Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   Schadsoftware will auf Posteingang zugreifen (https://www.trojaner-board.de/134468-schadsoftware-will-posteingang-zugreifen.html)

moc89 04.05.2013 15:11
Schadsoftware will auf Posteingang zugreifen
 
Sehr geehrte Experten,

vorab: diese Frage gab es schonmal bei euch, jedoch hat der Thread-Ersteller sich nicht mehr gemeldet!

letztens habe ich mich bei GMX eingeloggt und da hatte ich wieder einmal ein Schrecken:

34 fehlgeschlagene Loginversuche! Erinnere mich noch von früher das dies am Tag bis zu 2 mal passiert und sich dann am nächsten Tag fortsetzt. Das ist schon sehr periodisch ... immerhin folgt nach 2 mal ein Captcha.

Damals hat irgendeine Schadsoftware via meine E-Mail Adresse an alle Kontakte E-Mails mit bösen Links versendet. Daraufhin hab ich dann irgendeinen Trojaner über Malware Bytes entfernt und ich dachte damit hatte es sich :( den Log hab ich leider nicht mehr!

Zu guter Letzt hab ich mein Passwort geändert.... vorhin hab ich nochmal Malwarebytes Anti-Malware laufen lassen und er hat nichts gefunden ... was soll ich machen :(

cosinus 04.05.2013 15:16
Hallo und :hallo:

Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner, sind die jemals fündig geworden?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

moc89 04.05.2013 15:24
Hallo cosinus!

Avira verwende ich nicht. Ich kann aber gerne noch restliche Untersuchungen machen.
Hier von Malwarebytes:

Code:
Malwarebytes Anti-Malware 1.75.0.1300
www.malwarebytes.org

Datenbank Version: v2013.05.04.01

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
mocras :: MOCRA-PC [Administrator]

04.05.2013 04:40:20
mbam-log-2013-05-04 (04-40-20).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 790678
Laufzeit: 5 Stunde(n), 2 Minute(n), 4 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

cosinus 04.05.2013 15:27
Sind das alle Logs von Malwarebytes?

http://img.trojaner-board.de/alle-lo...-alle-logs.png

moc89 04.05.2013 15:33
Gut das du mir das gezeigt hast. Ich hab hier einige merkwürdige Logs gefunden die ich bisher noch nie gesehen habe ...

Code:
2012/02/17 01:24:05 +0100        MOCRA-PC        mocra        IP-BLOCK        95.169.190.7 (Type: outgoing, Port: 51469, Process: tmproxy.exe)
2012/02/17 03:51:53 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52936, Process: msnmsgr.exe)
2012/02/17 03:51:53 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52937, Process: msnmsgr.exe)
2012/02/17 15:17:26 +0100        MOCRA-PC        mocra        MESSAGE        Starting protection
2012/02/17 15:17:28 +0100        MOCRA-PC        mocra        MESSAGE        Protection started successfully
2012/02/17 15:17:31 +0100        MOCRA-PC        mocra        MESSAGE        Starting IP protection
2012/02/17 15:17:33 +0100        MOCRA-PC        mocra        MESSAGE        IP Protection started successfully
2012/02/17 15:52:27 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50080, Process: msnmsgr.exe)
2012/02/17 15:52:27 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 50081, Process: msnmsgr.exe)
2012/02/17 16:57:53 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52089, Process: tmproxy.exe)
2012/02/17 16:57:53 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52091, Process: tmproxy.exe)
2012/02/17 16:58:01 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52094, Process: tmproxy.exe)
2012/02/17 16:58:01 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52096, Process: tmproxy.exe)
2012/02/17 16:58:01 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52098, Process: tmproxy.exe)
2012/02/17 16:58:09 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52100, Process: tmproxy.exe)
2012/02/17 16:58:09 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52102, Process: tmproxy.exe)
2012/02/17 16:58:09 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52104, Process: tmproxy.exe)
2012/02/17 16:58:09 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52106, Process: tmproxy.exe)
2012/02/17 16:58:09 +0100        MOCRA-PC        mocra        IP-BLOCK        85.183.254.9 (Type: outgoing, Port: 52108, Process: tmproxy.exe)
2012/02/17 20:37:04 +0100        MOCRA-PC        (null)        MESSAGE        Executing scheduled update:  Daily
2012/02/17 20:37:13 +0100        MOCRA-PC        (null)        MESSAGE        Scheduled update executed successfully:  database updated from version v2012.02.16.04 to version v2012.02.17.05
2012/02/17 20:38:15 +0100        MOCRA-PC        mocra        MESSAGE        Starting protection
2012/02/17 20:38:17 +0100        MOCRA-PC        mocra        MESSAGE        Protection started successfully
2012/02/17 20:38:20 +0100        MOCRA-PC        mocra        MESSAGE        Starting IP protection
2012/02/17 20:38:21 +0100        MOCRA-PC        mocra        MESSAGE        IP Protection started successfully
2012/02/17 20:38:21 +0100        MOCRA-PC        mocra        MESSAGE        Starting database refresh
2012/02/17 20:38:21 +0100        MOCRA-PC        mocra        MESSAGE        Stopping IP protection
2012/02/17 20:39:10 +0100        MOCRA-PC        mocra        MESSAGE        IP Protection stopped
2012/02/17 20:39:12 +0100        MOCRA-PC        mocra        MESSAGE        Database refreshed successfully
2012/02/17 20:39:12 +0100        MOCRA-PC        mocra        MESSAGE        Starting IP protection
2012/02/17 20:39:13 +0100        MOCRA-PC        mocra        MESSAGE        IP Protection started successfully
das war letztes Jahr.

sowie:

Code:
2012/10/02 01:04:44 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:04:44 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:04:45 +0200        MOCRA-PC        mocras        DETECTION        C:\ProgramData\lsass.exe        Trojan.Delf        ALLOW
2012/10/02 01:04:45 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:04:51 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:05:14 +0200        MOCRA-PC        mocras        DETECTION        C:\ProgramData\lsass.exe        Trojan.Delf        ALLOW
2012/10/02 01:05:14 +0200        MOCRA-PC        mocras        DETECTION        C:\ProgramData\lsass.exe        Trojan.Delf        ALLOW
2012/10/02 01:05:14 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:05:14 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW
2012/10/02 01:05:52 +0200        MOCRA-PC        mocras        DETECTION        C:\Users\mocras\AppData\Local\Temp\wgsdgsdgdsgsd.exe        Exploit.Dropper        ALLOW

cosinus 04.05.2013 15:34
Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen, die ich im Laufe dieses Strangs hier posten werde, aufmerksam durch. Frag umgehend nach, wenn dir irgendetwas unklar sein sollte, bevor du anfängst meine Anleitungen umzusetzen.

  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.

  • Bitte nur Scans durchführen zu denen du von einem Helfer aufgefordert wurdest! Installiere / Deinstalliere keine Software ohne Aufforderung!

  • Poste die Logfiles direkt in deinen Thread (bitte in CODE-Tags) und nicht als Anhang, ausser du wurdest dazu aufgefordert. Logs in Anhängen erschweren mir das Auswerten!

  • Die Logs der aufgegebenen Tools wie zB Malwarebytes sind immer zu posten - egal ob ein Fund dabei war oder nicht!

  • Beachte bitte auch => Löschen von Logfiles und andere Anfragen

Note:
Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread.
Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards.

moc89 04.05.2013 15:38
Hallo Cosinus,

um alle logfiles zu posten sind es viel zu viele ... was soll ich nun genau machen ..?

cosinus 04.05.2013 15:42
http://www.trojaner-board.de/69886-a...tml#post566999

moc89 04.05.2013 15:56
Hab sie im Anhang hinzugefügt...

cosinus 04.05.2013 16:01
Oh, hab die Anleitung zu OTL vergessen, also hier isse:

  • Doppelklick auf die OTL.exe
  • Vista User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Setze oben mittig den Haken bei Scanne alle Benutzer
  • Oben findest Du ein Kästchen mit Output. Wähle bitte Minimal Output
  • Unter Extra Registry, wähle bitte Use SafeList
  • Klicke nun auf Run Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in CODE-Tags in den Thread.

moc89 04.05.2013 16:32
Hallo Cosinus, hier die von dir geforderte OTL Logdatei:

OTL Logfile:
Code:
OTL logfile created on: 5/4/2013 5:05:29 PM - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\mocras\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3.99 Gb Total Physical Memory | 1.38 Gb Available Physical Memory | 34.48% Memory free
7.98 Gb Paging File | 4.11 Gb Available in Paging File | 51.48% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 74.52 Gb Total Space | 3.88 Gb Free Space | 5.20% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 116.39 Gb Free Space | 39.05% Space Free | Partition Type: NTFS
Drive E: | 206.96 Gb Total Space | 206.59 Gb Free Space | 99.82% Space Free | Partition Type: NTFS
Unable to calculate disk information.
 
Computer Name: MOCRA-PC | User Name: mocras | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\mocras\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\mocras\AppData\Roaming\ICQM\icq.exe (ICQ)
PRC - C:\Users\mocras\AppData\Local\Google\Google Talk Plugin\googletalkplugin.exe (Google)
PRC - C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineScannerApp.exe (ESET)
PRC - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclRSSrv.exe (Nokia)
PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia)
PRC - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
PRC - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
PRC - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
PRC - C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
PRC - C:\Programme\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
PRC - C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControl.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
PRC - C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\KBFiltr.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS)
PRC - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
PRC - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
PRC - C:\Programme\ASUS\Net4Switch\Net4Switch.exe (ASUS)
PRC - C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
PRC - C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\mocras\AppData\Roaming\ICQM\ICQ\dll\YLUSBTEL.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libglesv2.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\libegl.dll ()
MOD - C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ffmpegsumo.dll ()
MOD - C:\Program Files (x86)\ESET\ESET Online Scanner\OnlineCmdLineScanner.exe ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtXml4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\QtCore4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qsvg4.dll ()
MOD - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\imageformats\qjpeg4.dll ()
MOD - C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe ()
MOD - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
MOD - C:\Programme\ASUS\Net4Switch\ipswsysmon.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipsw_cfgmgr.dll ()
MOD - C:\Programme\ASUS\Net4Switch\LogonStartup.dll ()
MOD - C:\Programme\ASUS\Net4Switch\iphelper.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswui.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswobj.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswhlp.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswgblset.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswds.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswcore.dll ()
MOD - C:\Programme\ASUS\Net4Switch\cxcmrt.dll ()
MOD - C:\Programme\ASUS\Net4Switch\ipswresmgr.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ()
MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll ()
MOD - C:\Program Files (x86)\asus\VirtualCamera\virtualCamera.ax ()
MOD - C:\Windows\SysWOW64\APOMngr.DLL ()
MOD - C:\Windows\SysWOW64\CmdRtr.DLL ()
MOD - C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ()
MOD - C:\Programme\ASUS\Net4Switch\ResItf.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt.dll ()
MOD - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (HPSIService) -- C:\Windows\SysNative\HPSIsvc.exe (HP)
SRV:64bit: - (AFBAgent) -- C:\Windows\SysNative\FBAgent.exe (ASUSTeK Computer Inc.)
SRV:64bit: - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe (Trend Micro Inc.)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (MatSvc) -- C:\Programme\Microsoft Fix it Center\Matsvc.exe (Microsoft Corporation)
SRV - (Creative ALchemy AL6 Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe (Creative Labs)
SRV - (Creative Audio Engine Licensing Service) -- C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe (Creative Labs)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (SfCtlCom) -- C:\Programme\Trend Micro\Internet Security\SfCtlCom.exe (Trend Micro Inc.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (TmProxy) -- C:\Programme\Trend Micro\Internet Security\TmProxy.exe (Trend Micro Inc.)
SRV - (btwdins) -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe ()
SRV - (ADSMService) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe (ASUSTek Computer Inc.)
SRV - (ATKGFNEXSrv) -- C:\Programme\ATKGFNEX\GFNEXSrv.exe ()
SRV - (spmgr) -- C:\Programme\ASUS\NB Probe\SPM\spmgr.exe ()
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia)
DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia)
DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia)
DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia)
DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia)
DRV:64bit: - (tmxpflt) -- C:\Windows\SysNative\drivers\tmxpflt.sys (Trend Micro Inc.)
DRV:64bit: - (tmpreflt) -- C:\Windows\SysNative\drivers\tmpreflt.sys (Trend Micro Inc.)
DRV:64bit: - (vsapint) -- C:\Windows\SysNative\drivers\vsapint.sys (Trend Micro Inc.)
DRV:64bit: - (AsDsm) -- C:\Windows\SysNative\drivers\AsDsm.sys (ASUSTek Computer Inc)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (mvusbews) -- C:\Windows\SysNative\drivers\mvusbews.sys (Marvell Semiconductor, Inc.)
DRV:64bit: - (tmtdi) -- C:\Windows\SysNative\drivers\tmtdi.sys (Trend Micro Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (NETw1v64) -- C:\Windows\SysNative\drivers\NETw1v64.sys (Intel Corporation)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (kbfiltr) -- C:\Windows\SysNative\drivers\kbfiltr.sys ( )
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (rixdpcie) -- C:\Windows\SysNative\drivers\rixdpe64.sys (REDC)
DRV:64bit: - (rimspci) -- C:\Windows\SysNative\drivers\rimspe64.sys (REDC)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.)
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SiSGbeLH) -- C:\Windows\SysNative\drivers\SiSG664.sys (Silicon Integrated Systems Corp.)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (SNP2UVC) -- C:\Windows\SysNative\drivers\snp2uvc.sys ()
DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\drivers\ATK64AMD.sys (ASUS)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (LVUSBS64) -- C:\Windows\SysNative\drivers\LVUSBS64.sys (Logitech Inc.)
DRV:64bit: - (LVRS64) -- C:\Windows\SysNative\drivers\lvrs64.sys (Logitech Inc.)
DRV:64bit: - (PID_PEPI) -- C:\Windows\SysNative\drivers\LV302V64.SYS (Logitech Inc.)
DRV:64bit: - (lvpepf64) -- C:\Windows\SysNative\drivers\lv302a64.sys (Logitech Inc.)
DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (ghaio) -- C:\Programme\ASUS\NB Probe\SPM\ghaio.sys ()
DRV - (ASMMAP64) -- C:\Programme\ATKGFNEX\ASMMAP64.sys ()
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}
IE - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109727&tt=311012_ctrl_4412_3&babsrc=SP_ss&mntrId=2a143d1c000000000000001e640cb82a
IE - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\mocras\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O1DPlugin: C:\Users\mocras\AppData\Roaming\Mozilla\plugins\npo1d.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\mocras\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\mocras\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\mocras\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/09/30 01:04:41 | 000,000,000 | ---D | M]
 
[2012/11/04 15:51:33 | 000,002,361 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.de/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\26.0.1410.64\pdf.dll
CHR - plugin: Java Deployment Toolkit 6.0.300.12 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U30 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Nitro PDF Plug-In (Enabled) = C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealPlayer Download Plugin (Enabled) = C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll
CHR - Extension: Google Docs = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake\0.5_0\
CHR - Extension: Google Drive = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\
CHR - Extension: Adblock Plus = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb\1.4_0\
CHR - Extension: Google-Suche = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\
CHR - Extension: RealPlayer HTML5Video Downloader Extension = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\jfmjfhklogoienhpfnppmbcbjfjnkonk\1.5_0\
CHR - Extension: Google Mail = C:\Users\mocras\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
 
O1 HOSTS File: ([2009/06/10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [RunDLLEntry] C:\Windows\SysNative\AmbRunE.DLL (Creative Technology Ltd.)
O4:64bit: - HKLM..\Run: [UfSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe (Trend Micro Inc.)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [MDS_Menu] C:\Program Files (x86)\CyberLink\MediaShow4\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe ()
O4 - HKLM..\Run: [TkBellExe] C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files (x86)\Creative\SB Audigy\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004..\Run: [icq] C:\Users\mocras\AppData\Roaming\ICQM\icq.exe (ICQ)
O4 - HKU\S-1-5-21-3312506410-3051254954-1513997137-1004..\Run: [PC Suite Tray] C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia)
O4 - HKLM..\RunOnce: [Malwarebytes Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-18..\RunOnce: [SPReview] "C:\Windows\System32\SPReview\SPReview.exe" /sp:1 /errorfwlink:"hxxp://go.microsoft.com/fwlink/?LinkID=122915" /build:7601 File not found
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\mocra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Neues Textdokument.txt ()
O4 - Startup: C:\Users\mocra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Users\mocras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\autostart.txt ()
O4 - Startup: C:\Users\mocras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 153
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\mocras\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Free YouTube Download - C:\Users\mocras\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe File not found
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0030-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 1.6.0_30)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_30-windows-i586.cab (Java Plug-in 10.13.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{430447DC-9719-48BF-A113-ABEE3F283E92}: NameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{97E6C40B-5AED-46A4-A924-43E5D84C5E54}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BF2BC472-F4CC-488E-8BB1-A4382A778177}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - AppInit_DLLs: (c:\progra~3\browse~1\23796~1.11\{16cdf~1\browse~1.dll) -  File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/05/04 16:50:21 | 000,000,000 | ---D | C] -- C:\Users\mocras\Desktop\Logfiles
[2013/05/03 19:32:40 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{9E25DB19-7323-49AD-83E7-A173E3685E4D}
[2013/05/03 07:26:50 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{8B514192-D240-4EE8-A5A2-44DC49E3BB71}
[2013/05/02 18:12:00 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{02310E64-C314-4039-9F10-66A08CE04238}
[2013/05/02 09:12:39 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcore6.dll
[2013/05/02 09:12:38 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dhcpcore6.dll
[2013/05/02 09:12:38 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dhcpcsvc6.dll
[2013/05/02 09:12:30 | 000,041,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\RNDISMP.sys
[2013/05/02 09:12:28 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netcorehc.dll
[2013/05/02 09:12:28 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll
[2013/05/02 09:12:28 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netcorehc.dll
[2013/05/02 09:12:28 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ncsi.dll
[2013/05/02 09:12:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\netevent.dll
[2013/05/02 09:12:28 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netevent.dll
[2013/05/02 09:12:18 | 000,245,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\OxpsConverter.exe
[2013/05/02 09:11:22 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe
[2013/05/02 06:11:33 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{BC1EF428-8ED9-4ED0-B514-C50740743703}
[2013/05/02 03:48:51 | 000,000,000 | R--D | C] -- C:\Users\mocras\Links
[2013/05/02 03:48:33 | 000,000,000 | R--D | C] -- C:\Users\mocras\Contacts
[2013/05/02 03:02:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013/04/30 02:25:20 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{0F4140D7-76A6-49AA-A903-70E807DB7E0A}
[2013/04/28 13:55:37 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{8D51FDD5-7D39-45D5-BA8F-E560029FC941}
[2013/04/27 05:28:12 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{9368A629-E3C9-42B4-B5C6-F9F32C357C23}
[2013/04/26 02:34:39 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{F61283EC-0888-4713-8F5F-8612263E2D61}
[2013/04/25 14:34:14 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{F5E00009-7D98-4BC5-9682-112918370E92}
[2013/04/23 18:52:22 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ICQ
[2013/04/23 18:51:57 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Roaming\ICQM
[2013/04/23 18:51:54 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Roaming\ICQ-Profile
[2013/04/22 02:32:29 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{11E67F37-7FFE-4276-B3EB-75553D202D00}
[2013/04/21 14:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013/04/21 14:30:28 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{A81CF4F8-3BD4-40CB-B3E1-918467B0118B}
[2013/04/21 08:21:10 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{9583416A-6753-4CFA-AF69-2F98E536715F}
[2013/04/20 20:20:34 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{552FF46A-F7DE-4DCC-8914-B2ABB3610D87}
[2013/04/20 02:19:27 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{ABE5ABEA-F752-4E3E-B1BC-3D501571701C}
[2013/04/19 17:47:22 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{14D40CA0-3BB4-4668-8F49-034B31DC1F7A}
[2013/04/19 00:52:42 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{A36AC79A-AFD3-4D88-AFB5-D8A3B213F283}
[2013/04/18 00:19:08 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{D71EB3E8-F7D8-4054-BFFE-2B23C855A5D7}
[2013/04/15 16:10:55 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{D4150CFD-6144-44FB-8E60-0350DBACCCCD}
[2013/04/14 19:35:49 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{1E99F744-8D55-4D82-BD08-8D28101C4711}
[2013/04/13 15:21:17 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{0E5EFCEE-12A7-4C90-9500-ABADA2B14919}
[2013/04/11 10:55:24 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{C2AD8ABE-4B03-456E-9821-41A902EBACA4}
[2013/04/11 03:01:16 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013/04/11 03:01:16 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013/04/11 03:01:14 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013/04/11 03:01:13 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013/04/11 03:01:13 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013/04/11 03:01:13 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013/04/11 03:01:13 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe
[2013/04/11 03:01:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe
[2013/04/11 03:01:12 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl
[2013/04/11 03:01:11 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl
[2013/04/11 03:01:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll
[2013/04/11 03:01:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013/04/11 03:01:07 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll
[2013/04/11 03:01:07 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll
[2013/04/11 03:01:07 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll
[2013/04/10 22:53:53 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{9F3AD6F2-ABBA-4EB0-8D4A-BB46DA10C04D}
[2013/04/10 17:55:37 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013/04/10 17:55:37 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013/04/10 17:55:36 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013/04/10 17:55:36 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013/04/10 17:55:36 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013/04/10 17:55:36 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013/04/10 17:55:20 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013/04/10 17:55:20 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 17:55:19 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 17:55:19 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013/04/10 17:55:19 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013/04/10 17:55:19 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
[2013/04/08 18:31:24 | 000,000,000 | ---D | C] -- C:\Users\mocras\Bewerbungen
[2013/04/07 00:28:14 | 000,000,000 | ---D | C] -- C:\Users\mocras\AppData\Local\{35E81C51-6522-41DE-AEC4-6B7211B398CC}
[2013/04/04 17:50:07 | 000,000,000 | ---D | C] -- C:\Windows\aod
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/05/03 16:02:40 | 3212,697,600 | -HS- | M] () -- C:\hiberfil.sys
[2013/05/02 03:12:23 | 000,152,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\msclmd.dll
[2013.05.04 17:17:05 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfud.bin
[2013.05.04 17:16:55 | 000,000,824 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\tmvsthfss.bin
[2013.05.04 17:10:05 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.05.04 17:03:00 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3312506410-3051254954-1513997137-1000UA.job
[2013.05.04 16:54:13 | 000,102,476 | ---- | M] () -- C:\Users\mocras\Desktop\Logfiles.zip
[2013.05.04 16:52:03 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3312506410-3051254954-1513997137-1004UA.job
[2013.05.04 16:40:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.05.04 16:16:34 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.05.04 16:16:34 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.05.04 16:16:34 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.05.04 16:16:34 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.05.04 16:16:34 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.05.04 15:39:00 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.05.04 03:40:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.05.04 03:38:33 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
[2013.05.03 19:52:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3312506410-3051254954-1513997137-1004Core.job
[2013.05.03 19:32:28 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2013.05.03 19:03:00 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3312506410-3051254954-1513997137-1000Core.job
[2013.05.03 16:11:21 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 16:11:21 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.05.03 16:04:19 | 000,000,432 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.ics
[2013.05.03 16:03:00 | 000,000,134 | ---- | M] () -- C:\Windows\SysNative\BootTime.ini
[2013.05.03 07:24:17 | 000,305,928 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.05.03 07:24:12 | 000,000,080 | ---- | M] () -- C:\Windows\SysNative\Defrag.ini
[2013.05.02 15:23:13 | 002,779,703 | ---- | M] () -- C:\Users\mocras\Desktop\P_20130502_152313.jpg
[2013.05.02 03:12:22 | 000,175,616 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\msclmd.dll
[2013.04.29 02:40:19 | 001,184,477 | ---- | M] () -- C:\Users\mocras\IMG_20130429_033544.jpg
[2013.04.27 16:40:05 | 000,009,191 | ---- | M] () -- C:\Users\mocras\Desktop\Liste.odt
[2013.04.23 22:50:06 | 000,001,102 | ---- | M] () -- C:\Users\mocras\Dokumente - Verknüpfung.lnk
[2013.04.23 18:52:23 | 000,001,809 | ---- | M] () -- C:\Users\mocras\Desktop\ICQ.lnk
[2013.04.17 22:32:08 | 001,086,562 | ---- | M] () -- C:\Users\mocras\IMG_20130417_222232.jpg
[2013.04.15 19:19:12 | 000,108,383 | ---- | M] () -- C:\Users\mocras\f35605583.jpg
[2013.04.11 13:11:26 | 000,243,657 | ---- | M] () -- C:\Users\mocras\Desktop\Bescheinigung.pdf
[2013.04.10 22:53:52 | 000,002,342 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2013.04.10 22:53:50 | 000,001,877 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2013.04.10 10:57:08 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/05/04 16:54:13 | 000,102,476 | ---- | C] () -- C:\Users\mocras\Desktop\Logfiles.zip
[2013/05/03 13:12:56 | 000,007,865 | ---- | C] () -- C:\Users\mocras\Desktop\Notenschema.pdf.pdf
[2013/05/02 15:26:28 | 002,779,703 | ---- | C] () -- C:\Users\mocras\Desktop\P_20130502_152313.jpg
[2013/04/29 02:38:26 | 001,184,477 | ---- | C] () -- C:\Users\mocras\IMG_20130429_033544.jpg
[2013/04/27 16:27:58 | 000,009,191 | ---- | C] () -- C:\Users\mocras\Desktop\Liste.odt
[2013/04/23 22:50:06 | 000,001,102 | ---- | C] () -- C:\Users\mocras\Dokumente - Verknüpfung.lnk
[2013/04/23 18:52:23 | 000,001,809 | ---- | C] () -- C:\Users\mocras\Desktop\ICQ.lnk
[2013/04/17 22:31:36 | 001,086,562 | ---- | C] () -- C:\Users\mocras\IMG_20130417_222232.jpg
[2013/04/15 19:19:09 | 000,108,383 | ---- | C] () -- C:\Users\mocras\f35605583.jpg
[2013/04/11 13:11:24 | 000,243,657 | ---- | C] () -- C:\Users\mocras\Desktop\Bescheinigung.pdf
[2013/04/10 22:52:43 | 000,305,928 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013/04/10 10:57:08 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/04/10 10:57:08 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk
[2013/03/24 23:26:00 | 001,284,987 | ---- | C] () -- C:\Users\mocras\2.jpg
[2013/03/24 23:25:55 | 001,630,568 | ---- | C] () -- C:\Users\mocras\1.jpg
[2013/03/24 23:22:50 | 000,734,300 | ---- | C] () -- C:\Users\mocras\7.jpg
[2013/03/24 23:22:38 | 001,905,884 | ---- | C] () -- C:\Users\mocras\3.jpg
[2013/03/24 23:22:32 | 003,053,596 | ---- | C] () -- C:\Users\mocras\9.jpg
[2013/03/23 21:58:13 | 003,742,112 | -H-- | C] () -- C:\Users\mocras\people help the poeple.mp3
[2013/03/12 03:23:10 | 002,807,161 | ---- | C] () -- C:\Users\mocras\15.jpg
[2013/03/12 03:23:06 | 001,181,098 | ---- | C] () -- C:\Users\mocras\17.jpg
[2013/03/12 03:22:53 | 001,845,985 | ---- | C] () -- C:\Users\mocras\6.jpg
[2013/03/12 03:22:45 | 002,740,652 | ---- | C] () -- C:\Users\mocras\4.jpg
[2013/03/12 03:22:37 | 004,498,523 | ---- | C] () -- C:\Users\mocras\13.jpg
[2013/03/12 03:22:30 | 003,460,770 | ---- | C] () -- C:\Users\mocras\12.jpg
[2013/03/12 03:09:55 | 000,129,521 | ---- | C] () -- C:\Users\mocras\10.jpg
[2013/03/12 03:09:39 | 000,130,103 | ---- | C] () -- C:\Users\mocras\14.jpg
[2013/03/09 03:10:05 | 004,648,734 | ---- | C] () -- C:\Users\mocras\11.jpg
[2013/03/09 03:03:31 | 002,236,294 | ---- | C] () -- C:\Users\mocras\5.jpg
[2013/03/09 03:03:05 | 002,382,380 | ---- | C] () -- C:\Users\mocras\8.jpg
[2013/03/09 03:02:39 | 004,636,224 | ---- | C] () -- C:\Users\mocras\16.jpg
[2013/03/09 03:02:15 | 004,765,126 | ---- | C] () -- C:\Users\mocras\18.jpg
[2013/02/25 16:45:11 | 000,046,840 | -H-- | C] () -- C:\Users\mocras\Notenspiegel - Wirtschaftsingenieurwesen (Energie).pdf
[2013/02/25 15:29:05 | 000,294,229 | -H-- | C] () -- C:\Users\mocras\Notenspiegel - Brief.pdf
[2013/02/12 23:01:40 | 000,010,584 | -H-- | C] () -- C:\Users\mocras\Erklärungen.pdf
[2012/12/05 01:08:09 | 000,018,594 | -H-- | C] () -- C:\Users\mocras\XXXX.odt
[2012/07/30 14:52:13 | 000,018,421 | -HS- | C] () -- C:\Users\mocras\AlbumArt_{E339381C-E1EC-4525-9F76-BD5FF625AE72}_Large.jpg
[2012/07/30 14:52:13 | 000,005,373 | -HS- | C] () -- C:\Users\mocras\AlbumArt_{E339381C-E1EC-4525-9F76-BD5FF625AE72}_Small.jpg
[2012/07/30 14:51:58 | 000,018,421 | -HS- | C] () -- C:\Users\mocras\Folder.jpg
[2012/07/30 14:51:58 | 000,005,373 | -HS- | C] () -- C:\Users\mocras\AlbumArtSmall.jpg
[2012/03/06 23:23:18 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2003/10/06 10:21:31 | 000,000,000 | -H-- | C] () -- C:\ProgramData\sdpsenv.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 160 bytes -> C:\ProgramData\sdpsenv.dat:naughtypirates

< End of report >
--- --- ---

[/CODE]

cosinus 04.05.2013 21:50
Rootkitscan mit GMER

Bitte lade dir GMER Rootkit Scanner GMER herunter: (Dateiname zufällig)
  • Schließe alle anderen Programme, deaktiviere deinen Virenscanner und trenne den Rechner vom Internet bevor du GMER startest.
  • Sollte sich nach dem Start ein Fenster mit folgender Warnung öffnen:
    WARNING !!!
    GMER has found system modification, which might have been caused by ROOTKIT activity.
    Do you want to fully scan your system ?
    Unbedingt auf "No" klicken.
  • Entferne rechts den Haken bei: IAT/EAT und Show All
  • Setze den Haken bei Quickscan und entferne ihn bei allen anderen Laufwerken.
  • Starte den Scan mit "Scan".
  • Mache nichts am Computer während der Scan läuft.
  • Wenn der Scan fertig ist klicke auf Save und speichere die Logfile unter Gmer.txt auf deinem Desktop. Mit "Ok" wird GMER beendet.
Antiviren-Programm und sonstige Scanner wieder einschalten, bevor Du ins Netz gehst!


Tauchen Probleme auf?
  • Probiere alternativ den abgesicherten Modus.
  • Erhältst du einen Bluescreen, dann entferne den Haken vor Devices.


Anschließend bitte MBAR ausführen:

Malwarebytes Anti-Rootkit (MBAR)

Downloade dir bitte Malwarebytes Anti-Rootkit Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
  • Starte bitte die mbar.exe.
  • Folge den Anweisungen auf deinem Bildschirm gemäß Anleitung zu Malwarebytes Anti-Rootkit
  • Aktualisiere unbedingt die Datenbank und erlaube dem Tool, dein System zu scannen.
  • Klicke auf den CleanUp Button und erlaube den Neustart.
  • Während dem Neustart wird MBAR die gefundenen Objekte entfernen, also bleib geduldig.
  • Nach dem Neustart starte die mbar.exe erneut.
  • Sollte nochmal was gefunden werden, wiederhole den CleanUp Prozess.
Das Tool wird im erstellten Ordner eine Logfile ( mbar-log-<Jahr-Monat-Tag>.txt ) erzeugen. Bitte poste diese hier.

Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers


Alle Zeitangaben in WEZ +1. Es ist jetzt 00:01 Uhr.

Copyright ©2000-2024, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129