|
Log-Analyse und Auswertung: Trojaner gefunden (Windows 7)Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
02.03.2012, 17:30 | #1 |
| Trojaner gefunden (Windows 7) Hallo Trojaner-Board Community, ich bin seit gestern ein neues Mitglied der Community. Ich habe mir leider ein paar böse Trojaner eingefangen und würde mich sehr darüber freuen, wenn Ihr mir bei der Beseitigung helfen könntet. Ich habe bereits 3 Scans mit Malwarebytes durchgeführt. Im ersten/zweiten Test wurden 18/15 infizierte Dateien gefunden und ich habe diese entfernen lassen. Im Anschluss habe ich den Vollständigen Suchlauf laufen lassen und es konnte keine weitere inifzierte Datei gefunden werden. Ist somit das Problem behoben? Über eure Antworten freue ich mich sehr. Anbei die Logs. Scan Nummer 1 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.01.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User :: xxx-PC [Administrator] Schutz: Aktiviert 02.03.2012 01:47:02 mbam-log-2012-03-02 (01-47-02).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 198189 Laufzeit: 12 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Keine Aktion durchgeführt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Keine Aktion durchgeführt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System|DisableTaskMgr (PUM.Hijack.TaskManager) -> Bösartig: (1) Gut: (0) -> Erfolgreich ersetzt und in Quarantäne gestellt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Keine Aktion durchgeführt. C:\Users\xxx\AppData\Local\Temp\0.1574218895702636g8j8.exe (Exploit.Drop.4) -> Löschen bei Neustart. C:\Users\xxx\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\0.1574218895702636g8j8.exe.lnk (Backdoor.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.01.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User:: XXX-PC [Administrator] Schutz: Aktiviert 02.03.2012 08:09:36 mbam-log-2012-03-02 (08-09-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 197753 Laufzeit: 10 Minute(n), 12 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCR\CLSID\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\TypeLib\{BB7256DD-EBA9-480B-8441-A00388C2BEC3} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{3D782BB2-F2A5-11D3-BF4C-000000000000} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncherBHO (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{78F3A323-798E-4AEA-9A57-88F4B05FD5DD} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncher.1 (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyNewsBarLauncher.IE5BarLauncher (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 2 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: VShareTB -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\{7AC3E13B-3BCA-4158-B330-F66DBB03C1B5} (PUP.VShareRedir) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Program Files\vShare.tv plugin\BarLcher.dll (PUP.VShareRedir) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Nummer 3 Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.01.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 User :: XXX-PC [limitiert] Schutz: Aktiviert 02.03.2012 08:24:27 mbam-log-2012-03-02 (08-24-27).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 340985 Laufzeit: 2 Stunde(n), 45 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
02.03.2012, 20:08 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Ist das systematisch so gewollt? Quickscans als Admin, Vollscans als einfacher User, das kann nichts werden!
__________________Mach bitte immer Scans und v.a. die Vollscans mit Adminrechten!
__________________ |
03.03.2012, 20:05 | #3 |
| Trojaner gefunden (Windows 7) Habe nun den ausführlichen Scan durchlaufen lassen. Hier ist das Ergebnis
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.02.04 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Alexander :: ALEX-PC [Administrator] Schutz: Deaktiviert 03.03.2012 07:11:13 mbam-log-2012-03-03 (07-11-13).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 342747 Laufzeit: 11 Stunde(n), 59 Minute(n), 50 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Liebe Grüße Klecks |
05.03.2012, 12:44 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
08.03.2012, 20:13 | #5 |
| Trojaner gefunden (Windows 7) Hi Arne, ich habe den Eset Test wie von dir beschrieben durchgeführt. Hier ist das Ergebnis. Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=27f19886ff84fd47874d1eac88f15ad2 # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=true # antistealth_checked=true # utc_time=2012-03-08 10:11:36 # local_time=2012-03-08 11:11:36 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=4096 16777215 100 0 34914208 34914208 0 0 # compatibility_mode=5893 16776573 100 94 116389 82802479 0 0 # compatibility_mode=8192 67108863 100 0 195931 195931 0 0 # scanned=696159 # found=2 # cleaned=2 # scan_time=30208 C:\$Recycle.Bin\S-1-5-21-1848404816-2837144999-1178208014-1001\$R4ZF18P.exe multiple threats (deleted - quarantined) 00000000000000000000000000000000 C C:\Program Files\PDFCreator\Toolbar\pdfforge Toolbar_setup.exe Win32/Adware.Toolbar.Dealio application (deleted - quarantined) 00000000000000000000000000000000 C |
08.03.2012, 20:34 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) CustomScan mit OTL Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ --> Trojaner gefunden (Windows 7) |
09.03.2012, 01:50 | #7 |
| Trojaner gefunden (Windows 7) Hallo Arne, anbei der Log vom OTL Scan. Liebe Grüße Klecks |
09.03.2012, 09:28 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL FF - prefs.js..network.proxy.http: "88.198.182.215" FF - prefs.js..network.proxy.http_port: 3128 IE - HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 78.46.145.213:1080 O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\Shell\AutoRun\command - "" = D:\Setup.exe -- [2011.10.06 16:01:18 | 000,355,920 | R--- | M] (Valve Corporation) O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell - "" = AutoRun O33 - MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\Shell\AutoRun\command - "" = F:\Install.exe [2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\Users\xxx\AppData\Roaming\pdfforge @Alternate Data Stream - 146 bytes -> C:\ProgramData\TEMP:CB0AACC9 :Commands [emptytemp] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
09.03.2012, 16:14 | #9 |
| Trojaner gefunden (Windows 7) Anbei der Log vom letzten Scan. Vielen Dank für deine Hilfe!!! Code:
ATTFilter All processes killed ========== OTL ========== Prefs.js: "88.198.182.215" removed from network.proxy.http Prefs.js: 3128 removed from network.proxy.http_port HKU\S-1-5-21-1848404816-2837144999-1178208014-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully! HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully! C:\autoexec.bat moved successfully. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{88c4b747-78c5-11df-969d-806e6f6e6963}\ not found. File move failed. D:\Setup.exe scheduled to be moved on reboot. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{f207aed5-f338-11df-976b-0023125dfba3}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{f207aed5-f338-11df-976b-0023125dfba3}\ not found. File F:\Install.exe not found. C:\Users\xxx\AppData\Roaming\pdfforge\Images2PDF folder moved successfully. C:\Users\xxx\AppData\Roaming\pdfforge folder moved successfully. ADS C:\ProgramData\TEMP:CB0AACC9 deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: xxx ->Temp folder emptied: 1443176115 bytes ->Temporary Internet Files folder emptied: 86362564 bytes ->Java cache emptied: 5805909 bytes ->FireFox cache emptied: 799074626 bytes ->Flash cache emptied: 1226563 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: Public User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes ->Flash cache emptied: 56502 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 136525243 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 2.358,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.36.1 log created on 03092012_160239 Files\Folders moved on Reboot... File move failed. D:\Setup.exe scheduled to be moved on reboot. Registry entries deleted on Reboot... |
10.03.2012, 16:05 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! Falls du durch die Infektion auf deine Dokumente/Eigenen Dateien nicht zugreifen kannst, Verknüpfungen auf dem Desktop oder im Startmenü unter "alle Programme" fehlen, bitte unhide ausführen: Downloade dir bitte unhide.exe und speichere diese Datei auf deinem Desktop. Starte das Tool und es sollten alle Dateien und Ordner wieder sichtbar sein. ( Könnte eine Weile dauern ) Windows-Vista und Windows-7-User müssen das Tool per Rechtsklick als Administrator ausführen!
__________________ Logfiles bitte immer in CODE-Tags posten |
10.03.2012, 16:37 | #11 |
| Trojaner gefunden (Windows 7)Code:
ATTFilter 16:31:57.0331 428616 TDSS rootkit removing tool 2.7.19.0 Mar 5 2012 11:23:39 16:31:59.0334 428616 ============================================================ 16:31:59.0335 428616 Current date / time: 2012/03/10 16:31:59.0334 16:31:59.0335 428616 SystemInfo: 16:31:59.0335 428616 16:31:59.0335 428616 OS Version: 6.1.7601 ServicePack: 1.0 16:31:59.0335 428616 Product type: Workstation 16:31:59.0335 428616 ComputerName: xxx-PC 16:31:59.0335 428616 UserName: xxx 16:31:59.0335 428616 Windows directory: C:\Windows 16:31:59.0335 428616 System windows directory: C:\Windows 16:31:59.0335 428616 Processor architecture: Intel x86 16:31:59.0335 428616 Number of processors: 2 16:31:59.0335 428616 Page size: 0x1000 16:31:59.0335 428616 Boot type: Normal boot 16:31:59.0335 428616 ============================================================ 16:32:02.0563 428616 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:32:02.0599 428616 \Device\Harddisk0\DR0: 16:32:02.0608 428616 GPT used 16:32:02.0658 428616 \Device\Harddisk0\DR0\Partition0: GPT, TypeGUID: {C12A7328-F81F-11D2-BA4B-00A0C93EC93B}, UniqueGUID: {ED546C72-DB30-4F0E-A91D-BB2AD22FEA7E}, Name: EFI System Partition, StartLBA 0x28, BlocksNum 0x64000 16:32:02.0658 428616 \Device\Harddisk0\DR0\Partition1: GPT, TypeGUID: {48465300-0000-11AA-AA11-00306543ECAC}, UniqueGUID: {CD0B2831-753F-4AF4-8547-FEB222FC1796}, Name: Untitled, StartLBA 0x64028, BlocksNum 0xF000000 16:32:02.0658 428616 \Device\Harddisk0\DR0\Partition2: GPT, TypeGUID: {EBD0A0A2-B9E5-4433-87C0-68B6B72699C7}, UniqueGUID: {D90D292A-E574-4C4A-AC7F-B29238165381}, Name: BOOTCAMP, StartLBA 0xF0A4800, BlocksNum 0xE121000 16:32:02.0658 428616 Initialize success 16:32:02.0658 428616 ============================================================ 16:33:00.0244 428956 ============================================================ 16:33:00.0244 428956 Scan started 16:33:00.0244 428956 Mode: Manual; SigCheck; TDLFS; 16:33:00.0244 428956 ============================================================ 16:33:00.0305 428956 1394ohci - ok 16:33:00.0314 428956 ACPI - ok 16:33:00.0318 428956 AcpiPmi - ok 16:33:00.0329 428956 adp94xx - ok 16:33:00.0333 428956 adpahci - ok 16:33:00.0337 428956 adpu320 - ok 16:33:00.0358 428956 AFD - ok 16:33:00.0363 428956 agp440 - ok 16:33:00.0372 428956 aic78xx - ok 16:33:00.0392 428956 aliide - ok 16:33:00.0396 428956 amdagp - ok 16:33:00.0401 428956 amdide - ok 16:33:00.0405 428956 AmdK8 - ok 16:33:00.0409 428956 AmdPPM - ok 16:33:00.0414 428956 amdsata - ok 16:33:00.0419 428956 amdsbs - ok 16:33:00.0423 428956 amdxata - ok 16:33:00.0429 428956 AppID - ok 16:33:00.0467 428956 AppleBtBc - ok 16:33:00.0479 428956 AppleHFS - ok 16:33:00.0484 428956 AppleMNT - ok 16:33:00.0495 428956 applemtm - ok 16:33:00.0500 428956 applemtp - ok 16:33:00.0524 428956 arc - ok 16:33:00.0528 428956 arcsas - ok 16:33:00.0535 428956 AsyncMac - ok 16:33:00.0540 428956 atapi - ok 16:33:00.0637 428956 b06bdrv - ok 16:33:00.0650 428956 b57nd60x - ok 16:33:00.0679 428956 BCM43XX - ok 16:33:00.0688 428956 Beep - ok 16:33:00.0705 428956 blbdrive - ok 16:33:00.0736 428956 bowser - ok 16:33:00.0740 428956 BrFiltLo - ok 16:33:00.0746 428956 BrFiltUp - ok 16:33:00.0752 428956 Brserid - ok 16:33:00.0757 428956 BrSerWdm - ok 16:33:00.0761 428956 BrUsbMdm - ok 16:33:00.0766 428956 BrUsbSer - ok 16:33:00.0770 428956 BthEnum - ok 16:33:00.0775 428956 BTHMODEM - ok 16:33:00.0780 428956 BthPan - ok 16:33:00.0784 428956 BTHPORT - ok 16:33:00.0804 428956 BTHUSB - ok 16:33:00.0814 428956 cdfs - ok 16:33:00.0828 428956 cdrom - ok 16:33:00.0855 428956 circlass - ok 16:33:00.0861 428956 CLFS - ok 16:33:00.0889 428956 CmBatt - ok 16:33:00.0893 428956 cmdide - ok 16:33:00.0897 428956 CNG - ok 16:33:00.0904 428956 Compbatt - ok 16:33:00.0908 428956 CompositeBus - ok 16:33:00.0914 428956 crcdisk - ok 16:33:00.0925 428956 CSC - ok 16:33:00.0942 428956 DfsC - ok 16:33:00.0955 428956 discache - ok 16:33:00.0974 428956 Disk - ok 16:33:01.0024 428956 drmkaud - ok 16:33:01.0048 428956 DrvAgent32 - ok 16:33:01.0053 428956 DXGKrnl - ok 16:33:01.0059 428956 ebdrv - ok 16:33:01.0070 428956 elxstor - ok 16:33:01.0076 428956 ErrDev - ok 16:33:01.0086 428956 exfat - ok 16:33:01.0090 428956 fastfat - ok 16:33:01.0115 428956 fdc - ok 16:33:01.0124 428956 FileInfo - ok 16:33:01.0128 428956 Filetrace - ok 16:33:01.0133 428956 flpydisk - ok 16:33:01.0138 428956 FltMgr - ok 16:33:01.0146 428956 FsDepends - ok 16:33:01.0150 428956 Fs_Rec - ok 16:33:01.0155 428956 fvevol - ok 16:33:01.0180 428956 gagp30kx - ok 16:33:01.0240 428956 GDBehave - ok 16:33:01.0257 428956 GDMnIcpt - ok 16:33:01.0299 428956 GdNetMon - ok 16:33:01.0312 428956 GDPkIcpt - ok 16:33:01.0348 428956 gdwfpcd - ok 16:33:01.0356 428956 GEARAspiWDM - ok 16:33:01.0379 428956 giveio - ok 16:33:01.0388 428956 GRD - ok 16:33:01.0408 428956 grmnusb - ok 16:33:01.0441 428956 hcw85cir - ok 16:33:01.0460 428956 HdAudAddService - ok 16:33:01.0470 428956 HDAudBus - ok 16:33:01.0474 428956 HidBatt - ok 16:33:01.0479 428956 HidBth - ok 16:33:01.0497 428956 HidIr - ok 16:33:01.0507 428956 HidUsb - ok 16:33:01.0545 428956 HookCentre - ok 16:33:01.0557 428956 HpSAMD - ok 16:33:01.0571 428956 HTTP - ok 16:33:01.0580 428956 hwpolicy - ok 16:33:01.0591 428956 i8042prt - ok 16:33:01.0600 428956 iaStorV - ok 16:33:01.0607 428956 iirsp - ok 16:33:01.0640 428956 inpout32 - ok 16:33:01.0656 428956 IntcAzAudAddService - ok 16:33:01.0660 428956 intelide - ok 16:33:01.0664 428956 intelppm - ok 16:33:01.0670 428956 IpFilterDriver - ok 16:33:01.0679 428956 IPMIDRV - ok 16:33:01.0684 428956 IPNAT - ok 16:33:01.0693 428956 IRENUM - ok 16:33:01.0711 428956 IRRemoteFlt - ok 16:33:01.0715 428956 isapnp - ok 16:33:01.0719 428956 iScsiPrt - ok 16:33:01.0741 428956 kbdclass - ok 16:33:01.0751 428956 kbdhid - ok 16:33:01.0755 428956 KeyAgent - ok 16:33:01.0788 428956 KeyMagic - ok 16:33:01.0793 428956 KSecDD - ok 16:33:01.0797 428956 KSecPkg - ok 16:33:01.0851 428956 LHidFilt - ok 16:33:01.0865 428956 lltdio - ok 16:33:01.0877 428956 LMouFilt - ok 16:33:01.0885 428956 LSI_FC - ok 16:33:01.0889 428956 LSI_SAS - ok 16:33:01.0894 428956 LSI_SAS2 - ok 16:33:01.0898 428956 LSI_SCSI - ok 16:33:01.0909 428956 luafv - ok 16:33:01.0918 428956 MacHALDriver - ok 16:33:01.0940 428956 massfilter - ok 16:33:01.0980 428956 MBAMProtector - ok 16:33:01.0998 428956 mdf16 - ok 16:33:02.0002 428956 megasas - ok 16:33:02.0019 428956 MegaSR - ok 16:33:02.0026 428956 Modem - ok 16:33:02.0040 428956 monitor - ok 16:33:02.0054 428956 mouclass - ok 16:33:02.0060 428956 mouhid - ok 16:33:02.0070 428956 mountmgr - ok 16:33:02.0077 428956 mpio - ok 16:33:02.0080 428956 mpsdrv - ok 16:33:02.0086 428956 MRxDAV - ok 16:33:02.0092 428956 mrxsmb - ok 16:33:02.0096 428956 mrxsmb10 - ok 16:33:02.0100 428956 mrxsmb20 - ok 16:33:02.0105 428956 msahci - ok 16:33:02.0108 428956 msdsm - ok 16:33:02.0119 428956 Msfs - ok 16:33:02.0123 428956 mshidkmdf - ok 16:33:02.0128 428956 msisadrv - ok 16:33:02.0146 428956 MSKSSRV - ok 16:33:02.0152 428956 MSPCLOCK - ok 16:33:02.0156 428956 MSPQM - ok 16:33:02.0161 428956 MsRPC - ok 16:33:02.0168 428956 mssmbios - ok 16:33:02.0172 428956 MSTEE - ok 16:33:02.0176 428956 MTConfig - ok 16:33:02.0180 428956 Mup - ok 16:33:02.0185 428956 mvd23 - ok 16:33:02.0192 428956 NativeWifiP - ok 16:33:02.0200 428956 NDIS - ok 16:33:02.0204 428956 NdisCap - ok 16:33:02.0208 428956 NdisTapi - ok 16:33:02.0218 428956 Ndisuio - ok 16:33:02.0223 428956 NdisWan - ok 16:33:02.0227 428956 NDProxy - ok 16:33:02.0237 428956 Netaapl - ok 16:33:02.0243 428956 NetBIOS - ok 16:33:02.0247 428956 NetBT - ok 16:33:02.0280 428956 nfrd960 - ok 16:33:02.0287 428956 Npfs - ok 16:33:02.0312 428956 NRKCTL32 - ok 16:33:02.0318 428956 nsiproxy - ok 16:33:02.0324 428956 Ntfs - ok 16:33:02.0329 428956 Null - ok 16:33:02.0333 428956 NVENETFD - ok 16:33:02.0341 428956 nvlddmkm - ok 16:33:02.0382 428956 NVNET - ok 16:33:02.0396 428956 nvraid - ok 16:33:02.0402 428956 nvsmu - ok 16:33:02.0407 428956 nvstor - ok 16:33:02.0441 428956 nv_agp - ok 16:33:02.0451 428956 ohci1394 - ok 16:33:02.0511 428956 Parport - ok 16:33:02.0517 428956 partmgr - ok 16:33:02.0524 428956 Parvdm - ok 16:33:02.0530 428956 pci - ok 16:33:02.0535 428956 pcidrv - ok 16:33:02.0539 428956 pciide - ok 16:33:02.0543 428956 pcmcia - ok 16:33:02.0548 428956 pcw - ok 16:33:02.0552 428956 PEAUTH - ok 16:33:02.0676 428956 PptpMiniport - ok 16:33:02.0681 428956 Processor - ok 16:33:02.0713 428956 Psched - ok 16:33:02.0728 428956 ql2300 - ok 16:33:02.0733 428956 ql40xx - ok 16:33:02.0740 428956 QWAVEdrv - ok 16:33:02.0746 428956 RasAcd - ok 16:33:02.0751 428956 RasAgileVpn - ok 16:33:02.0758 428956 Rasl2tp - ok 16:33:02.0778 428956 RasPppoe - ok 16:33:02.0783 428956 RasSstp - ok 16:33:02.0787 428956 rdbss - ok 16:33:02.0791 428956 rdpbus - ok 16:33:02.0796 428956 RDPCDD - ok 16:33:02.0802 428956 RDPDR - ok 16:33:02.0807 428956 RDPENCDD - ok 16:33:02.0814 428956 RDPREFMP - ok 16:33:02.0818 428956 RDPWD - ok 16:33:02.0822 428956 rdyboost - ok 16:33:02.0836 428956 RFCOMM - ok 16:33:02.0847 428956 RimUsb - ok 16:33:02.0865 428956 rspndr - ok 16:33:02.0869 428956 s3cap - ok 16:33:02.0875 428956 sbp2port - ok 16:33:02.0882 428956 scfilter - ok 16:33:02.0895 428956 secdrv - ok 16:33:02.0907 428956 Serenum - ok 16:33:02.0911 428956 Serial - ok 16:33:02.0916 428956 sermouse - ok 16:33:02.0927 428956 sffdisk - ok 16:33:02.0933 428956 sffp_mmc - ok 16:33:02.0937 428956 sffp_sd - ok 16:33:02.0941 428956 sfloppy - ok 16:33:02.0952 428956 sisagp - ok 16:33:02.0956 428956 SiSRaid2 - ok 16:33:02.0963 428956 SiSRaid4 - ok 16:33:02.0986 428956 Smb - ok 16:33:03.0029 428956 speedfan - ok 16:33:03.0033 428956 spldr - ok 16:33:03.0046 428956 srv - ok 16:33:03.0050 428956 srv2 - ok 16:33:03.0055 428956 srvnet - ok 16:33:03.0059 428956 sscdbus - ok 16:33:03.0088 428956 sscdmdfl - ok 16:33:03.0093 428956 sscdmdm - ok 16:33:03.0113 428956 StarOpen - ok 16:33:03.0134 428956 stexstor - ok 16:33:03.0153 428956 storflt - ok 16:33:03.0162 428956 storvsc - ok 16:33:03.0167 428956 swenum - ok 16:33:03.0195 428956 Tcpip - ok 16:33:03.0199 428956 TCPIP6 - ok 16:33:03.0206 428956 tcpipreg - ok 16:33:03.0212 428956 TDPIPE - ok 16:33:03.0219 428956 TDTCP - ok 16:33:03.0223 428956 tdx - ok 16:33:03.0229 428956 TermDD - ok 16:33:03.0270 428956 tssecsrv - ok 16:33:03.0292 428956 TsUsbFlt - ok 16:33:03.0303 428956 tunnel - ok 16:33:03.0307 428956 uagp35 - ok 16:33:03.0311 428956 udfs - ok 16:33:03.0323 428956 uliagpkx - ok 16:33:03.0326 428956 umbus - ok 16:33:03.0331 428956 UmPass - ok 16:33:03.0342 428956 USBAAPL - ok 16:33:03.0373 428956 usbaudio - ok 16:33:03.0378 428956 usbccgp - ok 16:33:03.0382 428956 usbcir - ok 16:33:03.0386 428956 usbehci - ok 16:33:03.0394 428956 usbhub - ok 16:33:03.0398 428956 usbohci - ok 16:33:03.0415 428956 usbprint - ok 16:33:03.0432 428956 usbscan - ok 16:33:03.0440 428956 USBSTOR - ok 16:33:03.0449 428956 usbuhci - ok 16:33:03.0457 428956 usbvideo - ok 16:33:03.0476 428956 usb_rndisx - ok 16:33:03.0487 428956 vdrvroot - ok 16:33:03.0497 428956 vga - ok 16:33:03.0501 428956 VgaSave - ok 16:33:03.0505 428956 vhdmp - ok 16:33:03.0513 428956 viaagp - ok 16:33:03.0517 428956 ViaC7 - ok 16:33:03.0530 428956 viaide - ok 16:33:03.0534 428956 vmbus - ok 16:33:03.0538 428956 VMBusHID - ok 16:33:03.0542 428956 volmgr - ok 16:33:03.0547 428956 volmgrx - ok 16:33:03.0551 428956 volsnap - ok 16:33:03.0555 428956 vsmraid - ok 16:33:03.0562 428956 vwifibus - ok 16:33:03.0568 428956 vwififlt - ok 16:33:03.0573 428956 vwifimp - ok 16:33:03.0583 428956 WacomPen - ok 16:33:03.0587 428956 WANARP - ok 16:33:03.0591 428956 Wanarpv6 - ok 16:33:03.0617 428956 Wd - ok 16:33:03.0621 428956 Wdf01000 - ok 16:33:03.0638 428956 WfpLwf - ok 16:33:03.0643 428956 WIMMount - ok 16:33:03.0674 428956 WinUsb - ok 16:33:03.0680 428956 WmiAcpi - ok 16:33:03.0699 428956 ws2ifsl - ok 16:33:03.0713 428956 WudfPf - ok 16:33:03.0717 428956 WUDFRd - ok 16:33:03.0735 428956 ZTEusbmdm6k - ok 16:33:03.0756 428956 ZTEusbnmea - ok 16:33:03.0761 428956 ZTEusbser6k - ok 16:33:03.0809 428956 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 16:33:03.0974 428956 \Device\Harddisk0\DR0 - ok 16:33:03.0983 428956 Boot (0x1200) (f00df79ecae519202bdeea2c1431628d) \Device\Harddisk0\DR0\Partition0 16:33:03.0983 428956 \Device\Harddisk0\DR0\Partition0 - ok 16:33:03.0991 428956 Boot (0x1200) (be06d81fa7b7e864a0249b11a07c1b83) \Device\Harddisk0\DR0\Partition1 16:33:03.0992 428956 \Device\Harddisk0\DR0\Partition1 - ok 16:33:04.0003 428956 Boot (0x1200) (5836c6d9dade5451c99c3aa2a7366c36) \Device\Harddisk0\DR0\Partition2 16:33:04.0004 428956 \Device\Harddisk0\DR0\Partition2 - ok 16:33:04.0007 428956 ============================================================ 16:33:04.0007 428956 Scan finished 16:33:04.0007 428956 ============================================================ 16:33:04.0021 428692 Detected object count: 0 16:33:04.0021 428692 Actual detected object count: 0 |
10.03.2012, 16:49 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Trojaner gefunden (Windows 7) Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
11.03.2012, 16:40 | #13 |
| Trojaner gefunden (Windows 7) Hi Arne, ich habe alles durchgeführt. Allerdings glaube ich, dass der BKA Trojaner noch vorhanden ist. Ich soll eine Zahlung von 100 Euro leisten. Wie soll ich nun vorgehen? |
11.03.2012, 17:32 | #14 |
| Trojaner gefunden (Windows 7) OTL Scan im abgesicherten Modus. OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2012 17:20:09 - Run 2 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Xxx\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,73 Gb Total Physical Memory | 1,94 Gb Available Physical Memory | 71,02% Memory free 5,72 Gb Paging File | 4,97 Gb Available in Paging File | 86,83% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,56 Gb Total Space | 27,95 Gb Free Space | 24,83% Space Free | Partition Type: NTFS Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Adobe\Reader 9.0\Reader\AcroRd32Info.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Windows\HelpPane.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - c:\Programme\Adobe\Reader 9.0\Reader\RdLang32.DEU () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Programme\WinRAR\RarExt.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\sqlite.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ccme_base.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\cryptocme2.dll () ========== Win32 Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation) SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe () SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.) SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- File not found DRV - (ZTEusbnmea) -- File not found DRV - (ZTEusbmdm6k) -- File not found DRV - (pcidrv) -- File not found DRV - (NRKCTL32) -- File not found DRV - (massfilter) -- File not found DRV - (catchme) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.) DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.) DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.) DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.) DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.) DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys () DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys () DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.) DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M] [2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions [2012.03.08 20:11:30 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions [2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar [2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml [2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak [2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle [2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop [2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software [2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes [2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents [2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax [2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox [2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA [2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook [2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot [2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder [2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio ========== Files - Modified Within 30 Days ========== [2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys [2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg [2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf [2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg [2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg [2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG [2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost [2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg [2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\xxx-788975.jpeg [2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf [2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg [2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg [2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost [2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG [2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg [2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk [2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML [2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe [2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82} [2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg [2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys [2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin ========== LOP Check ========== [2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft [2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost [2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot [2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN [2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo [2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ [2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech [2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape [2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle [2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files [2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung [2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software [2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client [2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software [2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE [2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue [2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox [2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > p.s. ich benutze bootcamp. gdata internet security 2012 als firewall und virenprogramm. Welche zusätzlichen tools sollte ich noch beschaffen? Ich hatte bisher keine Probleme mit Viren...Es häuft sich in den letzten Woche leider. |
11.03.2012, 17:44 | #15 |
| Trojaner gefunden (Windows 7) Ich habe soeben alte Posts durchforstet. Ich habe die dort beschriebenen Empfehlungen befolgt. Hier OTL Scan Extras und normal Normal: OTL Logfile: Code:
ATTFilter OTL logfile created on: 11.03.2012 17:37:32 - Run 2 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Xxx\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free 5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS Computer Name: ALEX-PC | User Name: Xxx | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Xxx\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Microsoft Office\Office12\WINWORD.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Windows\System32\Macromed\Flash\NPSWF32.dll () MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Adobe\Reader 9.0\Reader\ViewerPS.dll () MOD - C:\Programme\NVIDIA Corporation\3D Vision\Nv3DVStreaming.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE12\MSPTLS.DLL () MOD - C:\Programme\WinRAR\RarExt.dll () ========== Win32 Services (SafeList) ========== SRV - (SkypeUpdate) -- C:\Program Files\Skype\Updater\Updater.exe (Skype Technologies) SRV - (MBAMService) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (OracleIRMServiceHost) -- C:\Program Files\Oracle\Information Rights Management\Desktop\OracleIRMServiceHost.exe (Oracle Corporation) SRV - (AVKProxy) -- C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe (G Data Software AG) SRV - (GDScan) -- C:\Program Files\Common Files\G Data\GDScan\GDScan.exe (G Data Software AG) SRV - (AVKWCtl) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe (G Data Software AG) SRV - (nvUpdatusService) -- C:\Programme\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (LBTServ) -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe (Logitech, Inc.) SRV - (AppleOSSMgr) -- C:\Windows\System32\AppleOSSMgr.exe () SRV - (GDFwSvc) -- C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe (G Data Software AG) SRV - (SZDrvSvc) -- C:\Program Files\Clarus\Samsung Drive Manager\SZDrvSvc.exe (Clarus, Inc.) SRV - (Steam Client Service) -- C:\Program Files\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (AVKService) -- C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe (G Data Software AG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (AppleTimeSrv) -- C:\Windows\System32\AppleTimeSrv.exe (Apple Inc.) SRV - (Pharos Systems ComTaskMaster) -- C:\Programme\PharosSystems\Core\CTskMstr.exe (Pharos Systems International) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- File not found DRV - (ZTEusbnmea) -- File not found DRV - (ZTEusbmdm6k) -- File not found DRV - (pcidrv) -- File not found DRV - (NRKCTL32) -- File not found DRV - (massfilter) -- File not found DRV - (catchme) -- File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (HookCentre) -- C:\Windows\System32\drivers\HookCentre.sys (G Data Software AG) DRV - (GDMnIcpt) -- C:\Windows\System32\drivers\MiniIcpt.sys (G Data Software AG) DRV - (gdwfpcd) -- C:\Windows\System32\drivers\gdwfpcd32.sys (G Data Software AG) DRV - (GDBehave) -- C:\Windows\system32\drivers\GDBehave.sys (G Data Software AG) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (GRD) -- C:\Windows\System32\drivers\GRD.sys (G Data Software) DRV - (GDPkIcpt) -- C:\Windows\System32\drivers\PktIcpt.sys (G Data Software AG) DRV - (GdNetMon) -- C:\Windows\System32\drivers\GdNetMon32.sys (G Data Software AG) DRV - (LMouFilt) -- C:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.) DRV - (LHidFilt) -- C:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.) DRV - (AppleHFS) -- C:\Windows\System32\drivers\AppleHFS.sys (Apple Inc.) DRV - (AppleMNT) -- C:\Windows\System32\drivers\AppleMNT.sys (Apple Inc.) DRV - (KeyAgent) -- C:\Windows\System32\drivers\KeyAgent.sys (Apple Inc.) DRV - (AppleBtBc) -- C:\Windows\System32\drivers\AppleBtBc.sys (Apple Inc.) DRV - (KeyMagic) -- C:\Windows\System32\drivers\KeyMagic.sys (Apple Inc.) DRV - (mvd23) -- C:\Programme\Clarus\Samsung Drive Manager\mvd23.sys () DRV - (Netaapl) -- C:\Windows\System32\drivers\netaapl.sys (Apple Inc.) DRV - (mdf16) -- C:\Programme\Clarus\Samsung Drive Manager\mdf16.sys () DRV - (applemtp) -- C:\Windows\System32\drivers\applemtp.sys (Apple Inc.) DRV - (applemtm) -- C:\Windows\System32\drivers\applemtm.sys (Apple Inc.) DRV - (vmbus) -- C:\Windows\system32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\system32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\system32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\system32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\system32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (MacHALDriver) -- C:\Windows\System32\drivers\MacHALDriver.sys (Apple Inc.) DRV - (NVNET) -- C:\Windows\System32\drivers\nvmf6232.sys (NVIDIA Corporation) DRV - (inpout32) -- C:\Windows\System32\drivers\inpout32.sys (Highresolution Enterprises [www.highrez.co.uk]) DRV - (DrvAgent32) -- C:\Windows\System32\drivers\DrvAgent32.sys (Phoenix Technologies) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (IRRemoteFlt) -- C:\Windows\System32\drivers\IRFilter.sys (Apple Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (sscdmdm) -- C:\Windows\System32\drivers\sscdmdm.sys (MCCI Corporation) DRV - (sscdmdfl) -- C:\Windows\System32\drivers\sscdmdfl.sys (MCCI Corporation) DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\Windows\System32\drivers\sscdbus.sys (MCCI Corporation) DRV - (speedfan) -- C:\Windows\system32\speedfan.sys (Windows (R) 2000 DDK provider) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (giveio) -- C:\Windows\system32\giveio.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E0 FF AB 64 2C BB CB 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {9AA46F4F-4DC7-4c06-97AF-5035170633FE}:21.1.10084.997 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.5 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.1 FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.86.1 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.669: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.669: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files\Veetle\plugins\npVeetle.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files\Veetle\Player\npvlc.dll (Veetle Inc) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\Xxx\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1010120-0-npoctoshape.dll (Octoshape ApS) FF - HKCU\Software\MozillaPlugins\@Skype Limited.com/Facebook Video Calling Plugin: C:\Users\Xxx\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll (Skype Limited) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.11.07 18:41:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.02.18 15:12:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 08:15:16 | 000,000,000 | ---D | M] [2010.06.16 00:51:56 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Extensions [2012.03.11 17:22:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions [2012.03.08 20:11:30 | 000,000,000 | ---D | M] (ChatZilla) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2} [2010.07.22 21:40:34 | 000,000,000 | ---D | M] ("DVDVideoSoft Menu") -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2011.04.30 14:29:21 | 000,000,000 | ---D | M] (vShare) -- C:\Users\Xxx\AppData\Roaming\mozilla\Firefox\Profiles\3jewtk1i.default\extensions\vshare@toolbar [2011.01.26 20:35:46 | 000,001,583 | ---- | M] () -- C:\Users\Xxx\AppData\Roaming\Mozilla\Firefox\Profiles\3jewtk1i.default\searchplugins\web-search.xml [2012.01.12 20:55:30 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.03.04 16:57:12 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.01.10 23:06:54 | 000,000,000 | ---D | M] (G Data BankGuard) -- C:\Programme\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad} [2010.06.16 00:48:45 | 000,000,000 | ---D | M] (G Data WebFilter) -- C:\Programme\Mozilla Firefox\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170633FE} [2012.02.18 15:12:18 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.09.20 20:34:46 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2011.07.11 22:48:12 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\mozilla firefox\plugins\npwachk.dll [2011.05.13 09:15:18 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.05.13 09:15:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2011.05.13 09:15:18 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2011.05.13 09:15:18 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2011.05.13 09:15:18 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2011.05.13 09:15:18 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.03.09 16:07:23 | 000,000,098 | ---- | M]) - C:\Windows\System32\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Programme\Common Files\G Data\AVKProxy\BanksaxxxHO.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Programme\G Data\InternetSecurity\Webfilter\AvkWebIE.dll (G Data Software AG) O4 - HKLM..\Run: [Apple_KbdMgr] C:\Programme\Boot Camp\Bootcamp.exe (Apple Inc.) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Programme\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Programme\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKCU..\Run: [MobileDocuments] C:\Programme\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\Run: 55639 = C:\PROGRA~2\LOCALS~1\Temp\msbufn.cmd () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8 - Extra context menu item: Free YouTube Download - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubedownload.htm () O8 - Extra context menu item: Free YouTube to Mp3 Converter - C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers\youtubetomp3.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.2 - {72EFBFE4-C74F-4187-AEFD-73EA3BE968D6} - C:\Programme\ICQ7.2\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46DDFED6-86B2-4FAE-85D9-CAFFBEAFCEA1}: DhcpNameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE968AA3-33BA-4C65-B600-D5EA456BF8B1}: DhcpNameServer = 80.58.61.250 80.58.61.254 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D27CDFD0-3662-4EE2-8C47-60EF2B9256DA}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.03.24 12:06:41 | 000,000,053 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O32 - AutoRun File - [2011.03.05 16:57:06 | 000,000,120 | ---- | M] () - G:\Autorun.inf -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2012.03.11 16:16:52 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\kodak [2012.03.11 16:16:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Local Settings [2012.03.10 19:17:07 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.03.10 19:17:07 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.03.10 19:17:07 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.03.10 19:16:46 | 000,000,000 | ---D | C] -- C:\Windows\ERDNT [2012.03.10 19:16:37 | 000,000,000 | --SD | C] -- C:\ComboFix [2012.03.10 19:16:27 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.03.10 19:15:16 | 000,000,000 | --SD | C] -- C:\32788R22FWJFW [2012.03.09 16:02:39 | 000,000,000 | ---D | C] -- C:\_OTL [2012.03.09 01:49:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.03.09 01:49:29 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2012.03.09 01:11:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.03.09 01:09:10 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.03.09 01:09:07 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.03.07 02:36:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.03.07 02:36:21 | 000,137,000 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMAPI32.OCX [2012.03.07 02:36:19 | 000,158,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCMCDE.DLL [2012.03.07 02:36:19 | 000,125,712 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\VB6DE.DLL [2012.03.07 02:36:19 | 000,064,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSCC2DE.DLL [2012.03.07 02:36:19 | 000,023,552 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MSMPIDE.DLL [2012.03.07 02:36:18 | 000,000,000 | ---D | C] -- C:\Program Files\PDFCreator [2012.03.05 21:48:45 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Oracle [2012.03.05 21:35:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle IRM Desktop [2012.03.05 21:35:18 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.03.05 21:35:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Oracle [2012.03.05 21:22:36 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.03.04 16:56:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.03.04 16:56:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype [2012.03.02 08:13:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2012.03.02 01:52:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Simply Super Software [2012.03.02 01:52:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trojan Remover [2012.03.02 01:52:38 | 000,069,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ztvcabinet.dll [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Program Files\Trojan Remover [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software [2012.03.02 01:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.03.02 01:45:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\Malwarebytes [2012.03.02 01:45:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.03.02 01:45:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.03.02 01:45:01 | 000,020,464 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.03.02 01:45:01 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.02.24 10:53:13 | 000,000,000 | R--D | C] -- C:\Users\Xxx\Documents\Scanned Documents [2012.02.24 10:53:13 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Documents\Fax [2012.02.22 18:00:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Xerox [2012.02.22 00:24:49 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\NVIDIA [2012.02.22 00:24:01 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Local\Facebook [2012.02.18 23:16:09 | 000,000,000 | ---D | C] -- C:\Users\Xxx\AppData\Roaming\froot [2012.02.16 00:17:49 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.02.16 00:17:47 | 001,798,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.02.16 00:17:47 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.02.16 00:17:46 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.02.16 00:17:46 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.02.16 00:17:42 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.02.15 12:38:49 | 002,343,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.02.15 12:22:09 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012.02.14 20:18:54 | 000,000,000 | ---D | C] -- C:\Users\Xxx\Desktop\FUnny bilder [2012.02.13 21:56:02 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Visual Studio ========== Files - Modified Within 30 Days ========== [2012.03.11 17:18:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.11 17:18:11 | 2195,533,824 | -HS- | M] () -- C:\hiberfil.sys [2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 17:15:54 | 000,015,152 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.11 17:12:17 | 000,657,676 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.03.11 17:12:17 | 000,618,912 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.03.11 17:12:17 | 000,131,016 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.03.11 17:12:17 | 000,107,232 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.03.11 16:08:34 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.11 16:08:29 | 000,000,500 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts.ics [2012.03.11 16:08:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.03.11 14:39:04 | 000,576,446 | ---- | M] () -- C:\Windows\System32\sig.bin [2012.03.11 14:39:04 | 000,037,755 | ---- | M] () -- C:\Windows\System32\nmp.map [2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.03.11 00:03:57 | 000,023,081 | ---- | M] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg [2012.03.09 16:07:23 | 000,000,098 | ---- | M] () -- C:\Windows\System32\drivers\etc\Hosts [2012.03.09 15:27:42 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.03.09 01:11:12 | 000,001,761 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 02:36:30 | 000,001,001 | ---- | M] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.03.04 17:51:13 | 000,311,216 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.03.04 16:56:32 | 000,002,505 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.02 01:45:04 | 000,001,079 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.23 09:18:36 | 000,237,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2012.02.21 16:45:23 | 000,135,811 | ---- | M] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf [2012.02.20 17:55:25 | 000,045,496 | ---- | M] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg [2012.02.16 21:58:45 | 000,083,102 | ---- | M] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg [2012.02.13 22:18:56 | 000,035,355 | ---- | M] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG [2012.02.13 22:14:22 | 1298,727,936 | ---- | M] () -- C:\Users\Xxx\Desktop\outlook.ost [2012.02.12 15:40:07 | 000,086,289 | ---- | M] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg [2012.02.11 20:46:18 | 000,001,229 | ---- | M] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk ========== Files Created - No Company Name ========== [2012.03.11 00:03:55 | 000,023,081 | ---- | C] () -- C:\Users\Xxx\Desktop\deutsche bank-788975.jpeg [2012.03.10 19:17:08 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.03.10 19:17:07 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.03.10 19:17:07 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.03.10 19:17:07 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.03.10 19:17:07 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.03.09 01:11:12 | 000,001,761 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.03.07 02:36:30 | 000,001,001 | ---- | C] () -- C:\Users\Public\Desktop\PDFCreator.lnk [2012.03.07 02:36:21 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2012.03.04 16:56:32 | 000,002,505 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012.03.02 01:52:38 | 000,162,304 | ---- | C] () -- C:\Windows\System32\ztvunrar36.dll [2012.03.02 01:52:38 | 000,077,312 | ---- | C] () -- C:\Windows\System32\ztvunace26.dll [2012.03.02 01:52:38 | 000,075,264 | ---- | C] () -- C:\Windows\System32\unacev2.dll [2012.03.02 01:52:37 | 000,153,088 | ---- | C] () -- C:\Windows\System32\UNRAR3.dll [2012.03.02 01:45:04 | 000,001,079 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.02.22 00:24:06 | 000,000,944 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.02.22 00:24:03 | 000,000,922 | ---- | C] () -- C:\Windows\tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.02.21 16:45:23 | 000,135,811 | ---- | C] () -- C:\Users\Xxx\Desktop\Problems and exercises XXX Financial Accounting_Xxx 2012.pdf [2012.02.20 17:55:23 | 000,045,496 | ---- | C] () -- C:\Users\Xxx\Desktop\b_be04744f4e0c6ca46d64b7f202639c54.jpg [2012.02.16 21:58:37 | 000,083,102 | ---- | C] () -- C:\Users\Xxx\Desktop\299444_10150378962950148_615015147_10631347_912926292_n.jpg [2012.02.13 22:17:09 | 1298,727,936 | ---- | C] () -- C:\Users\Xxx\Desktop\outlook.ost [2012.02.13 22:14:48 | 000,035,355 | ---- | C] () -- C:\Users\Xxx\Desktop\Unbenannt.JPG [2012.02.12 15:40:04 | 000,086,289 | ---- | C] () -- C:\Users\Xxx\Desktop\32068_429888805147_615015147_6059925_1562477_n.jpg [2012.02.11 20:46:18 | 000,001,229 | ---- | C] () -- C:\Users\Xxx\Desktop\Xxx Master - Verknüpfung.lnk [2012.02.08 20:53:41 | 000,009,355 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\Microsoft Excel 97-2003.EML [2012.02.08 20:53:38 | 000,000,028 | ---- | C] () -- C:\Windows\ODBC.INI [2012.02.06 15:56:00 | 000,000,080 | ---- | C] () -- C:\Windows\ricdb.ini [2011.10.15 00:54:52 | 000,321,856 | ---- | C] () -- C:\Windows\System32\nvStreaming.exe [2011.09.13 19:10:05 | 000,576,446 | ---- | C] () -- C:\Windows\System32\sig.bin [2011.08.15 17:34:40 | 000,194,432 | ---- | C] () -- C:\Windows\System32\AppleOSSMgr.exe [2011.06.09 07:31:06 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.05.03 11:24:35 | 000,000,000 | ---- | C] () -- C:\Users\Xxx\AppData\Local\{3849004C-4B43-4279-AA42-2985BB089C82} [2011.04.06 07:53:20 | 000,081,920 | ---- | C] () -- C:\Windows\System32\GkSui20.EXE [2010.12.09 14:22:35 | 000,004,608 | ---- | C] () -- C:\Users\Xxx\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.12.04 13:12:01 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2010.12.04 13:12:01 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2010.10.06 01:50:38 | 000,819,200 | ---- | C] () -- C:\Windows\System32\xvidcore.dll [2010.10.06 01:50:38 | 000,180,224 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll [2010.07.18 12:56:14 | 000,000,017 | ---- | C] () -- C:\Users\Xxx\AppData\Local\resmon.resmoncfg [2010.07.12 23:01:47 | 000,138,056 | ---- | C] () -- C:\Users\Xxx\AppData\Roaming\PnkBstrK.sys [2010.07.12 23:01:47 | 000,137,256 | ---- | C] () -- C:\Windows\System32\drivers\PnkBstrK.sys [2010.07.12 23:01:17 | 000,218,808 | ---- | C] () -- C:\Windows\System32\PnkBstrB.exe [2010.07.12 23:01:16 | 002,434,856 | ---- | C] () -- C:\Windows\System32\pbsvc_bc2.exe [2010.07.12 23:01:16 | 000,075,064 | ---- | C] () -- C:\Windows\System32\PnkBstrA.exe [2010.06.23 17:14:55 | 000,100,936 | -H-- | C] () -- C:\Windows\System32\mlfcache.dat [2010.06.20 15:38:33 | 000,000,000 | ---- | C] () -- C:\ProgramData\LauncherAccess.dt [2010.06.20 15:34:19 | 000,005,632 | ---- | C] () -- C:\Windows\System32\drivers\StarOpen.sys [2010.06.19 17:37:45 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat [2010.06.16 01:09:08 | 000,011,164 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2010.06.07 16:47:34 | 000,258,142 | ---- | C] () -- C:\Windows\System32\nvcoproc.bin ========== LOP Check ========== [2010.11.22 13:23:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoft [2010.11.22 13:16:10 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\DVDVideoSoftIEHelpers [2010.06.26 20:52:26 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\EventGhost [2012.02.18 23:16:30 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\froot [2010.07.01 16:29:12 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GARMIN [2010.12.09 14:11:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\GetRightToGo [2012.03.04 17:48:34 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\ICQ [2010.07.17 21:32:03 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Leadertech [2010.08.19 14:48:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Octoshape [2012.03.05 21:48:45 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Oracle [2010.11.19 09:47:57 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Program Files [2010.06.20 15:38:49 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Samsung [2012.03.02 01:52:20 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Simply Super Software [2010.08.29 22:17:56 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TS3Client [2010.07.17 19:55:46 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\TuneUp Software [2011.05.26 20:32:08 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\uICE [2010.07.16 16:06:38 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Uniblue [2012.02.07 12:23:11 | 000,000,000 | ---D | M] -- C:\Users\Xxx\AppData\Roaming\Xerox [2012.03.11 00:29:00 | 000,000,922 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001Core.job [2012.03.11 15:29:03 | 000,000,944 | ---- | M] () -- C:\Windows\Tasks\FacebookUpdateTaskUserS-1-5-21-1848404816-2837144999-1178208014-1001UA.job [2012.01.01 23:56:29 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Extras OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 11.03.2012 17:37:32 - Run 2 OTL by OldTimer - Version 3.2.36.1 Folder = C:\Users\Xxx\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,73 Gb Total Physical Memory | 2,05 Gb Available Physical Memory | 75,33% Memory free 5,72 Gb Paging File | 5,12 Gb Available in Paging File | 89,44% Paging File free Paging file location(s): C:\pagefile.sys 3070 3070 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 112,56 Gb Total Space | 27,89 Gb Free Space | 24,77% Space Free | Partition Type: NTFS Drive D: | 436,59 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 120,00 Gb Total Space | 67,14 Gb Free Space | 55,95% Space Free | Partition Type: HFS Drive G: | 596,17 Gb Total Space | 578,74 Gb Free Space | 97,08% Space Free | Partition Type: NTFS Computer Name: XXX-PC | User Name: Xxx | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htafile [open] -- "%1" %* inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.) Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.) Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 0 ========== Authorized Applications List ========== ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 "{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam "{09D25025-D7A2-47BA-99D4-3147DDD2D4A5}" = Oracle IRM Desktop "{0A35B15C-9CCD-4C0C-BD5B-34ABF8C95813}_is1" = ICQ 7.2 Build #3129 Banner Remover 1.0 "{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27 "{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1 "{2A03B9F8-BE6D-43C6-A16A-B9998A194AF0}" = Garmin Training Center "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg "{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime "{4640FDE1-B83A-4376-84ED-86F86BEE2D41}" = Driver Detective "{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{58D335B6-B3C6-4465-AEC3-6442BC323723}" = SharpKeys "{5A3C1721-F8ED-11E0-8AFB-B8AC6F97B88E}" = Google Earth "{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053 "{624E54D0-E4F4-434F-9EF6-D4D066EE4348}" = Facebook Video Calling 1.1.1.1 "{65F9E1F3-A2C1-4AA9-9F33-A3AEB0255F0E}" = Garmin USB Drivers "{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{72EFBFE4-C74F-4187-AEFD-73EA3BE968D6}" = ICQ7.2 "{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{7BE15435-2D3E-4B58-867F-9C75BED0208C}" = QuickTime "{7F6D7FD9-648D-4DD9-BB6E-3990C675ECA4}" = NVIDIA PhysX "{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8B92D97D-DB3D-4926-A8F7-718FE7C5EE18}" = iTunes "{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007 "{90120000-0016-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007 "{90120000-0018-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007 "{90120000-001A-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007 "{90120000-001B-0407-0000-0000000FF1CE}_STANDARDR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007 "{90120000-001F-0407-0000-0000000FF1CE}_STANDARDR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007 "{90120000-001F-0409-0000-0000000FF1CE}_STANDARDR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007 "{90120000-001F-040C-0000-0000000FF1CE}_STANDARDR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007 "{90120000-001F-0410-0000-0000000FF1CE}_STANDARDR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3) "{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007 "{90120000-006E-0407-0000-0000000FF1CE}_STANDARDR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.PRJPROR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.PRJPROR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.PRJPROR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.PRJPROR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.PRJPROR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.PRJPROR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-00B4-0407-0000-0000000FF1CE}" = Microsoft Office Project MUI (German) 2010 "{90140000-00B4-0407-0000-0000000FF1CE}_Office14.PRJPROR_{86D01646-1942-4253-B11F-68F5ED259B17}" = Microsoft Project 2010 Service Pack 1 (SP1) "{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In "{91120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007 "{91120000-0012-0000-0000-0000000FF1CE}_STANDARDR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3) "{91140000-003B-0000-0000-0000000FF1CE}" = Microsoft Office Project Professional 2010 "{91140000-003B-0000-0000-0000000FF1CE}_Office14.PRJPROR_{8A8F117F-8EDB-440D-B679-F08909D729F7}" = Microsoft Project 2010 Service Pack 1 (SP1) "{926BD0E8-24A3-41D2-AF9B-340F1A37ED12}" = MobileMe Control Panel "{9600B88C-BE14-4BEA-A529-F5F312900BA3}" = Samsung PC Studio 3 "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9F1A6A24-4901-42F6-A355-5DD2B82E62AE}" = Samsung Drive Manager "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Programm für Prozessor-IDs "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{AC76BA86-7AD7-1031-7B44-A95000000001}" = Adobe Reader 9.5.0 - Deutsch "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 285.62 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.11.0621 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.5.20 "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application "{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components "{B56ACF7B-D7B5-442B-8E1D-6B41347D88B2}" = Boot Camp-Dienste "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{BFE903DE-4845-4387-9C6C-98B21B8445A3}" = GMATPrep(TM) "{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18 "{C4A4722E-79F9-417C-BD72-8D359A090C97}" = Samsung PC Studio 3 "{C670480D-10CE-4E2E-929E-EE453EDE6BE2}" = G Data InternetSecurity 2011 "{D5A9DA4B-E4F9-FB49-017D-769FC540F1F0}" = EA Download Manager UI "{DA7DF8E2-4B8F-4286-97FE-DE3FFFE9B728}" = iCloud "{EB879750-CCBD-4013-BFD5-0294D4DA5BD0}" = Apple Application Support "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{EFC04D3F-A152-47E7-8517-EE0F6201AFEF}" = Apple Mobile Device Support "{EFE6E3B6-8CA9-4837-B292-5F11A80339A9}" = PunkBuster for Joint Operations: Typhoon Rising "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F2AF3E5D-9697-485C-A5AC-E2B9468C446A}" = Safari "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "065B919FD23D12E588F6E2BFB21F7836E2F0E704" = Windows-Treiberpaket - Intel (e1yexpress) Net (07/16/2008 9.52.10.0) "07170A155D5587C8782EABA10E94E4127A86F6E4" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (02/01/2008 3.8.3.10) "0A8E69CB2299FB82BA54D1D4C0F3B1810146DBAB" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (04/27/2011 4.0.0.1) "111E266FDD1556398EFC13BE47678F96E8497682" = Windows-Treiberpaket - Apple Inc. Apple Trackpad Enabler (07/13/2009 3.0.0.1) "1D68F7A8B8397256B162B831457A6775BD17F3F4" = Windows-Treiberpaket - Marvell (yukonwlh) Net (03/23/2007 10.12.7.3) "1E934494E1FDB938ED1D9B958D5D5D465A07F06A" = Windows-Treiberpaket - Intel (e1qexpress) Net (08/05/2008 10.3.49.0) "20CF1F4786CB13A83CD2EC358929609A9B7A205C" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (06/01/2011 4.0.0.1) "2AC97D2605162B73D046D68013D1030CB7CFB87E" = Windows-Treiberpaket - Intel (E1G60) Net (01/08/2008 8.3.9.0) "2E2B6DCC02509BB8D2629A009DE8B5C3055B6779" = Windows-Treiberpaket - Apple Inc. Apple ODD (05/17/2010 3.1.0.0) "44E2556E81BCB991055DD976642491906DD3B8A0" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (05/05/2011 4.0.0.1) "49CF605F02C7954F4E139D18828DE298CD59217C" = Windows Driver Package - Garmin (grmnusb) GARMIN Devices (06/03/2009 2.3.0.0) "4B114013DDC5858DB929CE55F363AB88CDE1F78C" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (05/05/2011 4.0.0.1) "4D00971668041EDAD7097C5827D1739F03B9E5D7" = Windows-Treiberpaket - Apple Inc. Apple IR Receiver (02/21/2008 2.0.4.0) "5405F83664E016638462F8F8C1DAE59D04942778" = Windows-Treiberpaket - Apple Inc. Bluetooth (11/23/2009 3.0.0.4) "5F8BE32FAE3D6BC77B512F7B0624D7B6C8A26EFB" = Windows-Treiberpaket - Apple Inc. Apple Bluetooth Enabler (06/27/2007 2.0.0.1) "627745F8E8BB901B043047C3E308B4A76C1194FE" = Windows-Treiberpaket - Intel Net (11/07/2007 8.10.1.0) "675AAC36E980D647C94EAFFB2F929F247E711708" = Windows-Treiberpaket - Intel Net (07/22/2008 10.3.45.0) "680D5EED614F3F01A9AD4547E9D81CFE9B0E4902" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (08/16/2010 6.6001.1.26) "68446A4387EFABF44AE4C69CC9B6F9EDF8F10D7A" = Windows-Treiberpaket - Apple Inc. Apple Broadcom Bluetooth (11/23/2009 3.1.0.1) "695F4B9353FEE9320C20D297713F8828693D8AF3" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (03/25/2009 2.1.2.112) "6B401A4481C0B1B07B5D7425378A5C00FF7D75DE" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (09/10/2009 3.0.0.0) "78C67451B87511098A9A0EC86E75B99B12298F5C" = Windows-Treiberpaket - Intel Net (02/06/2008 9.12.18.0) "7BD968405DE73C7E0F8E489DB5A5853A6CCB8D1D" = Windows-Treiberpaket - Intel Net (08/05/2008 10.3.49.0) "7C4C70065E755397913A9698B9D9DF16D7345D18" = Windows-Treiberpaket - Cirrus Logic, Inc. (CirrusFilter) MEDIA (01/02/2010 6.6001.1.21) "7-Zip" = 7-Zip 9.20 "82BE89CA9B7493FA05D2D4D32B415CF07EA08B47" = Windows-Treiberpaket - Intel System (07/20/2007 1.2.76.0) "8D5DC06C9163DD58555F626F30703DA7B27EB8EB" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (03/25/2009 2.1.2.112) "9324ED54E32F5399037F87E076CA01C6CEB92830" = Windows-Treiberpaket - Apple Inc. Apple Built-in iSight (10/25/2007 2.0.1.0) "950F5FEDF7BEABD19AAE5CEA69570873BE2A99DA" = Windows-Treiberpaket - Atheros Communications Inc. (athr) Net (11/18/2009 8.0.0.258) "9747248FCA6A074E791AABC17F527823A8225756" = Windows-Treiberpaket - Intel (e1kexpress) Net (07/22/2008 10.3.45.0) "9AA5295F27284963423D072C7FC59D57CDE15ACA" = Windows-Treiberpaket - Broadcom (b57nd60x) Net (05/28/2009 12.2.0.3) "A06888013552B918232820F81FDBA706F5CAAD39" = Windows-Treiberpaket - Intel Net (06/13/2008 9.52.9.0) "A0DAD483951AB3046050D68A2A1D8CEB4A7C61EE" = Windows-Treiberpaket - Apple Inc. Apple Trackpad (07/13/2009 3.0.0.1) "A7A7D84907D2DCB34930D77C6BA911E3834C1E34" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (10/05/2010 3.2.0.1) "AD3493E108434977125BBF78F47699626F8AF64B" = Windows-Treiberpaket - Apple Inc. (AppleUSBEthernet) Net (01/11/2008 3.4.3.18) "Adobe AIR" = Adobe AIR "Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Adobe Shockwave Player" = Adobe Shockwave Player 11.5 "AEB482706002E9220FBFB86D4A1D24257F71A3D4" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (10/05/2010 3.2.0.1) "B345101E6CC8B2FD9765620B9C7BCD3D7002BE6D" = Windows-Treiberpaket - Intel (e1express) Net (02/06/2008 9.12.17.0) "B4AC4F962DDC0DD6B71FCF20B8F2F694214FAE69" = Windows-Treiberpaket - Apple Inc. Apple ODD (01/17/2008 2.0.2.2) "B9491C5C199D7236FCDCB76367922461FADC80C7" = Windows-Treiberpaket - Apple Inc. Apple Multitouch Mouse (05/05/2011 4.0.0.1) "BeCyPDFMetaEdit" = BeCyPDFMetaEdit "C5CE3BA75A23622D2140C5D5D0998C07DDC4CF1C" = Windows-Treiberpaket - Apple Inc. Apple Display (01/23/2009 3.0.0.0) "CD6212024668E03491C257CA53617893F2E8E924" = Windows-Treiberpaket - Apple Inc. Apple Multitouch (09/10/2009 3.0.0.0) "CFC3D985EA69596C8BE0A30313010FCC8CE2C70F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Trackpad (08/24/2010 3.1.0.7) "com.ea.Vault.919CACB699904AC5D41B606703500DD39747C02D.1" = EA Download Manager UI "DE32692B1421420518B0CA8EEDD6DF2A494F279F" = Windows-Treiberpaket - Apple Inc. Apple Wireless Mouse (11/30/2009 3.0.0.6) "DivX Setup.divx.com" = DivX-Setup "DoremiSoft AVI to MP4 Converter" = DoremiSoft AVI to MP4 Converter 1.0 "DriverAgent.exe" = DriverAgent by eSupport.com "E9575EA5D430B59D0CFF29323C74D0FBA1898F3B" = Windows-Treiberpaket - Broadcom (BCM43XX) Net (08/21/2009 5.60.18.8) "ESET Online Scanner" = ESET Online Scanner v3 "EventGhost_is1" = EventGhost 0.3.7.r1462 "EVEREST Home Edition_is1" = EVEREST Home Edition v2.20 "F24CB85E5983448F6319803791DEACED91E6565B" = Windows-Treiberpaket - Apple Inc. System (08/22/2008 2.1.1.1) "F2AE684ADF164A03D9FFABF28F04DDE05ED67BC5" = Windows-Treiberpaket - Apple Inc. Apple Keyboard (04/06/2009 3.0.0.0) "F46F6C2CF86ECDFF2CE25B508923B04E2F23F1CE" = Windows-Treiberpaket - Apple Inc. Apple System Device (04/05/2011 3.2.0.8) "Fraps" = Fraps "Free Audio CD Burner_is1" = Free Audio CD Burner version 1.4 "Free Audio Converter_is1" = Free Audio Converter version 2.2.9 "Free YouTube Download_is1" = Free YouTube Download 2.10 "Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.7 "Game Booster_is1" = Game Booster "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.60.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 10.0.2 (x86 de)" = Mozilla Firefox 10.0.2 (x86 de) "MyTomTom" = MyTomTom 3.1.0.530 "NVIDIA Display Control Panel" = NVIDIA Display Control Panel "NVIDIA Drivers" = NVIDIA Drivers "NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver "Office14.PRJPROR" = Microsoft Project Professional 2010 "Pharos" = Pharos "PunkBusterSvc" = PunkBuster Services "RealPlayer 12.0" = RealPlayer "SAMSUNG Mobile Composite Device" = SAMSUNG Mobile Composite Device Software "SAMSUNG Mobile Modem" = SAMSUNG Mobile Modem Driver Set "Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software "SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software "SAMSUNG Mobile USB Modem 1.0" = SAMSUNG Mobile USB Modem 1.0 Software "ShapeCollage" = Shape Collage "sp6" = Logitech SetPoint 6.32 "SpeedFan" = SpeedFan (remove only) "STANDARDR" = Microsoft Office Standard 2007 "Steam App 72850" = The Elder Scrolls V: Skyrim "SystemRequirementsLab" = System Requirements Lab "TeamSpeak 3 Client" = TeamSpeak 3 Client "Trojan Remover_is1" = Trojan Remover 6.8.3 "Veetle TV" = Veetle TV 0.9.18 "VLC media player" = VLC media player 1.1.4 "Winamp" = Winamp "WinRAR archiver" = WinRAR "Xvid_is1" = Xvid 1.2.2 final uninstall ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player "Octoshape Streaming Services" = Octoshape Streaming Services "pdfsam" = pdfsam "Winamp Detect" = Winamp Erkennungs-Plug-in ========== Last 10 Event Log Errors ========== [ Application Events ] Error - 15.10.2011 17:19:02 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1099479 Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1100478 Error - 15.10.2011 17:19:03 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1100478 Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1101492 Error - 15.10.2011 17:19:04 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1101492 Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: Continuously busy for more than a second Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledEvent 1102490 Error - 15.10.2011 17:19:05 | Computer Name = Xxx-PC | Source = Bonjour Service | ID = 100 Description = Task Scheduling Error: m->NextScheduledSPRetry 1102490 [ OSession Events ] Error - 27.02.2012 10:42:16 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 17 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.02.2012 06:20:17 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 95 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.02.2012 06:21:13 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 47 seconds with 0 seconds of active time. This session ended with a crash. Error - 28.02.2012 12:57:00 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 39 seconds with 0 seconds of active time. This session ended with a crash. Error - 01.03.2012 04:17:26 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 44 seconds with 0 seconds of active time. This session ended with a crash. Error - 01.03.2012 09:02:20 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 71 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.03.2012 09:02:53 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 25 seconds with 0 seconds of active time. This session ended with a crash. Error - 01.03.2012 09:04:14 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 66 seconds with 60 seconds of active time. This session ended with a crash. Error - 01.03.2012 09:05:21 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 61 seconds with 60 seconds of active time. This session ended with a crash. Error - 05.03.2012 07:26:01 | Computer Name = Xxx-PC | Source = Microsoft Office 12 Sessions | ID = 7001 Description = ID: 6, Application Name: Microsoft Office Outlook, Application Version: 12.0.6562.5003, Microsoft Office Version: 12.0.6425.1000. This session lasted 54271 seconds with 0 seconds of active time. This session ended with a crash. [ System Events ] Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Heimnetzgruppen-Anbieter" ist vom Dienst "Funktionssuchanbieter-Host" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:50 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 Error - 11.03.2012 12:20:51 | Computer Name = Xxx-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%1068 < End of report > |
Themen zu Trojaner gefunden (Windows 7) |
administrator, anschluss, anti-malware, appdata, autostart, beseitigung, browser, code, dateien, dateisystem, entfernen, exploit.drop.4, explorer, gelöscht, gen, helper, heuristiks/extra, heuristiks/shuriken, infizierte, infizierte dateien, löschen, malwarebytes, microsoft, problem, roaming, rojaner gefunden, software, speicher, temp, trojaner, trojaner gefunden, trojaner-board, windows |