - (C:\Users\Standard\LOCALS~1\Temp\mshwuuj.bat) -  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoStrCmpLogical = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispAppearancePage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoHotStart = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetOpenWith = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoManageMyComputerVerb = 0
O8 - Extra context menu item: Alles mit FDM herunterladen - C:\Program Files\Free Download Manager\dlall.htm ()
O8 - Extra context menu item: An SchnapperPlus senden - C:\Programme\SchnapperPlus\SchnapperPlusMenu.js ()
O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - Reg Error: Value error. File not found
O8 - Extra context menu item: Ausgewählte Verknüpfungen in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Ausgewählte Verknüpfungen in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Auswahl mit FDM herunterladen - C:\Program Files\Free Download Manager\dlselected.htm ()
O8 - Extra context menu item: Datei mit FDM herunterladen - C:\Program Files\Free Download Manager\dllink.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Programme\Common Files\DVDVideoSoft\plugins\freeytmp3downloader.htm ()
O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: In vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - Reg Error: Value error. File not found
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Videos mit FDM herunterladen - C:\Program Files\Free Download Manager\dlfvideo.htm ()
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: SchnapperPlus - {D6243B39-211B-440D-B4C5-26D2A579CAC8} - Reg Error: Key error. File not found
O9 - Extra Button: Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O9 - Extra 'Tools' menuitem : Free YouTube Download - {EE932B49-D5C0-4D19-A3DA-CE0849258DE6} - C:\Programme\Common Files\DVDVideoSoft\bin\IEDownloadMenuAndBtns.dll (DVDVideoSoft Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 10.25.2)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7425F3EA-3376-4D0E-8E9A-656428B7CB97}: DhcpNameServer = 10.0.0.138
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.07.12 16:12:11 | 000,167,344 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.b8df.deleteme
[2013.07.12 16:10:53 | 000,000,000 | ---D | C] -- C:\Stinger_Quarantine
[2013.07.12 16:10:30 | 000,000,000 | ---D | C] -- C:\Program Files\stinger
[2013.07.12 12:09:13 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.07.11 07:39:00 | 000,000,000 | ---D | C] -- C:\Windows\System32\MRT
[2013.07.10 19:25:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox
[2013.07.06 10:50:16 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Liqube
[2013.07.06 10:50:13 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Resonic Alpha
[2013.07.06 10:50:13 | 000,000,000 | ---D | C] -- C:\Program Files\Liqube
[2013.07.04 19:40:24 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\My Kindle Content
[2013.07.04 19:40:18 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon
[2013.07.04 19:40:11 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Amazon
[2013.06.18 10:21:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.06.13 15:39:30 | 000,000,000 | ---D | C] -- C:\Program Files\AviSynth 2.5
[2013.06.13 15:35:00 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2013.06.13 15:35:00 | 000,216,064 | RHS- | C] (MONOGRAM Multimedia, s.r.o.) -- C:\Windows\System32\nbDX.dll
[2013.06.13 15:35:00 | 000,186,880 | RHS- | C] (RadLight) -- C:\Windows\System32\RLOgg.ax
[2013.06.13 15:35:00 | 000,179,200 | RHS- | C] (Gabest) -- C:\Windows\System32\DiracSplitter.ax
[2013.06.13 15:35:00 | 000,163,328 | RHS- | C] (Gabest) -- C:\Windows\System32\flvDX.dll
[2013.06.13 15:35:00 | 000,161,792 | RHS- | C] (Gabest) -- C:\Windows\System32\RealMediaDX.ax
[2013.06.13 15:35:00 | 000,123,904 | RHS- | C] (CoreCodec) -- C:\Windows\System32\AVCDX.ax
[2013.06.13 15:35:00 | 000,092,672 | RHS- | C] (RadLight) -- C:\Windows\System32\RLVorbisDec.ax
[2013.06.13 15:35:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSSplitter.ax
[2013.06.13 15:35:00 | 000,090,112 | RHS- | C] (-) -- C:\Windows\System32\TTADSDecoder.ax
[2013.06.13 15:35:00 | 000,067,584 | RHS- | C] (RadLight, LLC) -- C:\Windows\System32\RLTheoraDec.ax
[2013.06.13 15:35:00 | 000,031,232 | RHS- | C] (Hans Mayerl) -- C:\Windows\System32\msfDX.dll
[2013.06.13 15:35:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPER © - by eRightSoft
[2013.06.13 15:34:58 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2013.06.13 15:07:29 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\FreemakeVideoConverter
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Freemake
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.13 15:06:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
[2013.06.13 15:06:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake
[2013.06.13 15:06:48 | 000,000,000 | ---D | C] -- C:\Program Files\Freemake
[2013.06.13 14:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\xml_param
[2013.06.13 14:45:54 | 000,000,000 | ---D | C] -- C:\Users\Standard\Documents\Aimersoft DVD Ripper
[2013.06.13 14:45:45 | 000,000,000 | ---D | C] -- C:\Users\Standard\AppData\Local\Aimersoft
[2013.06.13 14:45:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Aimersoft
[2013.06.13 14:45:42 | 000,892,928 | ---- | C] (Free Software Foundation) -- C:\Windows\System32\iconv.dll
[2013.06.13 14:45:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Aimersoft DVD Ripper
[2013.06.13 14:45:40 | 000,000,000 | ---D | C] -- C:\Program Files\Aimersoft
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Standard\AppData\Local\*.tmp files -> C:\Users\Standard\AppData\Local\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.07.13 08:17:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.07.13 07:45:36 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.07.13 07:45:36 | 000,026,352 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.07.13 07:38:10 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.07.13 07:38:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.07.12 16:12:09 | 000,167,344 | ---- | M] (McAfee, Inc.) -- C:\Windows\System32\mfevtps.exe.b8df.deleteme
[2013.07.12 16:07:10 | 000,694,592 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.07.12 16:07:10 | 000,652,496 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.07.12 16:07:10 | 000,146,780 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.07.12 16:07:10 | 000,121,428 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.07.12 07:29:41 | 000,049,805 | ---- | M] () -- C:\Users\Standard\Documents\Edith_Avira Online Shop.pdf
[2013.07.11 17:58:34 | 000,000,000 | ---- | M] () -- C:\Users\Standard\defogger_reenable
[2013.07.11 07:32:54 | 004,094,360 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2013.07.10 19:25:29 | 000,001,082 | ---- | M] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.07.09 13:27:07 | 000,000,787 | ---- | M] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
[2013.07.06 10:50:14 | 000,001,214 | ---- | M] () -- C:\Users\Standard\Desktop\Resonic MP3.lnk
[2013.07.04 19:40:18 | 000,002,251 | ---- | M] () -- C:\Users\Standard\Desktop\Kindle.lnk
[2013.07.03 09:04:09 | 000,002,358 | -HS- | M] () -- C:\Windows\System32\KGyGaAvL.sys
[2013.07.01 13:50:10 | 000,853,578 | ---- | M] () -- C:\Users\Standard\Documents\A1_BA-Box.pdf
[2013.07.01 07:03:15 | 000,011,664 | ---- | M] () -- C:\Users\Standard\gsview32.ini
[2013.06.30 12:07:46 | 000,000,982 | ---- | M] () -- C:\Users\Public\Desktop\IrfanView.lnk
[2013.06.25 14:57:35 | 000,000,214 | ---- | M] () -- C:\Users\Standard\Documents\led_blink.aws
[2013.06.25 14:57:29 | 000,001,522 | ---- | M] () -- C:\Users\Standard\Documents\LED_blink.asm
[2013.06.25 14:56:14 | 000,002,295 | ---- | M] () -- C:\Users\Standard\Documents\LED_blink.aps
[2013.06.25 14:37:59 | 000,000,318 | ---- | M] () -- C:\Users\Standard\Documents\test2.aws
[2013.06.25 14:37:25 | 000,002,267 | ---- | M] () -- C:\Users\Standard\Documents\test2.aps
[2013.06.25 14:37:25 | 000,000,000 | ---- | M] () -- C:\Users\Standard\Documents\test2.asm
[2013.06.25 08:45:30 | 000,000,345 | ---- | M] () -- C:\Users\Standard\Documents\test1.aws
[2013.06.25 08:44:50 | 000,002,649 | ---- | M] () -- C:\Users\Standard\Documents\test1.aps
[2013.06.25 08:44:50 | 000,000,000 | ---- | M] () -- C:\Users\Standard\Documents\test1.asm
[2013.06.24 11:35:57 | 000,067,168 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avnetflt.sys
[2013.06.20 10:22:12 | 000,001,046 | ---- | M] () -- C:\Users\Standard\Desktop\Cathy.exe.lnk
[2013.06.18 10:21:03 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 13:58:22 | 000,695,204 | ---- | M] () -- C:\Users\Standard\Documents\WebseitenBau_ct_ 14 2013.pdf
[2013.06.13 15:35:00 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2013.06.13 15:06:55 | 000,001,288 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ]
[1 C:\Users\Standard\AppData\Local\*.tmp files -> C:\Users\Standard\AppData\Local\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.07.12 07:29:41 | 000,049,805 | ---- | C] () -- C:\Users\Standard\Documents\Edith_Avira Online Shop.pdf
[2013.07.11 17:58:34 | 000,000,000 | ---- | C] () -- C:\Users\Standard\defogger_reenable
[2013.07.10 19:25:29 | 000,001,082 | ---- | C] () -- C:\Users\Public\Desktop\Oracle VM VirtualBox.lnk
[2013.07.06 10:50:14 | 000,001,214 | ---- | C] () -- C:\Users\Standard\Desktop\Resonic MP3.lnk
[2013.07.04 19:40:18 | 000,002,251 | ---- | C] () -- C:\Users\Standard\Desktop\Kindle.lnk
[2013.07.01 13:50:10 | 000,853,578 | ---- | C] () -- C:\Users\Standard\Documents\A1_BA-Box.pdf
[2013.06.25 14:57:35 | 000,000,214 | ---- | C] () -- C:\Users\Standard\Documents\led_blink.aws
[2013.06.25 14:56:14 | 000,002,295 | ---- | C] () -- C:\Users\Standard\Documents\LED_blink.aps
[2013.06.25 14:56:14 | 000,001,522 | ---- | C] () -- C:\Users\Standard\Documents\LED_blink.asm
[2013.06.25 14:37:59 | 000,000,318 | ---- | C] () -- C:\Users\Standard\Documents\test2.aws
[2013.06.25 14:37:25 | 000,002,267 | ---- | C] () -- C:\Users\Standard\Documents\test2.aps
[2013.06.25 14:37:25 | 000,000,000 | ---- | C] () -- C:\Users\Standard\Documents\test2.asm
[2013.06.25 08:45:30 | 000,000,345 | ---- | C] () -- C:\Users\Standard\Documents\test1.aws
[2013.06.25 08:44:50 | 000,002,649 | ---- | C] () -- C:\Users\Standard\Documents\test1.aps
[2013.06.25 08:44:50 | 000,000,000 | ---- | C] () -- C:\Users\Standard\Documents\test1.asm
[2013.06.20 10:22:12 | 000,001,046 | ---- | C] () -- C:\Users\Standard\Desktop\Cathy.exe.lnk
[2013.06.18 10:21:03 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk
[2013.06.16 13:58:22 | 000,695,204 | ---- | C] () -- C:\Users\Standard\Documents\WebseitenBau_ct_ 14 2013.pdf
[2013.06.13 15:35:00 | 000,227,328 | RHS- | C] () -- C:\Windows\System32\ac3DX.ax
[2013.06.13 15:35:00 | 000,195,584 | RHS- | C] () -- C:\Windows\System32\MatroskaDX.ax
[2013.06.13 15:35:00 | 000,188,416 | RHS- | C] () -- C:\Windows\System32\winDCE32.dll
[2013.06.13 15:35:00 | 000,175,104 | RHS- | C] () -- C:\Windows\System32\CoreAAC.ax
[2013.06.13 15:35:00 | 000,121,344 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.ax
[2013.06.13 15:35:00 | 000,120,832 | RHS- | C] () -- C:\Windows\System32\MPCDx.ax
[2013.06.13 15:35:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\TAKDSDecoder.dll
[2013.06.13 15:35:00 | 000,107,520 | RHS- | C] () -- C:\Windows\System32\RLMPCDec.ax
[2013.06.13 15:35:00 | 000,097,280 | RHS- | C] () -- C:\Windows\System32\FLACDX.ax
[2013.06.13 15:35:00 | 000,081,920 | RHS- | C] () -- C:\Windows\System32\aac_parser.ax
[2013.06.13 15:35:00 | 000,070,656 | RHS- | C] () -- C:\Windows\System32\RLAPEDec.ax
[2013.06.13 15:35:00 | 000,051,712 | RHS- | C] () -- C:\Windows\System32\RLSpeexDec.ax
[2013.06.13 15:35:00 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\SUPER ©.lnk
[2013.06.13 15:06:55 | 000,001,288 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk
[2013.06.13 14:45:42 | 000,675,840 | ---- | C] () -- C:\Windows\System32\ac3filter.ax
[2013.06.13 14:45:42 | 000,496,640 | ---- | C] () -- C:\Windows\System32\xvid.ax
[2013.05.12 15:53:27 | 000,000,000 | ---- | C] () -- C:\ProgramData\myAvrQuickProg.cfg
[2013.05.11 13:29:11 | 000,290,904 | ---- | C] () -- C:\Windows\System32\vc6-re200l.dll
[2013.05.09 14:09:53 | 000,032,256 | -HS- | C] () -- C:\Windows\System32\AVSredirect.dll
[2013.04.14 09:55:02 | 000,304,584 | ---- | C] (                                                            ) -- C:\Program Files\Common Files\delete.exe
[2013.04.07 15:34:53 | 000,003,584 | ---- | C] () -- C:\Users\Standard\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.03.14 08:33:14 | 000,000,657 | ---- | C] () -- C:\Windows\unins000.dat
[2013.03.09 13:35:48 | 000,000,218 | ---- | C] () -- C:\Users\Standard\AppData\Local\recently-used.xbel
[2013.03.06 12:51:57 | 000,007,606 | ---- | C] () -- C:\Users\Standard\AppData\Local\Resmon.ResmonCfg
[2013.03.04 17:41:48 | 000,000,096 | ---- | C] () -- C:\Users\Standard\AppData\Local\CrystalDiskMark30.ini
[2013.02.14 11:07:26 | 000,004,138 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\LTspiceIV.ini
[2013.01.31 17:51:17 | 000,021,532 | ---- | C] () -- C:\Windows\System32\emptyregdb.dat
[2013.01.31 11:09:27 | 000,016,384 | ---- | C] () -- C:\Windows\System32\FileOps.exe
[2012.11.20 16:47:14 | 000,000,000 | ---- | C] () -- C:\Windows\PROTOCOL.INI
[2012.11.20 16:47:06 | 000,000,035 | ---- | C] () -- C:\Windows\GALEP3.INI
[2012.11.20 16:41:46 | 000,013,728 | ---- | C] () -- C:\Windows\System32\drivers\GLPNTDRV.SYS
[2012.10.31 13:14:16 | 000,000,000 | ---- | C] () -- C:\Windows\System32\svEditor.ini
[2012.09.20 08:50:54 | 000,064,000 | ---- | C] () -- C:\Windows\System32\esfw41.bin
[2012.07.06 17:35:38 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\filter
[2012.03.25 11:51:02 | 000,000,121 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool101.cfg
[2012.03.13 16:11:01 | 000,000,588 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.10 11:07:25 | 000,000,025 | ---- | C] () -- C:\Windows\ULTImate.ini
[2012.02.19 10:22:48 | 000,000,172 | ---- | C] () -- C:\Windows\CmdFile.INI
[2012.02.19 10:03:41 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\grep
[2012.02.19 09:48:31 | 000,000,000 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\business-inkjet
[2012.01.12 17:13:54 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2012.01.06 13:44:44 | 000,294,912 | ---- | C] () -- C:\Windows\System32\mbr_sqlite.dll
[2011.10.22 16:24:13 | 000,011,664 | ---- | C] () -- C:\Users\Standard\gsview32.ini
[2011.10.22 16:19:58 | 000,000,043 | ---- | C] () -- C:\Windows\gswin32.ini
[2011.09.08 09:12:53 | 000,544,768 | ---- | C] () -- C:\Windows\System32\Cmeau106.exe
[2011.09.08 09:12:53 | 000,143,360 | ---- | C] () -- C:\Windows\Vmix106.dll
[2011.09.08 09:12:53 | 000,000,269 | ---- | C] () -- C:\Windows\Cm106.ini.cfl
[2011.09.08 09:12:50 | 000,299,008 | ---- | C] () -- C:\Windows\System32\CmiInstallResAll.dll
[2011.09.08 09:12:50 | 000,002,391 | ---- | C] () -- C:\Windows\Cm106.ini.cfg
[2011.09.08 09:12:50 | 000,000,174 | ---- | C] () -- C:\Windows\Cm106.ini.imi
[2011.09.08 09:12:49 | 000,000,518 | ---- | C] () -- C:\Windows\cm106.ini
[2011.08.22 08:57:55 | 000,005,331 | ---- | C] () -- C:\Program Files\Lizenz.rtf
[2011.08.01 17:21:38 | 000,852,264 | ---- | C] () -- C:\Windows\System32\wodCertificate.dll
[2011.07.25 10:23:45 | 000,000,040 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\mySmartUSB_Terminal.cfg
[2011.06.16 11:50:43 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\docInfo
[2011.05.11 09:17:25 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\Console
[2011.05.11 09:17:22 | 000,000,268 | RH-- | C] () -- C:\Users\Standard\AppData\Roaming\Contents
[2011.02.18 11:33:50 | 000,000,250 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_WorkpadSE_Demo.cfg
[2010.08.06 09:16:21 | 000,003,243 | ---- | C] () -- C:\Users\Standard\gdbtk.ini
[2010.07.30 09:08:19 | 000,000,811 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_WorkpadPLUS_Demo.cfg
[2010.07.08 16:32:13 | 000,000,787 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAVR_ProgTool.cfg
[2010.07.08 16:29:07 | 000,000,262 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\myAvrQuickProg.cfg
[2010.04.30 08:49:57 | 000,000,024 | ---- | C] () -- C:\Users\Standard\AppData\Roaming\MyPhrases.dta
[2010.04.28 09:33:48 | 002,136,576 | ---- | C] () -- C:\Program Files\frontdesigner30.exe
[2010.04.28 09:33:48 | 000,654,098 | ---- | C] () -- C:\Program Files\frontdesigner30.chm
[2010.04.28 09:33:48 | 000,000,026 | ---- | C] () -- C:\Program Files\sprache.ini
[2005.04.08 04:16:43 | 000,118,093 | -H-- | C] () -- C:\Users\Standard\AppData\Roaming\Standardv1.18.0 - Trial versionlog.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 23:29:20 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2013.01.31 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\7-PDFWebsiteConverter
[2013.01.31 17:40:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Acronis
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Alltags-Programme
[2013.05.09 14:45:13 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\AnvSoft
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Arduino
[2013.01.31 17:40:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ashampoo
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Atmel
[2013.06.08 15:45:05 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Audacity
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Auslogics
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\avidemux
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Azureus
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Bitstream
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\BitTorrent
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\BitZipper
[2013.01.31 17:40:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\CadSoft
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\calibre
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Canneverbe Limited
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2013.01.31 17:40:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\com.adobe.formscentral.FormsCentralForAcrobat
[2013.04.14 09:22:31 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DATA BECKER Shared
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DeepBurner
[2012.02.27 11:41:50 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Driver
[2011.04.16 12:58:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVD2AVI Ripper
[2013.05.21 10:23:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoft
[2013.05.21 10:23:38 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\DVDVideoSoftIEHelpers
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\eCub
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\EPSON
[2011.01.31 16:41:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\EurekaLog
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileMaker
[2013.05.07 08:50:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FileZilla
[2013.02.18 20:36:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Foxit Software
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Free Download Manager
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Fritzing
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\FrontDesign
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRight
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GetRightToGo
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\GHISLER
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\gtk-2.0
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HamsterSoft
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HandBrake
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\HD Tune Pro
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Helios
[2013.01.31 17:40:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ibf
[2013.01.31 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ImgBurn
[2013.03.09 15:30:11 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\inkscape
[2013.01.31 17:40:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Intermedia Software
[2013.01.31 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\IrfanView
[2013.01.31 17:41:03 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\JonDo
[2013.01.31 17:41:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\jpg-Illuminator
[2013.01.31 17:41:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Jutoh
[2013.04.06 10:00:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\LibreOffice
[2013.07.06 10:50:16 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Liqube
[2013.01.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\MAGIX
[2013.01.31 17:41:08 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\MCS Electronics
[2013.01.31 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Mp3tag
[2013.01.31 17:41:21 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\NCH Swift Sound
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nik Software
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nikon
[2013.01.31 17:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nokia
[2012.06.20 16:15:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nokia Suite
[2013.01.31 17:41:23 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Nvu
[2013.05.21 10:23:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\OpenCandy
[2013.01.31 17:41:24 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Opera
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\PC Suite
[2013.05.29 08:13:20 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\pdfforge
[2012.01.06 15:41:22 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Pooqm
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\POV-Ray
[2013.04.17 12:04:53 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ProtectDisc
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Q-Dir
[2013.01.31 17:41:25 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\QuickScan
[2013.06.28 09:20:00 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SchnapperPlus
[2013.01.31 17:41:26 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Semper Software
[2013.01.31 17:41:27 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Simon Brown, HB9DRV
[2013.05.09 13:50:57 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\SuperEasy Software
[2013.05.09 14:15:54 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Systweak
[2013.01.31 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\ThumbsPlus
[2013.01.31 17:41:30 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Thunderbird
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TuneUp Software
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\TweakNow RegCleaner 2012
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Ulead Systems
[2013.01.31 17:41:36 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\usbprog
[2013.07.10 16:57:01 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Usenet.nl
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\VisualAssist
[2011.06.17 19:44:07 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\whitepixel
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\www.rene-zeidler.de
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\XMedia Recode
[2013.01.31 17:41:37 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Yqopep
[2013.03.08 12:57:02 | 000,000,000 | ---D | M] -- C:\Users\Standard\AppData\Roaming\Zotero
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 125 bytes -> C:\ProgramData\TEMP:BF3D62E7

< End of report >
Extras.txt wurde trotz 2 maligen Starten nicht erzeugt!?

GMER
Code:
ATTFilter
GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-07-13 09:35:11
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Scsi\mv91xx1Port2Path0Target0Lun0 WDC_WD10 rev.05.0 931,51GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\Standard\AppData\Local\Temp\ugtdapod.sys


---- System - GMER 2.1 ----

SSDT            95C538EE                                                                                                                                                                                               ZwCreateSection
SSDT            95C538C6                                                                                                                                                                                               ZwCreateSymbolicLinkObject
SSDT            95C538CB                                                                                                                                                                                               ZwLoadDriver
SSDT            95C538C1                                                                                                                                                                                               ZwOpenSection
SSDT            95C538F8                                                                                                                                                                                               ZwRequestWaitReplyPort
SSDT            95C538F3                                                                                                                                                                                               ZwSetContextThread
SSDT            95C538FD                                                                                                                                                                                               ZwSetSecurityObject
SSDT            95C538D0                                                                                                                                                                                               ZwSetSystemInformation
SSDT            95C53902                                                                                                                                                                                               ZwSystemDebugControl
SSDT            95C5388F                                                                                                                                                                                               ZwTerminateProcess
SSDT            95C5388A                                                                                                                                                                                               ZwWriteVirtualMemory

---- Kernel code sections - GMER 2.1 ----

.text           ntkrnlpa.exe!ZwRollbackEnlistment + 140D                                                                                                                                                               830939F5 1 Byte  [06]
.text           ntkrnlpa.exe!KiDispatchInterrupt + 5A2                                                                                                                                                                 830CD1F2 19 Bytes  [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 11F7                                                                                                                                                                    830D453C 4 Bytes  [EE, 38, C5, 95] {OUT DX, AL; CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1200                                                                                                                                                                    830D4545 3 Bytes  [38, C5, 95] {CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1313                                                                                                                                                                    830D4658 4 Bytes  [CB, 38, C5, 95] {RETF ; CMP CH, AL; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 13AF                                                                                                                                                                    830D46F4 4 Bytes  [C1, 38, C5, 95] {SAR DWORD [EAX], 0xc5; XCHG EBP, EAX}
.text           ntkrnlpa.exe!KeRemoveQueueEx + 1553                                                                                                                                                                    830D4898 4 Bytes  [F8, 38, C5, 95] {CLC ; CMP CH, AL; XCHG EBP, EAX}
.text           ...                                                                                                                                                                                                    

---- Devices - GMER 2.1 ----

AttachedDevice  \Driver\volmgr \Device\HarddiskVolume1                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume2                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume3                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume4                                                                                                                                                                 NBVol.sys
AttachedDevice  \Driver\volmgr \Device\HarddiskVolume5                                                                                                                                                                 NBVol.sys

---- Registry - GMER 2.1 ----

Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System                                                                                                                                                  
Reg             HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\System@OODEFRAG16.00.00.01PROFESSIONAL                                                                                                                  D17451FC41AD58FDF38B9BEEFAC003D3DB539326D2CAA63D679F7BA83C47D2FA6D2DE36A8374DE5831BD650C6E74043EADB8B0BE2DFBD7D4AF67692799110EB8BC35D35F4A560F384A0CCB7AF0EB5C2C49391AA489DE4255FB5F0A49DFA5DED1A0035A50D8B0F59DE620F4FEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CA9C6AECB7A5D1407FEBC9E127BECC74CC038D530D6EB3452BA7FD869164D67943A4971B16A96FDFC3DE0276A27CA4C4D9581BD6773857AFBEBACB0A503B03248D3B9503B8E3DE22902A4CBAA53135A901CAF5288AA616EED0E53407228B1AA1178FB5F4FCED220D5A82232E5D2913521A3A057C1E8BE1229446CF1662F8D10185C952FD499B2C573FC90CCDF7A661DDCB2DF40520D25761AEA7CDC5D1E4F63F4D81C97E5BF8B67E7703E551184045695F211C72FD8EAB29E0899D96AE2542C34E73C345074E01D0A170DC7A30EB32992B0696980733DE08A3F6F8753C9CEF4D4A9B8E498CE0982A8ABF1E2789811630D5F356824E69C9CA4DE3CC98F8843CC4C62E3CA734EADB68588F5ABA1090CD5B29551C72921DE8928D2D5C4CE368CC5817BA5CECBD1CF5C53B0B56B67A9E7D3260B30525575ABCC433021E271CC59F650FD7B1B419CBF9DBCC864AB44283DB67D2058159F9A010F9AAC9AD28EAD29FA0A1CF49F25D
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\CatalogNames\Windows\SystemIndex@pkm:catalog:LastCatalogCrawlId                                                                                                 8
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9                                                                                                                             
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@CrawlType                                                                                                                   2
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@InProgress                                                                                                                  1
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@DoneAddingCrawlSeeds                                                                                                        1
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@IsCatalogLevel                                                                                                              0
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\Crawls\9@LogStartAddId                                                                                                               2
Reg             HKLM\SOFTWARE\Microsoft\Windows Search\Gather\Windows\SystemIndex\StartPages\2@CrawlNumberInProgress                                                                                                   9
Reg             HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@E:\ex_I\Password Retrieval LITE v1.1 for Microsoft\xae Access\AccessPasswordRetrievalLiteSetup.exe  1

---- Files - GMER 2.1 ----

File            C:\ProgramData\Microsoft\Search\Data\Applications\Windows\MSS001D0.log                                                                                                                                 1048576 bytes

---- EOF - GMER 2.1 ----
Ich hoffe ich habe nichts übersehen und bin schon gespannt wie ein Flitzebogen.


Mit freundlichen Grüßen,
Gonde

 

Themen zu PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden
antivir, application/pdf:, avira, becker, bluescreen, canon, converter, dvdvideosoft ltd., entfernen, error, firefox, flash player, format, free download, ftp, kaspersky, mozilla, mp3, plug-in, programm, pum.userwload, realtek, registry, software, starten, starten nicht, super, trojan.ransom, win32/kryptik.bavy


« survey-central.deadlyblessing.com/home.html | Tdss Killer Log »


Ähnliche Themen: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden


  1. PUM.UserWLoad und Trojan.Ransom kann nicht entfernt werden!
    Plagegeister aller Art und deren Bekämpfung - 13.10.2013 (19)
  2. Trojan.Ransom, Pum.userWload, PuP.Keygm.Intro
    Log-Analyse und Auswertung - 09.09.2013 (23)
  3. Windows 7 , 64Bit: Malwarebytes findet PUM.UserWLoad und Trojan.Ransom
    Log-Analyse und Auswertung - 09.09.2013 (14)
  4. WIN 7: Malwarebytes Anti-Malware meldet "PUM.UserWLoad" & "Trojan.Ransom"
    Log-Analyse und Auswertung - 04.09.2013 (21)
  5. PUM.UserWLoad & Trojan.Ransom - "schrauber"
    Lob, Kritik und Wünsche - 15.07.2013 (0)
  6. Malwarebytes hat Trojan.Ransom.SUGen gefunden
    Plagegeister aller Art und deren Bekämpfung - 05.04.2013 (22)
  7. PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind
    Plagegeister aller Art und deren Bekämpfung - 04.04.2013 (24)
  8. EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes
    Plagegeister aller Art und deren Bekämpfung - 30.03.2013 (20)
  9. Bei einem Virencheck pum.userwload und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 25.03.2013 (9)
  10. GVU-Virus, Trojan.Ransom.SUGen und weitere gefunden mit Malwarebytes
    Log-Analyse und Auswertung - 01.03.2013 (19)
  11. pum.userwload, trojan.agent und trojan.ransom gefunden
    Plagegeister aller Art und deren Bekämpfung - 16.02.2013 (10)
  12. Trojaner: Ransom und PUM.UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 14.02.2013 (30)
  13. trojan.ransom und PUM-UserWLoad
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (21)
  14. BKA-Virus, PUM.UserWLoad, Trojan.Delf, Trojan.Ransom.Gen, alles auf einmal
    Log-Analyse und Auswertung - 18.11.2012 (23)
  15. Malwarebytes meldet (Trojan.Ransom.ANC)
    Plagegeister aller Art und deren Bekämpfung - 30.10.2012 (7)
  16. laut Malwarebytes ist mein PC von Trojan.Ransom betroffen
    Plagegeister aller Art und deren Bekämpfung - 16.08.2012 (20)
  17. Trojan.Ransom mit Malwarebytes gefunden
    Plagegeister aller Art und deren Bekämpfung - 07.08.2012 (25)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden - Hallo, ich habe von Malwarebytes diese Einträge gefunden und durch das Prg. entfernen lassen. Nach Neustart habe ich ungewohnterweise den Malwarebyte nocheinmal, zur Bestätigung der Entfernung der Reg Einträge, laufen - PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden...
Archiv
Du betrachtest: PUM.UserWLoad & Trojan.Ransom von Malwarebytes in Reg gefunden auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131