Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Mülltonne (https://www.trojaner-board.de/muelltonne/)
-   -   2x | Trojaner ihavent.com (https://www.trojaner-board.de/140553-2x-trojaner-ihavent-com.html)

müller 27.08.2013 18:21
2x | Trojaner ihavent.com
 
Hallo,

seit kurzem habe ich den Trojaner ihavent.com auf meinem Rechner. Ich werde bei Google immer auf ihavent.com umgeleitet.

Ich habe OLT runter geladen und scann durchlaufen lassen mit dem Ergebnis:OTL logfile created on: 27.08.2013 17:34:13 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Dokumente und Einstellungen\m\Fotos+Üstra+Bücher\Downloads
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

1,50 Gb Total Physical Memory | 0,88 Gb Available Physical Memory | 58,91% Memory free
3,35 Gb Paging File | 2,69 Gb Available in Paging File | 80,28% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 68,36 Gb Total Space | 52,39 Gb Free Space | 76,63% Space Free | Partition Type: NTFS
Drive D: | 29,30 Gb Total Space | 20,85 Gb Free Space | 71,16% Space Free | Partition Type: NTFS
Drive E: | 88,65 Gb Total Space | 53,73 Gb Free Space | 60,61% Space Free | Partition Type: NTFS

Computer Name: MILES | User Name: m | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Dokumente und Einstellungen\m\Fotos+Üstra+Bücher\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
PRC - C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
PRC - C:\Programme\Google\Update\1.3.21.153\GoogleCrashHandler.exe (Google Inc.)
PRC - C:\Programme\Hardcopy\hardcopy.exe (sw4you)
PRC - C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
PRC - C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
PRC - C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
PRC - C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
PRC - C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Programme\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)


========== Modules (No Company Name) ==========

MOD - C:\Programme\Mozilla Firefox\mozjs.dll ()
MOD - C:\Programme\Avira\AntiVir Desktop\sqlite3.dll ()
MOD - C:\Programme\Hardcopy\HcDllS.dll ()
MOD - C:\Programme\Hardcopy\HcDLL2_38_Win32.dll ()
MOD - C:\Programme\Hardcopy\hardcopy_05.dll ()
MOD - C:\WINDOWS\system32\msdmo.dll ()
MOD - C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe ()


========== Services (SafeList) ==========

SRV - (HidServ) -- %SystemRoot%\System32\hidserv.dll File not found
SRV - (AppMgmt) -- %SystemRoot%\System32\appmgmts.dll File not found
SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG)
SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG)
SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (APNMCP) -- C:\Programme\AskPartnerNetwork\Toolbar\apnmcp.exe (APN LLC.)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (JavaQuickStarterService) -- C:\Programme\Java\jre7\bin\jqs.exe (Oracle Corporation)
SRV - (SandraAgentSrv) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\RpcAgentSrv.exe (SiSoftware)
SRV - (MSCamSvc) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation)
SRV - (hpdj) -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Temp\hpdj.exe (HP)


========== Driver Services (SafeList) ==========

DRV - (WDICA) -- File not found
DRV - (PDRFRAME) -- File not found
DRV - (PDRELI) -- File not found
DRV - (PDFRAME) -- File not found
DRV - (PDCOMP) -- File not found
DRV - (PCIDump) -- File not found
DRV - (lbrtfdc) -- File not found
DRV - (i2omgmt) -- File not found
DRV - (Changer) -- File not found
DRV - (avipbb) -- C:\WINDOWS\system32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG)
DRV - (avgntflt) -- C:\WINDOWS\system32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG)
DRV - (avkmgr) -- C:\WINDOWS\system32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG)
DRV - (ssmdrv) -- C:\WINDOWS\system32\drivers\ssmdrv.sys (Avira GmbH)
DRV - (MSI_DVD_010507) -- C:\Program Files\MSI\MSIWDev\DVDSYS32_100507.sys (Your Corporation)
DRV - (MSI_MSIBIOS_010507) -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys (Your Corporation)
DRV - (MSI_VGASYS_010507) -- C:\Program Files\MSI\MSIWDev\VGASYS32_100507.sys ()
DRV - (SANDRA) -- C:\Programme\SiSoftware\SiSoftware Sandra Lite 2011.SP1\WNt500x86\sandra.sys (SiSoftware)
DRV - (VX1000) -- C:\WINDOWS\system32\drivers\VX1000.sys (Microsoft Corporation)
DRV - (VIAudio) -- C:\WINDOWS\system32\drivers\vinyl97.sys (VIA Technologies, Inc.)
DRV - (GMFilter) -- C:\WINDOWS\system32\drivers\GMFilter.sys ()
DRV - (skbusenum) -- C:\WINDOWS\system32\drivers\SKBusEnum.sys (Windows (R) 2000 DDK provider)
DRV - (VirtualK) -- C:\WINDOWS\system32\drivers\VirtualK.sys (Windows (R) 2000 DDK provider)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}

IE - HKCU\..\URLSearchHook: {D8278076-BC68-4484-9233-6E7F1628B56C} - C:\Programme\AskPartnerNetwork\Toolbar\searchhook.dll (APN LLC.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "eBay"
FF - prefs.js..browser.search.order.1: "Ask Search"
FF - prefs.js..browser.search.selectedEngine: "eBay"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/"
FF - prefs.js..extensions.enabledAddons: toolbar_AVIRA-V7%40apn.ask.com:20.53263
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:23.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Programme\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.4.0: C:\WINDOWS\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.4.0: C:\Programme\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Programme\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.8: C:\Programme\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins [2013.08.17 19:45:44 | 000,000,000 | ---D | M]

[2011.03.12 22:53:34 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Extensions
[2013.08.07 20:46:58 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Firefox\Profiles\ge2akdbi.default\extensions
[2013.08.07 20:46:58 | 000,710,726 | ---- | M] () (No name found) -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Mozilla\Firefox\Profiles\ge2akdbi.default\extensions\toolbar_AVIRA-V7@apn.ask.com.xpi
[2013.08.17 19:45:36 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013.08.17 19:45:37 | 000,000,000 | ---D | M] (Click to call with Skype) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
[2013.08.17 19:45:33 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013.08.17 19:46:02 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2012.02.20 17:47:56 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Programme\mozilla firefox\plugins\npdeployJava1.dll

========== Chrome ==========

CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParam eter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Standardprofil (Enabled) = default_plugin
CHR - plugin: Error reading preferences file
CHR - Extension: Click to call with Skype = C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.6.0.8153_0\

O1 HOSTS File: ([2004.08.04 14:00:00 | 000,000,820 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {41564952-412D-5637-00A7-7A786E7484D7} - C:\Programme\AskPartnerNetwork\Toolbar\AVIRA-V7\Passport.dll (APN LLC.)
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnTBMon] C:\Programme\AskPartnerNetwork\Toolbar\Updater\TBNotifier.exe (APN)
O4 - HKLM..\Run: [AudioDeck] C:\Programme\VIAudioi\SBADeck\ADeck.exe (VIA Technologies, Inc.)
O4 - HKLM..\Run: [avgnt] C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [HP Software Update] C:\Programme\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [LifeCam] C:\Programme\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Programme\Gemeinsame Dateien\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [VX1000] C:\WINDOWS\vVX1000.exe (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Autostart\Microsoft Office.lnk = C:\Programme\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O4 - Startup: C:\Dokumente und Einstellungen\m\Startmenü\Programme\Autostart\GM_DevUpdate.lnk = C:\Programme\HAMA Joystick Outlandish\GM_DevUpdate.exe ()
O4 - Startup: C:\Dokumente und Einstellungen\m\Startmenü\Programme\Autostart\Hardcopy.LNK = C:\Programme\Hardcopy\hardcopy.exe (sw4you)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Click to call with Skype - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Programme\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O15 - HKCU\..Trusted Domains: com ([www.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([asia.msi] http in Vertrauenswürdige Sites)
O15 - HKCU\..Trusted Domains: com.tw ([global.msi] http in Vertrauenswürdige Sites)
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45BFE4CA-9D87-493D-B2CA-9D2BBDADE008}: DhcpNameServer = 192.168.178.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Programme\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper: C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.03.12 22:28:55 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2013.08.17 19:45:32 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[2013.08.15 12:04:11 | 000,000,000 | ---D | C] -- C:\946075a2a3eb8ef8a5c225211e
[2013.08.07 20:18:03 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\AskPartnerNetwork
[2013.08.07 20:17:05 | 000,000,000 | ---D | C] -- C:\Programme\AskPartnerNetwork
[2013.08.07 20:17:05 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AskPartnerNetwork
[2013.08.07 20:15:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\APN
[2013.08.07 20:14:25 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Avira
[2013.08.07 20:14:10 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\WINDOWS\System32\drivers\ssmdrv.sys
[2013.08.07 20:14:08 | 000,136,672 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.08.07 20:14:08 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avkmgr.sys
[2013.08.07 20:14:07 | 000,088,840 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.08.07 20:14:06 | 000,000,000 | ---D | C] -- C:\Programme\Avira
[2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\TEMP
[2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\REPORTS
[2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\LOGFILES
[2013.08.07 18:58:52 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\INFECTED
[2013.08.07 18:54:51 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\Avira
[2013.08.03 11:40:49 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\Google Earth
[2012.05.28 15:24:46 | 000,167,784 | ---- | C] (Avira GmbH) -- C:\Programme\webcat.dll
[2012.05.28 15:24:46 | 000,119,144 | ---- | C] (Avira GmbH) -- C:\Programme\wksstats.dll
[2012.05.28 15:24:46 | 000,080,728 | ---- | C] (Avira GmbH) -- C:\Programme\wsctool.exe
[2012.05.28 15:24:35 | 000,581,288 | ---- | C] (Avira GmbH) -- C:\Programme\update.exe
[2012.05.28 15:24:35 | 000,415,080 | ---- | C] (Avira GmbH) -- C:\Programme\update.dll
[2012.05.28 15:24:35 | 000,191,336 | ---- | C] (Avira GmbH) -- C:\Programme\updext.dll
[2012.05.28 15:24:35 | 000,151,400 | ---- | C] (Avira GmbH) -- C:\Programme\updgui.dll
[2012.05.28 15:24:35 | 000,077,569 | ---- | C] (ACE Compression Software) -- C:\Programme\unacev2.dll
[2012.05.28 15:24:35 | 000,056,680 | ---- | C] (Avira GmbH) -- C:\Programme\updaterc.dll
[2012.05.28 15:24:35 | 000,033,025 | ---- | C] (Avira GmbH) -- C:\Programme\updfix.exe
[2012.05.28 15:24:35 | 000,011,112 | ---- | C] (Avira GmbH) -- C:\Programme\updguirc.dll
[2012.05.28 15:24:34 | 000,679,592 | ---- | C] (Avira GmbH) -- C:\Programme\setup.exe
[2012.05.28 15:24:34 | 000,136,360 | ---- | C] (Avira GmbH) -- C:\Programme\sched.exe
[2012.05.28 15:24:34 | 000,098,664 | ---- | C] (Avira GmbH) -- C:\Programme\rctext.dll
[2012.05.28 15:24:34 | 000,086,376 | ---- | C] (Avira GmbH) -- C:\Programme\shlext.dll
[2012.05.28 15:24:34 | 000,077,160 | ---- | C] (Avira GmbH) -- C:\Programme\setup.dll
[2012.05.28 15:24:34 | 000,028,417 | ---- | C] (Avira GmbH) -- C:\Programme\smtplib.dll
[2012.05.28 15:24:34 | 000,020,328 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_pt.dll
[2012.05.28 15:24:34 | 000,019,816 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_it.dll
[2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_ru.dll
[2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_es.dll
[2012.05.28 15:24:34 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_en.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_zhtw.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_zhcn.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_ko.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_jp.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_fr.dll
[2012.05.28 15:24:34 | 000,018,792 | ---- | C] (Avira GmbH) -- C:\Programme\rcnwload_de.dll
[2012.05.28 15:24:34 | 000,013,672 | ---- | C] (Avira GmbH) -- C:\Programme\redist.dll
[2012.05.28 15:24:34 | 000,008,552 | ---- | C] (Avira GmbH) -- C:\Programme\schedr.dll
[2012.05.28 15:24:34 | 000,006,504 | ---- | C] (Avira GmbH) -- C:\Programme\restartrc.dll
[2012.05.28 15:24:33 | 002,589,544 | ---- | C] (Avira GmbH) -- C:\Programme\rcimage.dll
[2012.05.28 15:24:33 | 000,767,488 | ---- | C] (Sleepycat Software) -- C:\Programme\libdb44.dll
[2012.05.28 15:24:33 | 000,511,336 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrd.dll
[2012.05.28 15:24:33 | 000,370,024 | ---- | C] (Avira GmbH) -- C:\Programme\cctpc.dll
[2012.05.28 15:24:33 | 000,353,960 | ---- | C] (Avira GmbH) -- C:\Programme\fact.exe
[2012.05.28 15:24:33 | 000,290,664 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdate.dll
[2012.05.28 15:24:33 | 000,288,616 | ---- | C] (Avira GmbH) -- C:\Programme\ccwkrlib.dll
[2012.05.28 15:24:33 | 000,244,072 | ---- | C] (Avira GmbH) -- C:\Programme\extdlgfw.dll
[2012.05.28 15:24:33 | 000,132,456 | ---- | C] (Avira GmbH) -- C:\Programme\licmgr.exe
[2012.05.28 15:24:33 | 000,121,704 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdw.dll
[2012.05.28 15:24:33 | 000,104,296 | ---- | C] (Avira GmbH) -- C:\Programme\msgclient.dll
[2012.05.28 15:24:33 | 000,103,272 | ---- | C] (Avira GmbH) -- C:\Programme\mgrs.dll
[2012.05.28 15:24:33 | 000,077,160 | ---- | C] (Avira GmbH) -- C:\Programme\ccschedw.dll
[2012.05.28 15:24:33 | 000,075,112 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrdw.dll
[2012.05.28 15:24:33 | 000,072,552 | ---- | C] (Avira GmbH) -- C:\Programme\rchelp.dll
[2012.05.28 15:24:33 | 000,071,848 | ---- | C] (Avira GmbH) -- C:\Programme\guardgui.exe
[2012.05.28 15:24:33 | 000,054,120 | ---- | C] (Avira GmbH) -- C:\Programme\cfglib.dll
[2012.05.28 15:24:33 | 000,045,416 | ---- | C] (Avira GmbH) -- C:\Programme\luke.dll
[2012.05.28 15:24:33 | 000,037,224 | ---- | C] (Avira GmbH) -- C:\Programme\guardmsg.dll
[2012.05.28 15:24:33 | 000,027,496 | ---- | C] (Avira GmbH) -- C:\Programme\factrc.dll
[2012.05.28 15:24:33 | 000,025,448 | ---- | C] (Avira GmbH) -- C:\Programme\ccupdrc.dll
[2012.05.28 15:24:33 | 000,021,352 | ---- | C] (Avira GmbH) -- C:\Programme\ccwgrdrc.dll
[2012.05.28 15:24:33 | 000,021,352 | ---- | C] (Avira GmbH) -- C:\Programme\ccscherc.dll
[2012.05.28 15:24:33 | 000,017,064 | ---- | C] (Avira GmbH) -- C:\Programme\guardhlp.exe
[2012.05.28 15:24:33 | 000,016,744 | ---- | C] (Avira GmbH) -- C:\Programme\onlcfg.dll
[2012.05.28 15:24:33 | 000,013,672 | ---- | C] (Avira GmbH) -- C:\Programme\lukeres.dll
[2012.05.28 15:24:33 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\netnt.dll
[2012.05.28 15:24:33 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\licmgr.dll
[2012.05.28 15:24:32 | 000,659,304 | ---- | C] (Avira GmbH) -- C:\Programme\ccprofil.dll
[2012.05.28 15:24:32 | 000,511,336 | ---- | C] (Avira GmbH) -- C:\Programme\ccquamgr.dll
[2012.05.28 15:24:32 | 000,446,312 | ---- | C] (Avira GmbH) -- C:\Programme\ccguard.dll
[2012.05.28 15:24:32 | 000,439,144 | ---- | C] (Avira GmbH) -- C:\Programme\ccsched.dll
[2012.05.28 15:24:32 | 000,435,560 | ---- | C] (Avira GmbH) -- C:\Programme\ccreport.dll
[2012.05.28 15:24:32 | 000,322,920 | ---- | C] (Avira GmbH) -- C:\Programme\cchips.dll
[2012.05.28 15:24:32 | 000,304,488 | ---- | C] (Avira GmbH) -- C:\Programme\ccmsg.dll
[2012.05.28 15:24:32 | 000,211,713 | ---- | C] (Avira GmbH) -- C:\Programme\cclib.dll
[2012.05.28 15:24:32 | 000,174,440 | ---- | C] (Avira GmbH) -- C:\Programme\cclic.dll
[2012.05.28 15:24:32 | 000,114,536 | ---- | C] (Avira GmbH) -- C:\Programme\ccquaw.dll
[2012.05.28 15:24:32 | 000,094,568 | ---- | C] (Avira GmbH) -- C:\Programme\ccscanw.dll
[2012.05.28 15:24:32 | 000,092,520 | ---- | C] (Avira GmbH) -- C:\Programme\ccgrdw.dll
[2012.05.28 15:24:32 | 000,082,280 | ---- | C] (Avira GmbH) -- C:\Programme\ccgenw.dll
[2012.05.28 15:24:32 | 000,060,264 | ---- | C] (Avira GmbH) -- C:\Programme\ccrepow.dll
[2012.05.28 15:24:32 | 000,039,784 | ---- | C] (Avira GmbH) -- C:\Programme\ccgenrc.dll
[2012.05.28 15:24:32 | 000,035,688 | ---- | C] (Avira GmbH) -- C:\Programme\ccscanrc.dll
[2012.05.28 15:24:32 | 000,025,448 | ---- | C] (Avira GmbH) -- C:\Programme\ccgrdrc.dll
[2012.05.28 15:24:32 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\ccquarc.dll
[2012.05.28 15:24:32 | 000,017,768 | ---- | C] (Avira GmbH) -- C:\Programme\cclicw.dll
[2012.05.28 15:24:32 | 000,011,624 | ---- | C] (Avira GmbH) -- C:\Programme\ccreporc.dll
[2012.05.28 15:24:32 | 000,009,576 | ---- | C] (Avira GmbH) -- C:\Programme\cchipsrc.dll
[2012.05.28 15:24:32 | 000,008,552 | ---- | C] (Avira GmbH) -- C:\Programme\ccmainrc.dll
[2012.05.28 15:24:32 | 000,005,480 | ---- | C] (Avira GmbH) -- C:\Programme\ccmsgrc.dll
[2012.05.28 15:24:32 | 000,005,480 | ---- | C] (Avira GmbH) -- C:\Programme\cclicrc.dll
[2012.05.28 15:24:31 | 000,873,832 | ---- | C] (Avira GmbH) -- C:\Programme\ccgen.dll
[2012.05.28 15:24:31 | 000,452,456 | ---- | C] (Avira GmbH) -- C:\Programme\ccev.dll
[2012.05.28 15:24:31 | 000,452,456 | ---- | C] (Avira GmbH) -- C:\Programme\ccavscanex.dll
[2012.05.28 15:24:31 | 000,428,200 | ---- | C] (Avira GmbH) -- C:\Programme\avwebgrd.exe
[2012.05.28 15:24:31 | 000,280,232 | ---- | C] (Avira GmbH) -- C:\Programme\avsda.dll
[2012.05.28 15:24:31 | 000,239,976 | ---- | C] (Avira GmbH) -- C:\Programme\avwmi.dll
[2012.05.28 15:24:31 | 000,214,184 | ---- | C] (Avira GmbH) -- C:\Programme\avwebloader.exe
[2012.05.28 15:24:31 | 000,119,656 | ---- | C] (Avira GmbH) -- C:\Programme\avscplr.dll
[2012.05.28 15:24:31 | 000,098,480 | ---- | C] (Avira GmbH) -- C:\Programme\avwsc.exe
[2012.05.28 15:24:31 | 000,093,032 | ---- | C] (Avira GmbH) -- C:\Programme\ccevw.dll
[2012.05.28 15:24:31 | 000,076,968 | ---- | C] (Avira GmbH) -- C:\Programme\avshadow.exe
[2012.05.28 15:24:31 | 000,063,848 | ---- | C] (Avira GmbH) -- C:\Programme\avsmtp.dll
[2012.05.28 15:24:31 | 000,060,072 | ---- | C] (Avira GmbH) -- C:\Programme\avupgsvc.exe
[2012.05.28 15:24:31 | 000,057,192 | ---- | C] (Avira GmbH) -- C:\Programme\avscan.dll
[2012.05.28 15:24:31 | 000,019,304 | ---- | C] (Avira GmbH) -- C:\Programme\avwinll.dll
[2012.05.28 15:24:31 | 000,016,744 | ---- | C] (Avira GmbH) -- C:\Programme\avwebgrc.dll
[2012.05.28 15:24:31 | 000,015,208 | ---- | C] (Avira GmbH) -- C:\Programme\ccavscanexrc.dll
[2012.05.28 15:24:31 | 000,012,136 | ---- | C] (Avira GmbH) -- C:\Programme\ccevrc.dll
[2012.05.28 15:24:30 | 000,495,464 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.dll
[2012.05.28 15:24:30 | 000,484,008 | ---- | C] (Avira GmbH) -- C:\Programme\avscan.exe
[2012.05.28 15:24:30 | 000,435,560 | ---- | C] (Avira GmbH) -- C:\Programme\avghook.dll
[2012.05.28 15:24:30 | 000,370,856 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.exe
[2012.05.28 15:24:30 | 000,343,400 | ---- | C] (Avira GmbH) -- C:\Programme\avnetworkloadergui.dll
[2012.05.28 15:24:30 | 000,281,768 | ---- | C] (Avira GmbH) -- C:\Programme\avgnt.exe
[2012.05.28 15:24:30 | 000,269,480 | ---- | C] (Avira GmbH) -- C:\Programme\avguard.exe
[2012.05.28 15:24:30 | 000,223,912 | ---- | C] (Avira GmbH) -- C:\Programme\avnotify.exe
[2012.05.28 15:24:30 | 000,203,112 | ---- | C] (Avira GmbH) -- C:\Programme\avevtlog.dll
[2012.05.28 15:24:30 | 000,195,240 | ---- | C] (Avira GmbH) -- C:\Programme\avrestart.exe
[2012.05.28 15:24:30 | 000,174,120 | ---- | C] (Avira GmbH) -- C:\Programme\avrep.dll
[2012.05.28 15:24:30 | 000,128,257 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig64.cpl
[2012.05.28 15:24:30 | 000,122,216 | ---- | C] (Avira GmbH) -- C:\Programme\avesvc.dll
[2012.05.28 15:24:30 | 000,117,608 | ---- | C] (Avira GmbH) -- C:\Programme\avconfig.cpl
[2012.05.28 15:24:30 | 000,089,960 | ---- | C] (Avira GmbH) -- C:\Programme\avgio.dll
[2012.05.28 15:24:30 | 000,088,833 | ---- | C] (Avira GmbH) -- C:\Programme\avreg.dll
[2012.05.28 15:24:30 | 000,068,776 | ---- | C] (Avira GmbH) -- C:\Programme\avhlp.exe
[2012.05.28 15:24:30 | 000,062,312 | ---- | C] (Avira GmbH) -- C:\Programme\avipc.dll
[2012.05.28 15:24:30 | 000,056,816 | ---- | C] (Avira GmbH) -- C:\Programme\avgntflt.sys
[2012.05.28 15:24:30 | 000,044,904 | ---- | C] (Avira GmbH) -- C:\Programme\avpref.dll
[2012.05.28 15:24:30 | 000,034,664 | ---- | C] (Avira GmbH) -- C:\Programme\avnetworkloader.dll
[2012.05.28 15:24:30 | 000,014,184 | ---- | C] (Avira GmbH) -- C:\Programme\avinet.dll
[2012.05.28 15:24:30 | 000,012,648 | ---- | C] (Avira GmbH) -- C:\Programme\avevtrc.dll
[2012.05.28 15:24:30 | 000,012,136 | ---- | C] (Avira GmbH) -- C:\Programme\avconfigrc.dll
[2012.05.28 15:24:30 | 000,011,608 | ---- | C] (Avira GmbH) -- C:\Programme\avgio.sys
[2012.05.28 15:24:30 | 000,010,088 | ---- | C] (Avira GmbH) -- C:\Programme\avesvcr.dll
[2012.05.28 15:24:30 | 000,008,040 | ---- | C] (Avira GmbH) -- C:\Programme\avnotify.dll
[2012.05.28 15:24:29 | 003,351,432 | ---- | C] (Ask) -- C:\Programme\ApnToolbarInstaller.exe
[2012.05.28 15:24:29 | 000,556,392 | ---- | C] (Avira GmbH) -- C:\Programme\avbb.dll
[2012.05.28 15:24:29 | 000,400,040 | ---- | C] (Avira GmbH) -- C:\Programme\avcenter.exe
[2012.05.28 15:24:29 | 000,255,336 | ---- | C] (Avira GmbH) -- C:\Programme\avarkt.dll
[2012.05.28 15:24:29 | 000,118,616 | ---- | C] (Avira GmbH) -- C:\Programme\avadmin.exe
[2012.05.28 15:24:29 | 000,108,424 | ---- | C] (Ask.com) -- C:\Programme\ApnStub.exe
[2012.05.28 15:24:28 | 000,178,568 | ---- | C] (Ask.com) -- C:\Programme\ApnIC.dll
[2012.05.28 15:24:23 | 000,106,868 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aevdf.dll
[2012.05.28 15:24:22 | 000,807,287 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aepack.dll
[2012.05.28 15:24:22 | 000,639,348 | ---- | C] (Avira GmbH) -- C:\Programme\aerdl.dll
[2012.05.28 15:24:22 | 000,606,579 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aesbx.dll
[2012.05.28 15:24:22 | 000,455,034 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aescript.dll
[2012.05.28 15:24:22 | 000,201,082 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeoffice.dll
[2012.05.28 15:24:22 | 000,131,444 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aescn.dll
[2012.05.28 15:24:20 | 004,800,886 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeheur.dll
[2012.05.28 15:24:20 | 000,422,260 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aegen.dll
[2012.05.28 15:24:20 | 000,393,589 | ---- | C] (Avira GmbH) -- C:\Programme\aeemu.dll
[2012.05.28 15:24:20 | 000,254,326 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aehelp.dll
[2012.05.28 15:24:20 | 000,201,078 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aecore.dll
[2012.05.28 15:24:20 | 000,082,292 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Programme\aeexp.dll
[2012.05.28 15:24:20 | 000,053,618 | ---- | C] (Avira GmbH) -- C:\Programme\aebb.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013.08.27 17:58:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013.08.27 17:43:23 | 000,001,080 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013.08.27 17:04:28 | 000,001,076 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013.08.27 17:04:25 | 000,000,296 | ---- | M] () -- C:\WINDOWS\tasks\PZNRVOR.job
[2013.08.27 17:04:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013.08.26 20:19:47 | 000,064,512 | ---- | M] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013.08.26 18:48:08 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013.08.21 14:25:43 | 000,099,814 | ---- | M] () -- C:\WINDOWS\tresckowstr.bmp
[2013.08.20 10:45:51 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avipbb.sys
[2013.08.20 10:45:51 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[2013.08.15 18:48:00 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013.08.15 18:43:29 | 000,459,250 | ---- | M] () -- C:\WINDOWS\System32\perfh007.dat
[2013.08.15 18:43:29 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013.08.15 18:43:29 | 000,084,754 | ---- | M] () -- C:\WINDOWS\System32\perfc007.dat
[2013.08.15 18:43:29 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013.08.07 20:14:25 | 000,001,671 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.08.06 15:53:51 | 000,541,696 | RHS- | M] () -- C:\WINDOWS\System32\dbgengu.dll
[2013.08.03 11:40:50 | 000,001,887 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.08.01 14:49:07 | 000,001,777 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Chrome.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[3 C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp files -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\*.tmp -> ]
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013.08.21 14:25:43 | 000,099,814 | ---- | C] () -- C:\WINDOWS\tresckowstr.bmp
[2013.08.07 20:14:25 | 000,001,671 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Avira Control Center.lnk
[2013.08.06 15:53:51 | 000,541,696 | RHS- | C] () -- C:\WINDOWS\System32\dbgengu.dll
[2013.08.06 15:53:51 | 000,000,296 | ---- | C] () -- C:\WINDOWS\tasks\PZNRVOR.job
[2013.08.03 11:40:50 | 000,001,887 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Desktop\Google Earth.lnk
[2013.04.12 21:54:46 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2013.04.12 21:54:45 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2013.04.12 21:54:45 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2013.03.16 21:33:15 | 000,000,288 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Anwendungsdaten\.backup.dm
[2013.03.04 19:05:04 | 000,000,032 | ---- | C] () -- C:\WINDOWS\Menu.INI
[2013.02.08 05:03:08 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012.05.28 15:24:46 | 000,110,004 | ---- | C] () -- C:\Programme\webcat2.dat
[2012.05.28 15:24:46 | 000,066,396 | ---- | C] () -- C:\Programme\webcat3.dat
[2012.05.28 15:24:46 | 000,007,624 | ---- | C] () -- C:\Programme\webcat4.dat
[2012.05.28 15:24:46 | 000,000,074 | ---- | C] () -- C:\Programme\weblink.url
[2012.05.28 15:24:45 | 002,128,998 | ---- | C] () -- C:\Programme\webcat0.dat
[2012.05.28 15:24:45 | 000,852,973 | ---- | C] () -- C:\Programme\webcat1.dat
[2012.05.28 15:24:45 | 000,287,744 | ---- | C] () -- C:\Programme\vbase017.vdf
[2012.05.28 15:24:45 | 000,223,744 | ---- | C] () -- C:\Programme\vbase016.vdf
[2012.05.28 15:24:45 | 000,198,144 | ---- | C] () -- C:\Programme\vbase014.vdf
[2012.05.28 15:24:45 | 000,186,368 | ---- | C] () -- C:\Programme\vbase015.vdf
[2012.05.28 15:24:45 | 000,111,616 | ---- | C] () -- C:\Programme\vbase031.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase030.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase029.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase028.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase027.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase026.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase025.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase024.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase023.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase022.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase021.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase020.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase019.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase018.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase013.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase012.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase011.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase010.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase009.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase008.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase007.vdf
[2012.05.28 15:24:45 | 000,002,048 | ---- | C] () -- C:\Programme\vbase006.vdf
[2012.05.28 15:24:44 | 004,329,472 | ---- | C] () -- C:\Programme\vbase004.vdf
[2012.05.28 15:24:44 | 002,166,272 | ---- | C] () -- C:\Programme\vbase005.vdf
[2012.05.28 15:24:43 | 004,472,832 | ---- | C] () -- C:\Programme\vbase003.vdf
[2012.05.28 15:24:41 | 014,374,912 | ---- | C] () -- C:\Programme\vbase002.vdf
[2012.05.28 15:24:38 | 013,342,208 | ---- | C] () -- C:\Programme\vbase001.vdf
[2012.05.28 15:24:35 | 019,875,328 | ---- | C] () -- C:\Programme\vbase000.vdf
[2012.05.28 15:24:35 | 000,001,642 | ---- | C] () -- C:\Programme\sysscan.avp
[2012.05.28 15:24:35 | 000,001,148 | ---- | C] () -- C:\Programme\sysdir.avp
[2012.05.28 15:24:34 | 000,355,688 | ---- | C] () -- C:\Programme\sqlite3.dll
[2012.05.28 15:24:34 | 000,127,152 | ---- | C] () -- C:\Programme\sweb.zip
[2012.05.28 15:24:34 | 000,126,824 | ---- | C] () -- C:\Programme\scewxmlw.dll
[2012.05.28 15:24:34 | 000,001,158 | ---- | C] () -- C:\Programme\rmdiscs.avp
[2012.05.28 15:24:34 | 000,001,030 | ---- | C] () -- C:\Programme\ssmdrv.inf
[2012.05.28 15:24:34 | 000,000,804 | ---- | C] () -- C:\Programme\setupprf.dat
[2012.05.28 15:24:33 | 000,042,836 | ---- | C] () -- C:\Programme\oembleft.bmp
[2012.05.28 15:24:33 | 000,034,796 | ---- | C] () -- C:\Programme\default.wav
[2012.05.28 15:24:33 | 000,010,236 | ---- | C] () -- C:\Programme\defaults.ini
[2012.05.28 15:24:33 | 000,005,456 | ---- | C] () -- C:\Programme\prodinfo.dat
[2012.05.28 15:24:33 | 000,002,950 | ---- | C] () -- C:\Programme\prefix_msg.avr
[2012.05.28 15:24:33 | 000,002,530 | ---- | C] () -- C:\Programme\gavid.xsl
[2012.05.28 15:24:33 | 000,002,360 | ---- | C] () -- C:\Programme\inetset.bin
[2012.05.28 15:24:33 | 000,001,448 | ---- | C] () -- C:\Programme\quicksysscan.avp
[2012.05.28 15:24:33 | 000,001,078 | ---- | C] () -- C:\Programme\mydocs.avp
[2012.05.28 15:24:33 | 000,001,000 | ---- | C] () -- C:\Programme\process.avp
[2012.05.28 15:24:32 | 000,014,887 | ---- | C] () -- C:\Programme\ccplg.xml
[2012.05.28 15:24:31 | 000,975,398 | ---- | C] () -- C:\Programme\avwin.chm
[2012.05.28 15:24:31 | 000,036,070 | ---- | C] () -- C:\Programme\build.dat
[2012.05.28 15:24:30 | 000,002,374 | ---- | C] () -- C:\Programme\avgntflt.inf
[2012.05.28 15:24:30 | 000,001,642 | ---- | C] () -- C:\Programme\avipbb.inf
[2012.05.28 15:24:30 | 000,001,216 | ---- | C] () -- C:\Programme\avscan.dat
[2012.05.28 15:24:28 | 000,292,352 | ---- | C] () -- C:\Programme\antivir3.vdf
[2012.05.28 15:24:28 | 000,000,256 | ---- | C] () -- C:\Programme\antivir.oem
[2012.05.28 15:24:27 | 005,998,592 | ---- | C] () -- C:\Programme\antivir2.vdf
[2012.05.28 15:24:26 | 005,707,264 | ---- | C] () -- C:\Programme\antivir1.vdf
[2012.05.28 15:24:23 | 015,603,712 | ---- | C] () -- C:\Programme\antivir0.vdf
[2012.05.28 15:24:23 | 000,078,013 | ---- | C] () -- C:\Programme\antivir0.rdf
[2012.05.28 15:24:23 | 000,003,513 | ---- | C] () -- C:\Programme\alertcat.htm
[2012.05.28 15:24:23 | 000,003,289 | ---- | C] () -- C:\Programme\alertpcc.htm
[2012.05.28 15:24:23 | 000,003,233 | ---- | C] () -- C:\Programme\alertvir.htm
[2012.05.28 15:24:23 | 000,003,196 | ---- | C] () -- C:\Programme\alerttyp.htm
[2012.05.28 15:24:23 | 000,003,172 | ---- | C] () -- C:\Programme\alertpcu.htm
[2012.05.28 15:24:23 | 000,002,367 | ---- | C] () -- C:\Programme\aeset.dat
[2012.05.28 15:24:23 | 000,001,226 | ---- | C] () -- C:\Programme\aevdf.dat
[2012.05.28 15:24:23 | 000,001,190 | ---- | C] () -- C:\Programme\alldrives.avp
[2012.05.28 15:24:23 | 000,001,076 | ---- | C] () -- C:\Programme\alldiscs.avp
[2012.05.28 15:24:22 | 000,088,150 | ---- | C] () -- C:\Programme\aelidb.dat
[2012.05.28 15:24:19 | 000,002,266 | ---- | C] () -- C:\Programme\about.htm
[2012.02.15 10:16:40 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011.12.20 13:28:17 | 000,311,376 | ---- | C] () -- C:\WINDOWS\System32\GM2500F.dll
[2011.12.20 13:28:17 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\GM2500.dll
[2011.12.20 13:28:13 | 000,021,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\GMFilter.sys
[2011.09.18 20:11:14 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX1000.ini
[2011.03.15 18:12:53 | 000,000,134 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\fusioncache.dat
[2011.03.14 20:11:57 | 010,977,280 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\sandra.mda
[2011.03.13 17:35:26 | 000,064,512 | ---- | C] () -- C:\Dokumente und Einstellungen\m\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

========== ZeroAccess Check ==========

[2011.03.13 17:46:39 | 000,000,227 | RHS- | M] () -- C:\WINDOWS\assembly\Desktop.ini

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shdocvw.dll -- [2010.04.16 18:06:44 | 001,509,888 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\fastprox.dll -- [2009.02.09 12:51:44 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINDOWS\system32\wbem\wbemess.dll -- [2008.04.14 04:22:32 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== Files - Unicode (All) ==========
[2013.08.27 17:07:45 | 100,448,122 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\昉뢬唤6
[2013.08.27 17:07:45 | 100,448,122 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\昉뢬唤6
[2013.08.23 17:14:05 | 099,966,287 | ---- | M] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\唯댛唤6
[2013.08.23 17:14:05 | 099,966,287 | ---- | C] ()(C:\WINDOWS\System32\???6) -- C:\WINDOWS\System32\唯댛唤6

< End of report >

aharonov 27.08.2013 18:46
Hier geht's weiter: http://www.trojaner-board.de/140554-...avent-com.html


Alle Zeitangaben in WEZ +1. Es ist jetzt 14:34 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131