| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
15.03.2012, 10:04
| #1 |
 |  Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Hallo, seit gestern habe ich mir den Bundes-Trojaner / Virus eingefangen, welcher mein gesamtes System blockiert. Lediglich im abgesicherten Modus kann ich auf die Dateien zugreifen. Im normalen Modus blockiert er nach dem Hochfahren. Ich bin Laie und hab keine Ahnung, wie ich verfahren kann. Hab zwar hier einiges gelesen aber vieles kommt mir fremd vor. Könnt ihr mir helfen???? Vielen dank Wenn ich wie angegeben den Link: hxxp://oldtimer.geekstogo.com/OTLPENet.exe downloaden und installieren möchte, komme ich immer hier auf die Startseite, kann aber nix laden!!! Bitte kurze Anweisung geben. |
|
15.03.2012, 10:06
| #2 |
| /// Malware-holic   | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? hi,
__________________dann mal in den abgesicherten modus gehen. Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
15.03.2012, 11:56
| #3 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Anbei nun den INhalt der "Extras.txt" Datei
__________________und die OTL.txt Datei Teil IOTL Logfile: Code:
ATTFilter OTL logfile created on: 15.03.2012 10:45:00 - Run 1 OTL by OldTimer - Version 3.2.37.0 Folder = C:\Users\user\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,95 Gb Total Physical Memory | 5,44 Gb Available Physical Memory | 68,48% Memory free 15,90 Gb Paging File | 12,93 Gb Available in Paging File | 81,31% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 355,45 Gb Total Space | 180,79 Gb Free Space | 50,86% Space Free | Partition Type: NTFS Drive D: | 15,18 Gb Total Space | 1,65 Gb Free Space | 10,90% Space Free | Partition Type: NTFS Computer Name: USER-HP | User Name: user | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\user\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\MirandaFusion\miranda32.exe (modified by Miranda Fusion Team) PRC - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) PRC - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () PRC - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) PRC - C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) PRC - C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) PRC - C:\Program Files (x86)\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe (Nokia) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe () PRC - C:\Program Files (x86)\Uniblue\DriverScanner\dsmonitor.exe (Uniblue Systems Limited) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe (CyberLink) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\TouchControl.exe (HP) PRC - C:\Program Files (x86)\HP SimplePass 2011\BioMonitor.exe (HP) PRC - C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () PRC - C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe (Tyco International Ltd. and its Respective Companies) PRC - C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe () PRC - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation) PRC - C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) PRC - C:\Program Files (x86)\Hardcopy\hcdll2_ex_Win32.exe () PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) PRC - C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Program Files (x86)\CyberLink\Shared files\brs.exe (cyberlink) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () PRC - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) PRC - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) PRC - C:\Users\user\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH) PRC - C:\Program Files (x86)\Join Air\UIExec.exe () PRC - C:\Program Files (x86)\Join Air\AssistantServices.exe () PRC - C:\Windows\SysWOW64\ezSharedSvcHost.exe (EasyBits Software AS) PRC - C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) PRC - C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) PRC - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () PRC - C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) PRC - C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Modules (No Company Name) ========== MOD - C:\Users\user\AppData\Local\Temp\nsa2398.tmp\System.dll () MOD - C:\Program Files (x86)\MirandaFusion\zlib.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\icq.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\aim.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\irc.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\83fe46ae33b8fd827015387fb6efcd13\IAStorUtil.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\42ae8760f0a74ab774e82a64368aa1f6\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\a1c4a635721f85bef0ea4194b888b871\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\6c51e152e7404188914c9fa4d8503ff9\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\ab87129c2b603f218e4aa5300c9b1bdd\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\47b9e7f070271ff50f988f75ea68fa3e\WindowsBase.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\9866d1f6178e1cde25642f1ac293ff8d\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\e620323cacb5b6bfd93fd28d263440e4\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\faf4e8730ecbd07570111bb7c3b20565\System.ni.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\facebook.dll () MOD - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtCore.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QxtWeb.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\OviShareLib.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\Maps Service API.dll () MOD - C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\vsmisc100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\te100.bpl () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\te100.bpl () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\useactions.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\actman.dll () MOD - C:\Windows\SysWOW64\msjetoledb40.dll () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\authstate.dll () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\VirtualTree100.bpl () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\VirtualTree100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\PKIECtrl100.bpl () MOD - C:\Program Files (x86)\MirandaFusion\Plugins\svc_dbepp.dll () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\js32.dll () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\js32.dll () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\uoolep100.bpl () MOD - C:\PROGRA~2\Visagesoft\eXPert PDF 6\uoolep100.bpl () MOD - C:\Program Files (x86)\Visagesoft\eXPert PDF 6\sqlite.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (UxTuneUp) -- C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company) SRV - (Application Updater) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (TeamViewer7) -- C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (Guard.Mail.ru) -- C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () SRV - (afcdpsrv) -- C:\Program Files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe (Acronis) SRV - (PCToolsSSDMonitorSvc) -- C:\Program Files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe (PC Tools) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\SysWOW64\uxtuneup.dll (TuneUp Software) SRV - (StarMoney 7.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (PCSUService) -- C:\Program Files (x86)\PC Beschleunigen\PCSUService.exe () SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (WO_LiveService) -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe () SRV - (FPLService) -- C:\Program Files (x86)\HP SimplePass 2011\TrueSuiteService.exe (HP) SRV - (ICQ Service) -- C:\Program Files (x86)\ICQ6Toolbar\ICQ Service.exe () SRV - (NtlxSrvMgr) -- C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe () SRV - (CGVPNCliSrvc) -- C:\Programme\S.A.D\CyberGhost VPN\CGVPNCliService.exe (mobile concepts GmbH) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe (Symantec Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (STacSV) -- C:\Programme\IDT\WDM\stacsv64.exe (IDT, Inc.) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company) SRV - (SeaPort) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (hpCMSrv) -- C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe (Hewlett-Packard Development Company L.P.) SRV - (CLKMSVC10_38F51D56) -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe (CyberLink) SRV - (IAStorDataMgrSvc) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) Intel(R) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (AcrSch2Svc) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe (Acronis) SRV - (HPWMISVC) -- C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe (Hewlett-Packard Development Company, L.P.) SRV - (GamesAppService) -- C:\Program Files (x86)\WildTangent Games\App\GamesAppService.exe (WildTangent, Inc.) SRV - (HPClientSvc) -- C:\Programme\Hewlett-Packard\HP Client Services\HPClientServices.exe (Hewlett-Packard Company) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (UI Assistant Service) -- C:\Program Files (x86)\Join Air\AssistantServices.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe (McAfee, Inc.) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (AESTFilters) -- C:\Programme\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation) SRV - (YahooAUService) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (EpsonBidirectionalService) -- C:\Program Files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe (SEIKO EPSON CORPORATION) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (afcdp) -- C:\Windows\SysNative\drivers\afcdp.sys (Acronis) DRV:64bit: - (tdrpman273) Acronis Try&Decide and Restore Points filter (build 273) -- C:\Windows\SysNative\drivers\tdrpm273.sys (Acronis) DRV:64bit: - (timounter) -- C:\Windows\SysNative\drivers\timntr.sys (Acronis) DRV:64bit: - (snapman) -- C:\Windows\SysNative\drivers\snapman.sys (Acronis) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation) DRV:64bit: - (fssfltr) -- C:\Windows\SysNative\drivers\fssfltr.sys (Microsoft Corporation) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE:64bit: - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE:64bit: - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE:64bit: - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/HPNOT/4 IE - HKLM\..\URLSearchHook: - No CLSID value found IE - HKLM\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKLM\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKLM\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKLM\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKLM\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKLM\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/HPNOT/4 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = hxxp://www.osthessennews.de/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {855F3B16-6D32-4fe6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=HPNTDF&pc=HPNTDF&src=IE-SearchBox IE - HKCU\..\SearchScopes\{2914FFE9-A580-42CC-99E7-3833905DDA48}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}: "URL" = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPNTDF IE - HKCU\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_deDE463 IE - HKCU\..\SearchScopes\{9E3AE0EC-40AF-4EDC-9EB9-6D04BC47D932}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2481020 IE - HKCU\..\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF IE - HKCU\..\SearchScopes\{d43b3890-80c7-4010-a95d-1e77b5924dc3}: "URL" = hxxp://de.wikipedia.org/wiki/Special:Search?search={searchTerms} IE - HKCU\..\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}: "URL" = hxxp://rover.ebay.com/rover/1/707-111076-19270-3/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms} IE - HKCU\..\SearchScopes\{E3CAB253-91D2-4E19-8299-9D00624396ED}: "URL" = hxxp://www.amazon.de/s/ref=azs_osd_ieade?ie=UTF-8&tag=hp-de2-vsb-21&link%5Fcode=qs&index=aps&field-keywords={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "ICQ Search" FF - prefs.js..browser.search.defaultthis.engineName: "Ashampoo DE Customized Web Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.osthessennews.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.3.1: C:\Windows\system32\npDeployJava1.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.3.1: C:\Program Files\Oracle\JavaFX 2.0 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\@WildTangent.com/GamesAppPresenceDetector,Version=1.0: C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2011.10.11 07:54:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_6_3 [2012.03.15 10:40:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.31 01:53:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 23:52:44 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 10.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.02.17 22:53:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 Files (x86)\Mozilla Firefox\components [2012.02.17 22:53:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.01.26 23:52:44 | 000,000,000 | ---D | M] [2011.12.22 23:38:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Extensions [2012.03.12 11:26:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions [2012.02.16 02:08:50 | 000,000,000 | ---D | M] (Ashampoo DE Community Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{5786d022-540e-4699-b350-b4be0ae94b79} [2012.01.26 23:16:01 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.01.15 20:46:39 | 000,000,000 | ---D | M] ("ICQ Toolbar") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{800b5000-a755-47e1-992b-48a1c1357f07} [2012.02.19 13:02:27 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.02.19 13:37:54 | 000,000,000 | ---D | M] ("FRITZ!Box AddOn") -- C:\Users\user\AppData\Roaming\mozilla\Firefox\Profiles\6hnhfn87.default\extensions\fb_add_on@avm.de [2012.02.15 17:33:40 | 000,000,925 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\conduit.xml [2012.03.08 23:50:01 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin-1.xml [2012.02.16 02:09:38 | 000,000,950 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin-2.xml [2012.01.15 20:46:39 | 000,000,168 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.gif [2012.01.15 20:46:39 | 000,000,618 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.src [2012.02.08 01:31:02 | 000,001,056 | ---- | M] () -- C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\searchplugins\icqplugin.xml [2012.01.15 17:45:07 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.12.24 16:57:50 | 000,000,000 | ---D | M] (TrueSuite Website Logon) -- C:\Program Files (x86)\mozilla firefox\extensions\websitelogon@truesuite.com [2012.03.12 11:26:49 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2011.12.31 01:53:09 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.03.12 11:26:49 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF () (No name found) -- C:\USERS\USER\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\6HNHFN87.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.02.17 22:53:55 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.12 21:15:07 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.12 21:15:07 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.12 21:15:07 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.12 21:15:07 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.12 21:15:07 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.12 21:15:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}{google:instantFieldTrialGroupParameter}client=chrome&hl={language}&q={searchTerms} CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\16.0.912.77\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll CHR - plugin: Simple Pass 2011 (Enabled) = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\npwebsitelogon.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.79\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: WildTangent Games App Presence Detector (Enabled) = C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin CHR - Extension: YouTube = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.3_0\ CHR - Extension: Google-Suche = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.16_0\ CHR - Extension: Website Logon = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dfaldikcoaplhepekpbngkepfcoiihef\1.0_0\ CHR - Extension: ICQ Sparberater = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmpllndkedbnmonoomepeeglghdelffo\1.3.671_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\x64\IEBHO.dll (HP) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Oracle\JavaFX 2.0 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O2 - BHO: (ICQ Sparberater) - {0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD} - C:\Program Files (x86)\icq\Internet Explorer\icq.dll (solute gmbh) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (TrueSuite Website Log On) - {8590886E-EC8C-43C1-A32C-E4C2B0B6395B} - C:\Program Files (x86)\HP SimplePass 2011\IEBHO.dll (HP) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Ashampoo DE Toolbar) - {5786d022-540e-4699-b350-b4be0ae94b79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation) O3 - HKLM\..\Toolbar: (ICQToolBar) - {855F3B16-6D32-4FE6-8A56-BBB695989046} - C:\Program Files (x86)\ICQ6Toolbar\ICQToolBar.dll (ICQ) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\5.1\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Ashampoo DE Toolbar) - {5786D022-540E-4699-B350-B4BE0AE94B79} - C:\Program Files (x86)\Ashampoo_DE\prxtbAsha.dll (Conduit Ltd.) O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\18.7.0.13\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Programme\IDT\WDM\sttray64.exe (IDT, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [Easybits Recovery] C:\Program Files (x86)\EasyBits For Kids\ezRecover.exe (EasyBits Software AS) O4 - HKLM..\Run: [EEventManager] C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXRCV] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FUFAXSTM] C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [Guard.Mail.ru.gui] C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe () O4 - HKLM..\Run: [HPConnectionManager] C:\Program Files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe (Hewlett-Packard Development Company L.P.) O4 - HKLM..\Run: [HPOSD] C:\Program Files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe (Hewlett-Packard Development Company, L.P.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Intellex Service Manager] C:\Program Files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe () O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SSDMonitor] C:\Program Files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe (PC Tools) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe () O4 - HKLM..\Run: [UIExec] C:\Program Files (x86)\Join Air\UIExec.exe () O4 - HKLM..\Run: [vspdfprsrv.exe] C:\Program Files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe () O4 - HKCU..\Run: [] File not found O4 - HKCU..\Run: [BrowserMask] C:\Program Files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe (Microsoft) O4 - HKCU..\Run: [EPSON BX620FWD Series] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.EXE /FU "C:\Windows\TEMP\E_S792D.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Epson Stylus Office BX620FWD(Netzwerk)] C:\Windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.EXE /FU "C:\Windows\TEMP\E_S58E9.tmp" /EF "HKCU" File not found O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~2\Yahoo!\Messenger\YahooMessenger.exe" -quiet File not found O4 - HKCU..\Run: [Miranda Fusion] C:\Program Files (x86)\MirandaFusion\fusiontools\mfstart.exe (Miranda Fusion Team) O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) O4 - HKCU..\Run: [SkypeM] C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group) O4 - HKCU..\Run: [UpdateStar] C:\Users\user\AppData\Roaming\UpdateStar\UpdateStar.exe (UpdateStar GmbH) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: EnableShellExecuteHooks = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Free YouTube Download - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - C:\Program Files (x86)\ICQ7.7\ICQ.exe (ICQ, LLC.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 10.3.1) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0017-0000-0003-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_03-windows-i586.cab (Java Plug-in 1.7.0_03) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16 - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5D3174-1457-41FE-AE69-07F17EBFA80E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {E54729E8-BB3D-4270-9D49-7389EA579090} - C:\Windows\SysWOW64\ezUPBHook.dll (EasyBits Software Corp.) O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{4dd71fa7-f0bd-11e0-a344-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{4dd71fa7-f0bd-11e0-a344-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe O33 - MountPoints2\{aabac4b9-3f91-11e1-b54a-101f741441f7}\Shell - "" = AutoRun O33 - MountPoints2\{aabac4b9-3f91-11e1-b54a-101f741441f7}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2} - C:\Program Files (x86)\PixiePack Codec Pack\InstallerHelper.exe ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: UxTuneUp - C:\Windows\SysNative\uxtuneup.dll (TuneUp Software) Teil II OTL.txt Datei ......... wie gehts jetzt weiter???? CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.03.15 10:22:38 | 005,053,696 | ---- | C] (Macrovision Corporation) -- C:\Users\user\Desktop\IsoBurner-Setup.exe [2012.03.15 10:22:38 | 000,594,432 | ---- | C] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.03.15 03:15:12 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\ElevatedDiagnostics [2012.03.14 10:49:36 | 000,000,000 | ---D | C] -- C:\Users\user\Desktop\Liebeck [2012.03.14 09:39:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PDFCreator [2012.03.14 09:18:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFCreator [2012.03.14 09:18:17 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\pdfforge [2012.03.14 09:18:14 | 000,065,024 | ---- | C] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.03.14 09:18:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDFCreator [2012.03.14 08:59:30 | 005,559,152 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe [2012.03.14 08:59:29 | 003,968,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe [2012.03.14 08:59:29 | 003,913,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe [2012.03.13 22:29:32 | 001,544,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2012.03.13 22:29:14 | 000,149,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcorekmts.dll [2012.03.13 22:29:14 | 000,077,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpwsx.dll [2012.03.13 22:29:14 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdrmemptylst.exe [2012.03.13 22:29:05 | 001,031,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.03.13 22:29:05 | 000,826,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.03.13 22:27:24 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Diagnostics [2012.03.13 14:17:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Network Client [2012.03.13 14:17:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Sensormatic [2012.03.13 14:17:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sensormatic [2012.03.13 14:15:02 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\{8166564B-A6EB-4198-98E9-C0CEAF464B05} [2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.03.12 11:26:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Application Updater [2012.03.11 03:15:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Symantec Shared [2012.02.19 23:45:19 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\NokiaAccount [2012.02.19 14:13:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VodBurner [2012.02.19 14:13:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\VodBurner [2012.02.19 14:07:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PixiePack Codec Pack [2012.02.19 14:06:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tunebite 7 [2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PantsOff [2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PantsOff [2012.02.19 13:45:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PantsOff [2012.02.19 13:44:39 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Nokia [2012.02.19 13:44:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nokia [2012.02.19 13:44:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Nokia [2012.02.19 13:44:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Nokia [2012.02.19 13:43:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PC Connectivity Solution [2012.02.19 13:42:36 | 000,000,000 | ---D | C] -- C:\ProgramData\NokiaInstallerCache [2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\PC Suite [2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Suite [2012.02.19 13:34:49 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Nokia [2012.02.19 13:34:23 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX [2012.02.19 13:34:22 | 000,025,600 | ---- | C] (Nokia) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys [2012.02.19 13:34:08 | 000,057,856 | ---- | C] (Nokia) -- C:\Windows\SysNative\nmwcdclsX64.dll [2012.02.19 13:34:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Nokia [2012.02.19 13:32:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Installations [2012.02.19 13:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Miranda Fusion 3 [2012.02.19 13:22:09 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Miranda Fusion [2012.02.19 13:22:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MirandaFusion [2012.02.19 13:02:27 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2012.02.19 13:01:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.02.19 13:01:41 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.02.19 13:01:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\eMule [2012.02.19 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DVDVideoSoft [2012.02.19 13:00:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DVDVideoSoft [2012.02.19 12:43:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BayWatcher Pro [2012.02.19 12:43:32 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\aborange [2012.02.19 12:43:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BayWatcher Pro [2012.02.19 12:34:30 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\Windows\SysNative\DfSdkBt.exe [2012.02.19 12:28:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus [2012.02.19 12:26:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TeamViewer [2012.02.18 00:24:47 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\EurekaLog [2012.02.17 10:18:42 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\PDF Files [2012.02.17 01:29:34 | 000,000,000 | ---D | C] -- C:\Windows\en [2012.02.17 01:28:41 | 000,000,000 | ---D | C] -- C:\Windows\de [2012.02.17 01:27:00 | 000,048,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\fssfltr.sys [2012.02.17 01:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee Security Scan [2012.02.17 01:04:29 | 000,000,000 | ---D | C] -- C:\ProgramData\McAfee [2012.02.17 01:04:24 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\McAfee Security Scan [2012.02.17 00:37:21 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2012.02.17 00:36:22 | 000,750,488 | ---- | C] (Oracle Corporation) -- C:\Windows\SysNative\npdeployJava1.dll [2012.02.17 00:26:38 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\UpdateStar [2012.02.17 00:23:39 | 000,024,064 | ---- | C] (Visagesoft) -- C:\Windows\SysNative\vsmon1.dll [2012.02.17 00:23:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visagesoft [2012.02.17 00:23:26 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\BVRP Software [2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Visagesoft [2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\Visage Software [2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eXPert PDF Jobs [2012.02.17 00:23:22 | 000,000,000 | ---D | C] -- C:\ProgramData\eXPert PDF 6 [2012.02.17 00:20:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Expert - Installer [2012.02.17 00:20:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PDF Expert - Installer [2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\tiger-k [2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\Leawo [2012.02.17 00:13:21 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Leawo [2012.02.17 00:12:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack [2012.02.17 00:12:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\K-Lite Codec Pack [2012.02.17 00:12:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leawo [2012.02.17 00:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Leawo [2012.02.16 23:46:16 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\AntiBrowserSpy 2009 [2012.02.16 23:45:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AntiBrowserSpy [2012.02.16 23:45:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AntiBrowserSpy [2012.02.16 23:29:54 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\SpeedProject [2012.02.16 23:29:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\SpeedProject [2012.02.16 23:29:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpeedCommander 12 [2012.02.16 23:29:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SpeedProject [2012.02.16 23:08:24 | 000,034,624 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\TURegOpt.exe [2012.02.16 23:08:19 | 000,036,160 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\uxtuneup.dll [2012.02.16 23:08:19 | 000,029,504 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\uxtuneup.dll [2012.02.16 23:08:19 | 000,025,920 | ---- | C] (TuneUp Software) -- C:\Windows\SysNative\authuitu.dll [2012.02.16 23:08:19 | 000,021,312 | ---- | C] (TuneUp Software) -- C:\Windows\SysWow64\authuitu.dll [2012.02.16 23:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011 [2012.02.16 23:07:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\TuneUp Utilities 2011 [2012.02.16 23:06:59 | 000,000,000 | -HSD | C] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16} [2012.02.16 03:00:38 | 000,096,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.02.16 03:00:38 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.02.16 03:00:36 | 002,308,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.02.16 03:00:36 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.02.16 03:00:36 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.02.16 03:00:36 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.02.16 03:00:36 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.02.16 03:00:36 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.02.16 03:00:36 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.02.16 03:00:35 | 001,493,504 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.02.16 03:00:35 | 001,427,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.02.16 02:12:20 | 000,000,000 | ---D | C] -- C:\Users\user\Documents\default [2012.02.16 02:08:46 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Local\Conduit [2012.02.16 02:08:46 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Conduit [2012.02.16 02:08:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo_DE [2012.02.16 02:06:44 | 000,000,000 | ---D | C] -- C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.02.15 13:58:03 | 000,515,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\timedate.cpl [2012.02.15 13:58:02 | 000,478,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\timedate.cpl [2012.02.15 13:58:00 | 000,509,952 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntshrui.dll [2012.02.15 13:52:15 | 000,634,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msvcrt.dll ========== Files - Modified Within 30 Days ========== [2012.03.15 11:04:00 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.03.15 10:49:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.03.15 10:49:05 | 000,031,856 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.03.15 10:41:15 | 000,001,102 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.03.15 10:41:10 | 000,000,338 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job [2012.03.15 10:40:25 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.03.15 10:40:18 | 2106,478,591 | -HS- | M] () -- C:\hiberfil.sys [2012.03.15 10:34:40 | 000,594,432 | ---- | M] (OldTimer Tools) -- C:\Users\user\Desktop\OTL.exe [2012.03.15 10:25:02 | 001,622,924 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.03.15 10:25:02 | 000,700,870 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.03.15 10:25:02 | 000,655,542 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.03.15 10:25:02 | 000,149,376 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.03.15 10:25:02 | 000,122,156 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.03.15 09:39:36 | 005,053,696 | ---- | M] (Macrovision Corporation) -- C:\Users\user\Desktop\IsoBurner-Setup.exe [2012.03.14 09:20:31 | 000,487,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.03.14 09:13:25 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.03.13 14:18:01 | 000,002,257 | ---- | M] () -- C:\Users\Public\Desktop\Network Client.lnk [2012.03.13 14:18:00 | 000,002,294 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intellex Event Handler.lnk [2012.03.09 11:19:24 | 000,000,081 | ---- | M] () -- C:\Windows\loge.dat [2012.03.05 21:04:30 | 000,065,024 | ---- | M] (pdfforge GbR) -- C:\Windows\SysNative\pdfcmon.dll [2012.02.20 11:59:24 | 000,002,805 | ---- | M] () -- C:\Users\Public\Desktop\Lexware financial office.lnk [2012.02.17 07:38:26 | 001,031,680 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysNative\rdpcore.dll [2012.02.17 06:34:22 | 000,826,880 | ---- | M] (Microsoft Corporation) -- C:\Windows\SysWow64\rdpcore.dll [2012.02.17 00:36:16 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\javaw.exe [2012.02.17 00:36:16 | 000,188,808 | ---- | M] (Oracle Corporation) -- C:\Windows\SysNative\java.exe [2012.02.16 22:26:36 | 000,132,320 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.02.16 21:57:04 | 000,187,360 | -H-- | M] () -- C:\Windows\SysWow64\mlfcache.dat [2012.02.16 08:42:15 | 001,650,414 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.14 14:36:09 | 000,647,446 | ---- | M] () -- C:\Users\user\Documents\CIMG0056.jpg ========== Files Created - No Company Name ========== [2012.03.13 14:18:00 | 000,002,257 | ---- | C] () -- C:\Users\Public\Desktop\Network Client.lnk [2012.03.13 14:17:59 | 000,002,294 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Intellex Event Handler.lnk [2012.03.09 11:19:24 | 000,000,081 | ---- | C] () -- C:\Windows\loge.dat [2012.02.19 12:26:37 | 000,001,182 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2012.02.17 00:12:57 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.02.16 23:07:41 | 000,002,219 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities 2011.lnk [2012.02.16 21:57:04 | 000,187,360 | -H-- | C] () -- C:\Windows\SysWow64\mlfcache.dat [2012.02.14 14:36:09 | 000,647,446 | ---- | C] () -- C:\Users\user\Documents\CIMG0056.jpg [2012.02.14 01:13:46 | 000,000,000 | ---- | C] () -- C:\Windows\EEventManager.INI [2012.02.01 21:09:55 | 000,003,584 | ---- | C] () -- C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.01.26 23:46:58 | 000,245,240 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.01.26 23:46:57 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat [2012.01.09 20:57:01 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{D01921C8-453F-41E0-9300-7A2C5D7F4117} [2012.01.08 20:57:00 | 000,000,000 | ---- | C] () -- C:\Users\user\AppData\Local\{AE771333-18E6-4F90-85F4-A3FAB37DD0C4} [2011.12.31 01:44:23 | 002,340,992 | ---- | C] () -- C:\Windows\SysWow64\BootMan.exe [2011.12.31 01:44:23 | 000,086,408 | ---- | C] () -- C:\Windows\SysWow64\setupempdrv03.exe [2011.12.31 01:44:23 | 000,018,048 | ---- | C] () -- C:\Windows\SysWow64\EuEpmGdi.dll [2011.12.31 01:44:23 | 000,014,216 | ---- | C] () -- C:\Windows\SysWow64\epmntdrv.sys [2011.12.31 01:44:23 | 000,008,456 | ---- | C] () -- C:\Windows\SysWow64\EuGdiDrv.sys [2011.12.22 23:30:21 | 000,962,560 | ---- | C] () -- C:\Windows\tesseract.exe [2011.12.22 21:17:50 | 000,000,184 | ---- | C] () -- C:\Windows\Q-Dir.ini [2011.10.12 15:58:02 | 001,650,414 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.09.27 11:17:26 | 000,198,144 | ---- | C] () -- C:\Windows\SysWow64\LXPrnUtil10.dll [2011.09.27 11:16:20 | 000,304,128 | ---- | C] () -- C:\Windows\SysWow64\LxDNT100.dll [2011.09.27 11:14:14 | 000,133,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvmc100.dll [2011.09.27 11:13:58 | 000,069,120 | ---- | C] () -- C:\Windows\SysWow64\LxDNTvm100.dll [2011.08.23 15:25:15 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.08.23 15:16:51 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblup.dat [2011.08.23 15:15:40 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.08.23 15:15:39 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.08.23 15:15:38 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2011.08.23 15:15:37 | 000,003,155 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2011.08.23 15:11:27 | 000,000,056 | -H-- | C] () -- C:\Windows\SysWow64\ezsidmv.dat [2011.07.31 19:31:38 | 003,854,848 | ---- | C] () -- C:\Windows\SysWow64\ffmpeg.dll [2011.07.19 20:06:48 | 000,259,584 | ---- | C] () -- C:\Windows\SysWow64\TomsMoComp_ff.dll [2011.07.19 20:06:36 | 000,158,208 | ---- | C] () -- C:\Windows\SysWow64\ff_unrar.dll [2011.07.19 20:06:34 | 001,524,224 | ---- | C] () -- C:\Windows\SysWow64\ff_samplerate.dll [2011.07.19 20:06:34 | 000,096,768 | ---- | C] () -- C:\Windows\SysWow64\ff_wmv9.dll [2011.07.19 20:06:32 | 000,145,920 | ---- | C] () -- C:\Windows\SysWow64\ff_libmad.dll [2011.07.19 20:06:30 | 000,136,704 | ---- | C] () -- C:\Windows\SysWow64\libmpeg2_ff.dll [2011.07.19 20:06:30 | 000,113,664 | ---- | C] () -- C:\Windows\SysWow64\ff_liba52.dll [2011.07.19 20:06:28 | 000,327,680 | ---- | C] () -- C:\Windows\SysWow64\ff_libfaad2.dll [2011.07.19 20:06:28 | 000,211,456 | ---- | C] () -- C:\Windows\SysWow64\ff_libdts.dll [2011.07.06 14:21:42 | 000,311,296 | ---- | C] () -- C:\Windows\SysWow64\EMRegSys.dll [2011.06.21 11:14:44 | 000,000,068 | ---- | C] () -- C:\Windows\SysWow64\ezdigsgn.dat [2011.05.13 10:03:16 | 000,303,104 | ---- | C] () -- C:\Windows\SysWow64\dnt27VC8.dll [2011.05.13 10:01:22 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\dntvmc27VC8.dll [2011.05.13 10:01:00 | 000,086,016 | ---- | C] () -- C:\Windows\SysWow64\dntvm27VC8.dll [2011.03.03 12:40:08 | 000,150,528 | ---- | C] () -- C:\Windows\SysWow64\mkx.dll [2011.03.03 12:39:56 | 000,109,568 | ---- | C] () -- C:\Windows\SysWow64\avi.dll [2011.03.03 12:39:46 | 000,141,824 | ---- | C] () -- C:\Windows\SysWow64\mp4.dll [2011.03.03 12:39:34 | 000,123,392 | ---- | C] () -- C:\Windows\SysWow64\ogm.dll [2011.03.03 12:39:02 | 000,113,152 | ---- | C] () -- C:\Windows\SysWow64\dsmux.exe [2011.03.03 12:38:54 | 000,154,112 | ---- | C] () -- C:\Windows\SysWow64\ts.dll [2011.03.03 12:38:40 | 000,249,856 | ---- | C] () -- C:\Windows\SysWow64\dxr.dll [2011.03.03 12:38:10 | 000,097,792 | ---- | C] () -- C:\Windows\SysWow64\avs.dll [2011.03.03 12:38:04 | 000,137,728 | ---- | C] () -- C:\Windows\SysWow64\mkv2vfr.exe [2011.03.03 12:37:50 | 000,093,184 | ---- | C] () -- C:\Windows\SysWow64\avss.dll [2011.03.03 12:37:40 | 000,358,400 | ---- | C] () -- C:\Windows\SysWow64\gdsmux.exe [2011.03.03 12:35:32 | 000,080,384 | ---- | C] () -- C:\Windows\SysWow64\mkzlib.dll [2011.03.03 12:35:26 | 000,024,576 | ---- | C] () -- C:\Windows\SysWow64\mkunicode.dll [2011.02.22 20:39:04 | 000,240,640 | ---- | C] () -- C:\Windows\SysWow64\xvidvfw.dll [2011.02.22 20:37:30 | 000,650,752 | ---- | C] () -- C:\Windows\SysWow64\xvidcore.dll [2011.02.22 15:40:34 | 000,007,736 | ---- | C] () -- C:\Windows\hpDSTRES.DLL [2010.12.17 03:26:22 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2010.08.18 20:56:38 | 000,000,151 | ---- | C] () -- C:\Windows\SysWow64\Registration.ini ========== LOP Check ========== [2011.12.28 21:14:31 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\1-abc [2012.02.19 12:43:32 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\aborange [2012.01.09 01:04:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Acronis [2011.12.29 00:22:26 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Alawar Entertainment [2012.02.16 23:46:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\AntiBrowserSpy 2009 [2012.02.17 01:16:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Ashampoo [2012.02.19 13:06:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoft [2012.02.19 13:02:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\DVDVideoSoftIEHelpers [2012.01.26 23:04:57 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\elsterformular [2012.02.13 14:55:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Epson [2012.03.12 19:17:25 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\EurekaLog [2012.02.07 17:51:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\ICQ [2012.02.10 20:30:14 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IDT [2012.02.06 11:48:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\IrfanView [2012.02.17 00:13:21 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Leawo [2012.01.22 13:25:03 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Lexware [2012.02.19 13:22:09 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Miranda Fusion [2012.02.19 13:44:39 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Nokia [2012.03.14 09:18:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\OpenCandy [2011.12.28 20:31:45 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Participatory Culture Foundation [2012.02.19 13:34:49 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PC Suite [2011.12.28 20:44:53 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PCF-VLC [2012.03.14 09:39:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\PDFCreator [2012.03.14 09:18:18 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\pdfforge [2012.02.03 00:15:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Product_RM [2011.12.28 20:48:20 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Q-Dir [2012.01.22 12:09:15 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Registry Mechanic [2011.12.22 20:41:50 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\S.A.D [2012.03.06 00:58:23 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SoftGrid Client [2011.12.31 01:42:16 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Software4u [2012.02.16 23:29:54 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\SpeedProject [2011.10.07 10:35:27 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Synaptics [2012.02.06 12:33:46 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Thinstall [2012.02.17 00:14:00 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\tiger-k [2011.10.12 15:58:42 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TP [2012.02.16 23:07:33 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\TuneUp Software [2011.12.28 20:45:52 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Uniblue [2012.02.17 00:26:38 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\UpdateStar [2011.10.12 16:14:04 | 000,000,000 | ---D | M] -- C:\Users\user\AppData\Roaming\Windows Live Writer [2012.03.15 10:41:10 | 000,000,338 | ---- | M] () -- C:\Windows\Tasks\DriverScanner.job [2012.02.01 20:40:04 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.03.10 12:05:30 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2011.12.20 20:14:18 | 000,000,000 | ---D | M] -- C:\archive_db [2011.06.21 21:27:44 | 000,000,000 | -HSD | M] -- C:\boot [2012.03.14 08:54:03 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2012.01.17 20:32:05 | 000,000,000 | ---D | M] -- C:\dakotaag [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.10.07 09:23:35 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.17 20:32:59 | 000,000,000 | ---D | M] -- C:\Downloads [2011.08.23 15:34:56 | 000,000,000 | -H-D | M] -- C:\HP [2011.08.23 15:14:29 | 000,000,000 | ---D | M] -- C:\Intel [2011.10.22 12:45:49 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.01.17 20:33:02 | 000,000,000 | ---D | M] -- C:\Office Vorlagen [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.02.19 13:34:23 | 000,000,000 | R--D | M] -- C:\Program Files [2012.03.14 09:18:13 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012.03.13 14:17:50 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.10.07 09:23:35 | 000,000,000 | -HSD | M] -- C:\Programme [2011.10.07 09:24:39 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.10.07 09:24:37 | 000,000,000 | ---D | M] -- C:\SWSetup [2012.03.15 11:09:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.10.07 09:24:45 | 000,000,000 | -H-D | M] -- C:\SYSTEM.SAV [2011.10.07 09:23:49 | 000,000,000 | R--D | M] -- C:\Users [2012.01.17 20:34:12 | 000,000,000 | ---D | M] -- C:\WEB_BACKUP [2012.03.15 07:45:31 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\SWSetup\Drivers\IRST\Drivers\x64\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.13 02:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 02:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\SWSetup\Drivers\IRST\Drivers\x32\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 02:14:57 | 000,070,144 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\atl.dll [2011.12.14 04:10:13 | 009,705,472 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2011.08.23 09:31:54 | 002,750,912 | ---- | M] (J3S GmbH) -- C:\Users\user\COMPUTERBILD App-Center-Installation.exe [2012.03.15 11:10:00 | 003,932,160 | -HS- | M] () -- C:\Users\user\ntuser.dat [2012.03.15 11:10:00 | 000,262,144 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG1 [2011.10.07 09:23:51 | 000,000,000 | -HS- | M] () -- C:\Users\user\ntuser.dat.LOG2 [2011.10.07 09:23:51 | 000,065,536 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.10.07 09:23:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.10.07 09:23:51 | 000,524,288 | -HS- | M] () -- C:\Users\user\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.02.06 11:49:57 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TM.blf [2012.02.06 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TMContainer00000000000000000001.regtrans-ms [2012.02.06 11:49:57 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{36fd6aef-50ac-11e1-b57d-ac81128311f0}.TMContainer00000000000000000002.regtrans-ms [2011.12.20 21:01:05 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TM.blf [2011.12.20 21:01:05 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2011.12.20 21:01:05 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{4862d557-2b45-11e1-9a55-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2011.12.20 23:00:13 | 000,065,536 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TM.blf [2011.12.20 23:00:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2011.12.20 23:00:13 | 000,524,288 | -HS- | M] () -- C:\Users\user\ntuser.dat{f24a5dd7-2b55-11e1-90f3-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2011.10.07 09:23:52 | 000,000,020 | -HS- | M] () -- C:\Users\user\ntuser.ini [2012.02.16 16:00:03 | 000,000,000 | ---- | M] () -- C:\Users\user\Sti_Trace.log < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 112 bytes -> C:\ProgramData\Temp:D1B5B4F1 < End of report > |
|
15.03.2012, 13:05
| #4 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Wie kann ich nun weiter verfahren???? |
|
15.03.2012, 13:24
| #5 |
| /// Malware-holic | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O4 - HKCU..\Run: [SkypeM] C:\Users\user\AppData\Local\Skype\Skype.exe (Twain Working Group)
:Files
C:\Users\user\AppData\Local\Skype
:Commands
[purity]
[EMPTYFLASH]
[emptytemp]
[Reboot]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2012, 13:39
| #6 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Ich hab zwischendurch schon einmal Malewarebytes durchlaufen lassen und die Log Datei hie angefügt: Vielleicht hilft das ja noch etwas... Malwarebytes Anti-Malware (Test) 1.60.1.1000 www.malwarebytes.org Datenbank Version: v2012.03.15.02 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 user :: USER-HP [Administrator] Schutz: Deaktiviert 15.03.2012 12:29:20 mbam-log-2012-03-15 (13-24-57).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 449342 Laufzeit: 48 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 1 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|SkypeM (Trojan.Ransom) -> Daten: C:\Users\user\AppData\Local\Skype\Skype.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 B:\Downloads\software\SetupCasino_9db90b_de.exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\user\Downloads\pantsoff.exe (PUP.Pantsoff.PasswordFinder) -> Keine Aktion durchgeführt. C:\Users\user\Downloads\SetupCasino_d214e_de.exe (PUP.Casino) -> Keine Aktion durchgeführt. C:\Users\user\Downloads\SoftonicDownloader_fuer_google-translator.exe (PUP.BundleOffer.Downloader.S) -> Keine Aktion durchgeführt. C:\Users\user\AppData\Local\Skype\Skype.exe (Trojan.Ransom) -> Keine Aktion durchgeführt. (Ende) |
|
15.03.2012, 13:41
| #7 |
| /// Malware-holic | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? hab ich irgendwas von Malwarebytes geschrieben, kann mich nicht erinnern, also, entweder du machst das, und zwar ausschließlich dass, was hier steht, oder du arbeitest eben allein weiter. wenn du nämlich sowieso das machst was du willst, kann ich mir das anweisung schreiben sparen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.03.2012, 14:08
| #8 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? ok, sorry...... hab jetzt die zip Datei versendet. |
|
15.03.2012, 14:09
| #9 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? "movedfiles" |
|
15.03.2012, 16:30
| #10 |
| /// Malware-holic | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? weiter hiermit: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde! Bitte downloade dir Combofix.exe und speichere es unbedingt auf deinem Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 00:25
| #11 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Hallo, hier nun die Comfix Log-Datei Combofix Logfile: Code:
ATTFilter ComboFix 12-03-12.03 - user 15.03.2012 23:07:50.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8140.5772 [GMT 1:00]
ausgeführt von:: c:\users\user\Desktop\Trojaner\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
AV: Norton Internet Security *Disabled/Outdated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Norton Internet Security *Disabled/Outdated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
c:\programdata\Tarma Installer
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\_Setup.dll
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\20111222232959.log
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\_Default.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\AxInterop.ImageEnXLibrary_1.9000.0.0_L_75236aeec3d51fd0_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\CFToolkit_4.1.0.0_a87e673e9ecb6e8e_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190241.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190244.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\DROPPED_20100101190312.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\FreeOCR_2.1.0.8_L_075a6c69191ec1db_x86.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.ImageLibrary_1.9000.0.0_L_8cdfa8b955dbb1c7_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Cache\Interop.PDFAX0717_7.17.0.0_L_3d5fa783dbb69c0f_MSIL.tiz
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.dat
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.exe
c:\programdata\Tarma Installer\{108A39BF-4ED1-4293-B11A-06BD521FB8F7}\Setup.ico
c:\users\user\AppData\Local\Temp\nsq5A32.tmp\System.dll
c:\users\user\videos\vlc-1.1.4-win32.exe
c:\windows\system32\spool\DRIVERS\x64\3\E_IATIGBU.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-02-15 bis 2012-03-15 ))))))))))))))))))))))))))))))
.
.
2012-03-15 23:01 . 2012-03-15 23:01 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-03-15 12:51 . 2012-03-15 12:51 -------- d-----w- C:\_OTL
2012-03-15 11:19 . 2012-03-15 11:19 -------- d-----w- c:\users\user\AppData\Roaming\Malwarebytes
2012-03-15 11:18 . 2012-03-15 11:18 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-03-15 11:18 . 2012-03-15 11:18 -------- d-----w- c:\programdata\Malwarebytes
2012-03-15 11:18 . 2011-12-10 14:24 23152 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-03-15 02:15 . 2012-03-15 02:15 -------- d-----w- c:\users\user\AppData\Local\ElevatedDiagnostics
2012-03-14 08:39 . 2012-03-14 08:39 -------- d-----w- c:\users\user\AppData\Roaming\PDFCreator
2012-03-14 08:18 . 2012-03-14 08:18 -------- d-----w- c:\users\user\AppData\Roaming\pdfforge
2012-03-14 08:18 . 2012-03-05 20:04 65024 ----a-w- c:\windows\system32\pdfcmon.dll
2012-03-14 08:18 . 2012-03-14 08:18 -------- d-----w- c:\program files (x86)\PDFCreator
2012-03-14 07:59 . 2011-11-19 15:20 5559152 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-14 07:59 . 2011-11-19 14:50 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-03-14 07:59 . 2011-11-19 14:50 3913584 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-03-13 21:30 . 2012-02-08 07:13 8643640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{3734034D-FBC9-482E-863D-75203C40D910}\mpengine.dll
2012-03-13 21:29 . 2012-02-03 04:34 3145728 ----a-w- c:\windows\system32\win32k.sys
2012-03-13 21:29 . 2012-02-10 06:36 1544192 ----a-w- c:\windows\system32\DWrite.dll
2012-03-13 21:29 . 2012-02-10 05:38 1077248 ----a-w- c:\windows\SysWow64\DWrite.dll
2012-03-13 21:29 . 2012-01-25 06:38 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-03-13 21:29 . 2012-01-25 06:38 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-03-13 21:29 . 2012-01-25 06:33 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-03-13 21:29 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-03-13 21:29 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-03-13 21:29 . 2012-02-17 04:58 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-03-13 21:29 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-03-13 21:27 . 2012-03-13 21:27 -------- d-----w- c:\users\user\AppData\Local\Diagnostics
2012-03-13 13:17 . 2012-03-13 13:24 -------- d-----w- c:\programdata\Sensormatic
2012-03-13 13:17 . 2012-03-13 13:17 -------- d-----w- c:\program files (x86)\Sensormatic
2012-03-13 13:15 . 2012-03-13 13:15 -------- d-----w- c:\users\user\AppData\Local\{8166564B-A6EB-4198-98E9-C0CEAF464B05}
2012-03-12 10:26 . 2012-03-12 10:26 -------- d-----w- c:\program files (x86)\pdfforge Toolbar
2012-03-12 10:26 . 2012-03-12 10:26 -------- d-----w- c:\program files (x86)\Common Files\Spigot
2012-03-12 10:26 . 2012-03-12 10:26 -------- d-----w- c:\program files (x86)\Application Updater
2012-03-11 02:15 . 2012-03-11 02:15 -------- d-----w- c:\program files (x86)\Common Files\Symantec Shared
2012-02-19 13:13 . 2012-02-19 13:13 -------- d-----w- c:\program files (x86)\VodBurner
2012-02-19 13:07 . 2012-02-19 13:07 -------- d-----w- c:\program files (x86)\PixiePack Codec Pack
2012-02-19 12:45 . 2012-03-15 03:14 -------- d-----w- c:\program files (x86)\PantsOff
2012-02-19 12:44 . 2012-02-19 22:44 -------- d-----w- c:\users\user\AppData\Local\Nokia
2012-02-19 12:44 . 2012-02-19 12:44 -------- d-----w- c:\programdata\Nokia
2012-02-19 12:44 . 2012-02-19 12:44 -------- d-----w- c:\program files (x86)\Common Files\Nokia
2012-02-19 12:43 . 2012-02-19 12:43 -------- d-----w- c:\program files (x86)\PC Connectivity Solution
2012-02-19 12:34 . 2012-02-19 12:44 -------- d-----w- c:\users\user\AppData\Roaming\Nokia
2012-02-19 12:34 . 2012-02-19 12:34 -------- d-----w- c:\users\user\AppData\Roaming\PC Suite
2012-02-19 12:34 . 2012-02-19 12:34 -------- d-----w- c:\programdata\PC Suite
2012-02-19 12:34 . 2012-02-19 12:34 -------- d-----w- c:\program files\DIFX
2012-02-19 12:34 . 2008-08-28 10:44 25600 ----a-w- c:\windows\system32\drivers\pccsmcfdx64.sys
2012-02-19 12:34 . 2012-02-19 12:44 -------- d-----w- c:\program files (x86)\Nokia
2012-02-19 12:34 . 2011-11-01 09:07 57856 ----a-w- c:\windows\system32\nmwcdclsX64.dll
2012-02-19 12:32 . 2012-02-19 12:32 -------- d-----w- c:\programdata\Installations
2012-02-19 12:22 . 2012-02-19 12:22 -------- d-----w- c:\users\user\AppData\Roaming\Miranda Fusion
2012-02-19 12:22 . 2012-02-19 12:23 -------- d-----w- c:\program files (x86)\MirandaFusion
2012-02-19 12:01 . 2012-02-19 12:06 -------- d-----w- c:\users\user\AppData\Roaming\DVDVideoSoft
2012-02-19 12:01 . 2012-02-19 12:03 -------- d-----w- c:\program files (x86)\eMule
2012-02-19 12:00 . 2012-02-19 12:01 -------- d-----w- c:\program files (x86)\Common Files\DVDVideoSoft
2012-02-19 12:00 . 2012-02-19 12:00 -------- d-----w- c:\program files (x86)\DVDVideoSoft
2012-02-19 11:43 . 2012-02-19 11:43 -------- d-----w- c:\users\user\AppData\Roaming\aborange
2012-02-19 11:43 . 2012-02-19 11:44 -------- d-----w- c:\program files (x86)\BayWatcher Pro
2012-02-19 11:34 . 2009-08-24 21:13 34304 ----a-w- c:\windows\system32\DfSdkBt.exe
2012-02-19 11:26 . 2012-02-19 11:26 -------- d-----w- c:\program files (x86)\TeamViewer
2012-02-17 23:24 . 2012-03-12 18:17 -------- d-----w- c:\users\user\AppData\Roaming\EurekaLog
2012-02-17 00:29 . 2012-02-17 00:29 -------- d-----w- c:\windows\en
2012-02-17 00:28 . 2012-02-17 00:28 -------- d-----w- c:\windows\de
2012-02-17 00:27 . 2011-05-13 14:37 48488 ----a-w- c:\windows\system32\drivers\fssfltr.sys
2012-02-17 00:25 . 2012-02-17 00:25 15712 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\9758f67b1cced0a02\MeshBetaRemover.exe
2012-02-17 00:04 . 2012-02-17 00:04 -------- d-----w- c:\programdata\McAfee
2012-02-17 00:04 . 2012-02-17 00:04 -------- d-----w- c:\programdata\McAfee Security Scan
2012-02-17 00:04 . 2012-02-19 11:28 -------- d-----w- c:\program files (x86)\McAfee Security Scan
2012-02-16 23:37 . 2012-02-16 23:38 -------- d-----w- c:\program files\Oracle
2012-02-16 23:36 . 2012-01-10 12:28 750488 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-02-16 23:26 . 2012-02-16 23:26 -------- d-----w- c:\users\user\AppData\Roaming\UpdateStar
2012-02-16 23:23 . 2009-06-15 17:40 24064 ----a-w- c:\windows\system32\vsmon1.dll
2012-02-16 23:23 . 2012-02-17 09:18 -------- d-----w- c:\programdata\eXPert PDF 6
2012-02-16 23:23 . 2012-02-16 23:23 -------- d-----w- c:\programdata\Visage Software
2012-02-16 23:23 . 2012-02-16 23:23 -------- d-----w- c:\programdata\eXPert PDF Jobs
2012-02-16 23:23 . 2012-02-16 23:23 -------- d-----w- c:\program files (x86)\Visagesoft
2012-02-16 23:20 . 2012-02-16 23:20 -------- d-----w- c:\program files (x86)\PDF Expert - Installer
2012-02-16 23:13 . 2012-02-16 23:14 -------- d-----w- c:\users\user\AppData\Roaming\tiger-k
2012-02-16 23:13 . 2012-02-16 23:13 -------- d-----w- c:\users\user\AppData\Roaming\Leawo
2012-02-16 23:12 . 2011-03-02 10:43 175616 ----a-w- c:\windows\SysWow64\unrar.dll
2012-02-16 23:12 . 2012-02-16 23:13 -------- d-----w- c:\program files (x86)\K-Lite Codec Pack
2012-02-16 23:12 . 2012-02-16 23:12 -------- d-----w- c:\program files (x86)\Leawo
2012-02-16 22:46 . 2012-02-16 22:46 -------- d-----w- c:\users\user\AppData\Roaming\AntiBrowserSpy 2009
2012-02-16 22:45 . 2012-02-16 22:45 -------- d-----w- c:\program files (x86)\AntiBrowserSpy
2012-02-16 22:29 . 2012-02-16 22:29 -------- d-----w- c:\users\user\AppData\Roaming\SpeedProject
2012-02-16 22:29 . 2012-02-16 22:29 -------- d-----w- c:\program files (x86)\Common Files\SpeedProject
2012-02-16 22:29 . 2012-02-16 22:29 -------- d-----w- c:\program files (x86)\SpeedProject
2012-02-16 22:08 . 2011-12-13 08:35 34624 ----a-w- c:\windows\system32\TURegOpt.exe
2012-02-16 22:08 . 2011-12-13 08:29 25920 ----a-w- c:\windows\system32\authuitu.dll
2012-02-16 22:08 . 2011-12-13 08:29 21312 ----a-w- c:\windows\SysWow64\authuitu.dll
2012-02-16 22:08 . 2011-12-13 08:29 36160 ----a-w- c:\windows\system32\uxtuneup.dll
2012-02-16 22:08 . 2011-12-13 08:29 29504 ----a-w- c:\windows\SysWow64\uxtuneup.dll
2012-02-16 22:07 . 2012-02-16 22:08 -------- d-----w- c:\program files (x86)\TuneUp Utilities 2011
2012-02-16 22:06 . 2012-02-16 22:06 -------- d-sh--w- c:\programdata\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
2012-02-16 01:08 . 2012-02-16 01:08 -------- d-----w- c:\users\user\AppData\Local\Conduit
2012-02-16 01:08 . 2012-02-16 01:08 -------- d-----w- c:\program files (x86)\Conduit
2012-02-16 01:08 . 2012-02-16 01:08 -------- d-----w- c:\program files (x86)\Ashampoo_DE
2012-02-15 12:58 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-02-15 12:58 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-02-15 12:58 . 2012-01-04 10:44 509952 ----a-w- c:\windows\system32\ntshrui.dll
2012-02-15 12:58 . 2012-01-04 08:58 442880 ----a-w- c:\windows\SysWow64\ntshrui.dll
2012-02-15 12:52 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-02-15 12:52 . 2011-12-16 08:46 634880 ----a-w- c:\windows\system32\msvcrt.dll
2012-02-15 12:52 . 2011-12-16 07:52 690688 ----a-w- c:\windows\SysWow64\msvcrt.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-03-14 08:13 . 2011-12-20 19:01 414368 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-02-23 08:18 . 2010-11-21 03:27 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-02-17 00:26 . 2010-06-24 09:33 18328 ----a-w- c:\programdata\Microsoft\IdentityCRL\production\ppcrlconfig600.dll
2012-02-16 21:26 . 2011-12-28 22:54 132320 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-02-03 21:39 . 2012-02-03 21:39 44032 ----a-w- c:\windows\SysWow64\FKStampPainter20.dll
2012-01-26 11:22 . 2012-01-26 11:22 4771184 ----a-w- c:\windows\SysWow64\LxXtreme100.dll
2012-01-26 11:22 . 2012-01-26 11:22 104304 ----a-w- c:\windows\SysWow64\LxUISettingsN100.dll
2012-01-26 11:22 . 2012-01-26 11:22 25968 ----a-w- c:\windows\SysWow64\LxTPSW100.dll
2012-01-26 11:22 . 2012-01-26 11:22 1334640 ----a-w- c:\windows\SysWow64\LxTool100.dll
2012-01-26 11:22 . 2012-01-26 11:22 63344 ----a-w- c:\windows\SysWow64\LxPXTree100.dll
2012-01-26 11:22 . 2012-01-26 11:22 111472 ----a-w- c:\windows\SysWow64\LxODBC100.dll
2012-01-26 11:22 . 2012-01-26 11:22 127344 ----a-w- c:\windows\SysWow64\LxMail100.dll
2012-01-26 11:21 . 2012-01-26 11:21 200048 ----a-w- c:\windows\SysWow64\LxDBAL100.dll
2012-01-26 11:21 . 2012-01-26 11:21 76656 ----a-w- c:\windows\SysWow64\LxDAO100.dll
2012-01-26 11:21 . 2012-01-26 11:21 49520 ----a-w- c:\windows\SysWow64\LXCurr100.dll
2012-01-26 11:21 . 2012-01-26 11:21 67952 ----a-w- c:\windows\SysWow64\LxCI12.dll
2012-01-26 11:21 . 2012-01-26 11:21 193904 ----a-w- c:\windows\SysWow64\LxBasics100.dll
2012-01-10 12:28 . 2011-06-21 10:16 660368 ----a-w- c:\windows\system32\deployJava1.dll
2012-01-08 23:51 . 2012-01-08 23:51 285280 ----a-w- c:\windows\system32\drivers\afcdp.sys
2012-01-08 23:51 . 2012-01-08 23:51 1263200 ----a-w- c:\windows\system32\drivers\tdrpm273.sys
2012-01-08 23:51 . 2012-01-08 23:51 943712 ----a-w- c:\windows\system32\drivers\timntr.sys
2012-01-08 23:51 . 2012-01-08 23:51 277088 ----a-w- c:\windows\system32\drivers\snapman.sys
2011-12-29 00:54 . 2011-12-29 00:30 1477728 ----a-w- c:\windows\system32\drivers\tdrpm258.sys
2011-12-28 23:10 . 2011-06-21 10:16 544656 ----a-w- c:\windows\SysWow64\deployJava1.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{0766C1B9-B2DC-46E5-8934-4F3D6B42B1BD}]
2011-12-28 13:21 128064 ----a-w- c:\program files (x86)\icq\Internet Explorer\icq.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{5786d022-540e-4699-b350-b4be0ae94b79}]
2011-05-09 08:49 176936 ----a-w- c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{5786d022-540e-4699-b350-b4be0ae94b79}"= "c:\program files (x86)\Ashampoo_DE\prxtbAsha.dll" [2011-05-09 176936]
.
[HKEY_CLASSES_ROOT\clsid\{5786d022-540e-4699-b350-b4be0ae94b79}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2011-10-13 17351304]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2011-12-22 39408]
"Messenger (Yahoo!)"="c:\progra~2\Yahoo!\Messenger\YahooMessenger.exe" [2012-01-04 6497592]
"BrowserMask"="c:\program files (x86)\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" [2011-06-21 101280]
"UpdateStar"="c:\users\user\AppData\Roaming\UpdateStar\UpdateStar.exe" [2010-09-01 4739312]
"Miranda Fusion"="c:\program files (x86)\MirandaFusion\fusiontools\mfstart.exe" [2011-03-28 967508]
"NokiaSuite.exe"="c:\program files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-01-10 1083264]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-13 283160]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2011-03-15 336384]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"HPConnectionManager"="c:\program files (x86)\Hewlett-Packard\HP Connection Manager\HPCMDelayStart.exe" [2011-02-15 94264]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-02 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2011-01-25 75048]
"Easybits Recovery"="c:\program files (x86)\EasyBits For Kids\ezRecover.exe" [2011-03-16 61112]
"HPOSD"="c:\program files (x86)\Hewlett-Packard\HP On Screen Display\HPOSD.exe" [2011-01-27 318520]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-11-01 59240]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-10-19 258512]
"SSDMonitor"="c:\program files (x86)\Common Files\PC Tools\sMonitor\SSDMonitor.exe" [2012-01-04 103896]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2010-12-11 5145824]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-01-15 1564368]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"UIExec"="c:\program files (x86)\Join Air\UIExec.exe" [2010-04-27 138072]
"FUFAXRCV"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe" [2011-03-08 495616]
"FUFAXSTM"="c:\program files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe" [2011-03-08 856064]
"EEventManager"="c:\program files (x86)\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320]
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe" [2012-03-04 934752]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-01-13 460872]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Hardcopy.LNK - c:\program files (x86)\Hardcopy\hardcopy.exe [2012-1-29 3515392]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
Intellex Event Handler.lnk - c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxEventhandler.exe [2011-7-25 1037312]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"EnableShellExecuteHooks"= 1 (0x1)
.
[hkey_local_machine\software\Wow6432Node\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"SearchSettings"="c:\program files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe"
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe"
"HP Quick Launch"=c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
"LexwareInfoService"=c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"TransferManager"=c:\program files (x86)\Common Files\Lexware\Internettransfer\LxTrans.exe /Embedding
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/08/23 16:33;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-01-25 241648]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
R2 StarMoney 7.0 OnlineUpdate;StarMoney 7.0 OnlineUpdate;c:\program files (x86)\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [2011-11-08 554160]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 CGVPNCliSrvc;CyberGhost VPN Client;c:\program files\S.A.D\CyberGhost VPN\CGVPNCliService.exe [2011-07-08 2428968]
R3 epmntdrv;epmntdrv;c:\windows\system32\epmntdrv.sys [2011-03-24 16776]
R3 EuGdiDrv;EuGdiDrv;c:\windows\system32\EuGdiDrv.sys [2011-03-24 9096]
R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [2010-10-12 206072]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 136176]
R3 hpCMSrv;HP Connection Manager 4.0 Service;c:\program files (x86)\Hewlett-Packard\HP Connection Manager\hpCMSrv.exe [2011-02-15 1071160]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files (x86)\McAfee Security Scan\2.0.181\McCHSvc.exe [2010-01-15 227232]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WO_LiveService;Ashampoo LiveTuner Service;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerService.exe [2011-09-28 885160]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1207000.00D\SYMDS64.SYS [x]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1207000.00D\SYMEFA64.SYS [x]
S0 tdrpman273;Acronis Try&Decide and Restore Points filter (build 273);c:\windows\system32\DRIVERS\tdrpm273.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20101123.003\BHDrvx64.sys [2010-11-23 953904]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20101201.001\IDSVia64.sys [2010-11-11 476792]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1207000.00D\Ironx64.SYS [x]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1207000.00D\SYMNETS.SYS [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 AESTFilters;Andrea ST Filters Service;c:\program files\IDT\WDM\AESTSr64.exe [2009-03-03 89600]
S2 afcdpsrv;Acronis Nonstop Backup-Dienst;c:\program files (x86)\Common Files\Acronis\CDP\afcdpsrv.exe [2012-01-08 3246040]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-10-19 86224]
S2 Application Updater;Application Updater;c:\program files (x86)\Application Updater\ApplicationUpdater.exe [2012-03-04 748440]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 FPLService;TrueSuiteService;c:\program files (x86)\HP SimplePass 2011\TrueSuiteService.exe [2011-08-25 260424]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-01-15 1564368]
S2 HPClientSvc;HP Client Services;c:\program files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-02-28 92216]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [x]
S2 HPWMISVC;HPWMISVC;c:\program files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe [2010-11-09 26680]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-13 13336]
S2 ICQ Service;ICQ Service;c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe [2011-08-17 247872]
S2 LiveTunerPM;Ashampoo LiveTuner ProcessMonitor Driver;c:\program files (x86)\Ashampoo\Ashampoo WinOptimizer 8\LiveTunerProcessMonitor64.sys [2011-03-08 12824]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-01-13 652360]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe [2011-04-17 130008]
S2 NtlxSrvMgr;NtlxSrvMgr;c:\program files (x86)\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe [2011-07-25 180736]
S2 PCSUService;PC Speed Up Service;c:\program files (x86)\PC Beschleunigen\PCSUService.exe [2011-11-07 235232]
S2 PCToolsSSDMonitorSvc;PC Tools Startup and Shutdown Monitor service;c:\program files (x86)\Common Files\PC Tools\sMonitor\StartManSvc.exe [2012-01-04 793048]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-01-19 3027840]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesService64.exe [2011-12-13 2028864]
S2 UI Assistant Service;UI Assistant Service;c:\program files (x86)\Join Air\AssistantServices.exe [2010-04-27 247152]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-22 2656280]
S3 afcdp;afcdp;c:\windows\system32\DRIVERS\afcdp.sys [x]
S3 amdkmdag;amdkmdag;c:\windows\system32\DRIVERS\atikmdag.sys [x]
S3 amdkmdap;amdkmdap;c:\windows\system32\DRIVERS\atikmpag.sys [x]
S3 clwvd;CyberLink WebCam Virtual Driver;c:\windows\system32\DRIVERS\clwvd.sys [x]
S3 IntcDAud;Intel(R) Display-Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [x]
S3 intelkmd;intelkmd;c:\windows\system32\DRIVERS\igdpmd64.sys [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [x]
S3 RSPCIESTOR;Realtek PCIE CardReader Driver;c:\windows\system32\DRIVERS\RtsPStor.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [x]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2011\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
*Deregistered* - CLKMDRV10_38F51D56
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A8D647C8-65AC-409F-B7B2-3C0FEE1A32F2}]
2010-02-16 18:02 114688 ----a-w- c:\program files (x86)\PixiePack Codec Pack\InstallerHelper.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-03-15 c:\windows\Tasks\DriverScanner.job
- c:\program files (x86)\Uniblue\DriverScanner\dsmonitor.exe [2011-12-28 13:43]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 19:47]
.
2012-03-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-12-22 19:47]
.
.
--------- x86-64 -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-01-27 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-01-27 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-01-27 418328]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2011-03-11 1128448]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2481020
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: Free YouTube Download - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm
IE: Free YouTube to MP3 Converter - c:\users\user\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - c:\program files (x86)\ICQ7.7\ICQ.exe
IE: {{A95fe080-8f5d-11d2-a20b-00aa003c157a} - res://c:\program files (x86)\Evernote\Evernote\EvernoteIE.dll/204
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\user\AppData\Roaming\Mozilla\Firefox\Profiles\6hnhfn87.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2481020&SearchSource=3&q={searchTerms}
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.osthessennews.de/
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
FF - user.js: yahoo.ytff.general.dontshowhpoffer - true
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-vspdfprsrv.exe - c:\program files (x86)\Visagesoft\eXPert PDF 6\vspdfprsrv.exe
Wow6432Node-HKLM-Run-Intellex Service Manager - %ProgramFiles(x86)%\Sensormatic\NetworkClient\Bin\NtlxSrvMgr.exe
WebBrowser-{5786D022-540E-4699-B350-B4BE0AE94B79} - (no file)
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
AddRemove-EasyBits Magic Desktop - c:\windows\system32\ezMDUninstall.exe
AddRemove-{E92D47A1-D27D-430A-8368-0BAFD956507D} - c:\program files (x86)\InstallShield Installation Information\{E92D47A1-D27D-430A-8368-0BAFD956507D}\setup.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\18.7.0.13\diMaster.dll\" /prefetch:1"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11e_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11e.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\EPSON\EBAPI\eEBSVC.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\SysWOW64\ezSharedSvcHost.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\program files (x86)\Hardcopy\hcdll2_ex_Win32.exe
c:\program files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
c:\program files (x86)\CyberLink\YouCam\YCMMirage.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-03-16 00:09:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-03-15 23:09
.
Vor Suchlauf: 14 Verzeichnis(se), 193.682.042.880 Bytes frei
Nach Suchlauf: 23 Verzeichnis(se), 193.306.324.992 Bytes frei
.
- - End Of File - - C9D910D21B082F898BD3DF70B11F3E50
|
|
16.03.2012, 10:30
| #12 |
| /// Malware-holic | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? lade den CCleaner standard: CCleaner Download - CCleaner 3.16.1666 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 11:39
| #13 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? hier die Liste der Installierten Programme aus CCleaner 1-abc.net File Finder (Remove only) 27.12.2011 unbekannt Acronis*True*Image*Home Acronis 08.01.2012 158,5MB 13.0.7154 unnötig Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 21.12.2011 6,00MB 11.1.102.55 notwendig Adobe Flash Player 11 Plugin 64-bit Adobe Systems Incorporated 13.03.2012 6,00MB 11.1.102.63 notwendig Adobe Reader X (10.1.2) MUI Adobe Systems Incorporated 16.01.2012 478MB 10.1.2 notwendig Adobe Shockwave Player 11.5 Adobe Systems, Inc. 22.08.2011 11.5.9.620 unbekannt AntiBrowserSpy Abelssoft 15.02.2012 59,3MB 3.6.106 notwendig Apple Application Support Apple Inc. 21.12.2011 61,2MB 2.1.6 unbekannt Apple Mobile Device Support Apple Inc. 21.12.2011 24,9MB 4.0.0.97 unbekannt Apple Software Update Apple Inc. 21.12.2011 2,38MB 2.1.3.127 notwendig Ashampoo Burning Studio 10 v.10.0.15 Ashampoo GmbH & Co. KG 16.02.2012 233MB 10.0.15 unnötig Ashampoo Burning Studio 11 v.11.0.4 Ashampoo GmbH & Co. KG 15.02.2012 374MB 11.0.4 notwendig Ashampoo Burning Studio 2010 Advanced 9.25 Ashampoo GmbH & Co. KG 27.12.2011 98,1MB 3.1.1 evtl. unnötig Ashampoo DE Toolbar Ashampoo DE 15.02.2012 6.8.5.1 unbekannt Ashampoo WinOptimizer 8 v.8.13 Ashampoo GmbH & Co. KG 18.02.2012 71,2MB 8.1.3 evtl. notwendig ATI Catalyst Install Manager ATI Technologies, Inc. 22.08.2011 22,4MB 3.0.816.0 unbekannt Audials RapidSolution Software AG 30.12.2011 292MB 8.0.54900.0 unnötig Audials TV RapidSolution Software AG 30.12.2011 2,07MB 1.3.10803.300 evtl. unnötig Avira Free Antivirus Avira 15.02.2012 105,9MB 12.0.0.898 notwendig BayWatcher Pro - Deinstallation Mathias Gerlach & Jochen Milchsack [aborange.de] 18.02.2012 23,9MB 8.05 evtl. unnötig Bing Bar Microsoft Corporation 22.08.2011 24,4MB 7.0.610.0 unbekannt Bonjour Apple Inc. 21.12.2011 2,04MB 3.0.0.10 unbekannt Broadcom 802.11 Wireless LAN Adapter Broadcom Corporation 23.08.2011 5.60.48.61 notwendig CCleaner Piriform 15.03.2012 3.16 notwendig CheckDrive Abelssoft 21.12.2011 28,3MB 3.0 notwendig COMPUTERBILD App-Center J3S 19.12.2011 3,11MB 1.1.15 unnötig Corel Graphics Suite 11 Corel Corporation 12.02.2012 264MB 11 notwendig CyberGhost VPN Patch 4.7.18 CyberGhost S.R.L. 21.12.2011 51,2MB notwendig CyberLink PowerDVD 10 CyberLink Corp. 22.08.2011 227MB 10.0.3.2714 notwendig CyberLink YouCam CyberLink Corp. 14.01.2012 125,5MB 3.5.1.4606 notwendig dakota.ag ITSG 30.12.2011 5.0.0.0 notwendig DivX-Setup DivX, LLC 30.12.2011 2.6.1.3 notwendig Druckerdeinstallation für EPSON BX620FWD Series SEIKO EPSON Corporation 06.02.2012 notwendig EASEUS Partition Master 8.0.1 Home Edition EASEUS 30.12.2011 40,5MB evtl. notwendig ElsterFormular Landesfinanzdirektion Thüringen 25.01.2012 188,6MB 13.0.0.8086u notwendig eMule Plus 1.2e eMule Plus Team 18.02.2012 unnötig Energy Star Digital Logo Hewlett-Packard 22.08.2011 0,29MB 1.0.1 notwendig EPSON BX620FWD Series Handbuch 12.02.2012 unnötig EPSON BX620FWD Series Netzwerk-Handbuch 12.02.2012 unnötig Epson Easy Photo Print 2 SEIKO EPSON CORPORATION 06.02.2012 2.3.2.0 notwendig Epson Easy Photo Print Plug-in for PMB(Picture Motion Browser) SEIKO EPSON CORPORATION2 06.02.2012 1.00.0000 notwendig Epson Event Manager SEIKO EPSON CORPORATION 12.02.2012 38,8MB 2.40.0001 notwendig Epson FAX Utility SEIKO EPSON CORPORATION 06.02.2012 1.20.00 notwendig Epson PC-FAX Driver 06.02.2012 notwendig EPSON Scan Seiko Epson Corporation 12.02.2012 notwendig EpsonNet Print SEIKO EPSON CORPORATION 12.02.2012 2.5.00 notwendig EpsonNet Setup 3.3 SEIKO EPSON CORPORATION 12.02.2012 3.3a notwendig Evernote v. 4.2.2 Evernote Corp. 20.06.2011 139,1MB 4.2.2.3979 unbekannt eXPert PDF 6 Avanquest software 16.02.2012 6.20.400.0 notwendig Formatwandler 4 SE S.A.D. 21.12.2011 72,9MB 4.0.11.800 notwendig Free Studio version 5.3.3 DVDVideoSoft Ltd. 18.02.2012 703MB evtl. notwendig Google Chrome Google Inc. 28.12.2011 17.0.963.79 unnötig Google Earth Google 07.02.2012 116,4MB 6.2.1.6014 notwendig Google Toolbar for Internet Explorer Google Inc. 29.02.2012 7.3.2614.234 unnötig?? GPS Tracker Utility 1.18 (Build 980827) 21.01.2012 notwendig Guard.ICQ Mail.ru 14.01.2012 notwendig Hardcopy (C:\Program Files (x86)\Hardcopy) www.hardcopy.de 28.01.2012 2012.01.04 notwendig HP 3D DriveGuard Hewlett-Packard Company 22.08.2011 7,00MB 4.1.5.1 notwendig HP Connection Manager Hewlett-Packard Company 22.08.2011 33,5MB 4.0.45.1 notwendig HP Customer Participation Program 13.0 HP 25.01.2012 13.0 unbekannt HP Documentation Hewlett-Packard 22.08.2011 333MB 1.1.0.0 unbekannt HP Games WildTangent 22.08.2011 1.0.2.4 unnötig HP Imaging Device Functions 13.0 HP 25.01.2012 13.0 unbekannt HP On Screen Display Hewlett-Packard Company 20.06.2011 1,43MB 1.1.2 unbekannt HP Photosmart Essential 3.5 HP 25.01.2012 3.5 notwendig HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B HP 25.01.2012 13.0 notwendig HP Power Manager Hewlett-Packard Company 22.08.2011 3,61MB 1.2.3 notwendig HP Quick Launch Hewlett-Packard Company 20.06.2011 7,14MB 2.3.6 notwendig HP Setup Hewlett-Packard Company 20.06.2011 8.6.4530.3651 notwendig HP Setup Manager Hewlett-Packard Company 22.08.2011 8,31MB 1.1.13231.3673 notwendig HP SimplePass 2011 Hewlett-Packard 19.12.2011 77,0MB 5.3.0.273 unbekannt HP Smart Web Printing 4.51 HP 25.01.2012 4.51 unbekannt HP Software Framework Hewlett-Packard Company 20.06.2011 2,81MB 4.0.110.1 notwendig HP Solution Center 13.0 HP 25.01.2012 13.0 notwendig HP Support Assistant Hewlett-Packard Company 20.06.2011 68,5MB 5.2.9.2 unnötig HP Update Hewlett-Packard 25.01.2012 3,73MB 4.000.011.006 notwendig iCloud Apple Inc. 21.01.2012 31,2MB 1.0.2.17 notwendig ICQ Sparberater solute gmbh 14.01.2012 0,46MB 1.3.671 unnötig ICQ Toolbar ICQ 14.01.2012 3.0.0 evtl. notwendig ICQ7.7 ICQ 14.01.2012 7.7 notwendig iDevice Manager Marx Softwareentwicklung 21.12.2011 7,04MB 1.0.0.0 unbekannt IDT Audio IDT 22.08.2011 1.0.6329.0 Installationsassistent Security Center GmbH & Co. KG 21.01.2012 1,16MB 1.04.0000 unnötig Intel(R) Display Audio Driver Intel Corporation 23.08.2011 6.14.00.3074 notwendig Intel(R) Management Engine Components Intel Corporation 23.08.2011 7.0.0.1144 unbekannt Intel(R) Rapid Storage Technology Intel Corporation 23.08.2011 10.1.2.1004 unbekannt IrfanView (remove only) Irfan Skiljan 28.12.2011 1,50MB 4.30 notwendig iTunes Apple Inc. 21.01.2012 172,5MB 10.5.3.3 notwendig Java(TM) 6 Update 24 (64-bit) Oracle 20.06.2011 90,8MB 6.0.240 notwendig Java(TM) 7 Oracle 28.12.2011 98,9MB 7.0.0 notwendig Java(TM) 7 Update 3 (64-bit) Oracle 16.02.2012 93,7MB 7.0.30 notwendig Java(TM) SE Development Kit 7 Update 3 (64-bit) Oracle 16.02.2012 141,6MB 1.7.0.30 notwendi?? JavaFX 2.0.3 (64-bit) Oracle Corporation 16.02.2012 20,9MB 2.0.3 notwendig?? JavaFX 2.0.3 SDK (64-bit) Oracle Corporation 16.02.2012 66,8MB 2.0.3 notwendig?? Join Air ZTE Corporation 06.02.2012 1.0.0.2 notwendig K-Lite Codec Pack 7.9.0 (Basic) 16.02.2012 24,5MB 7.9.0 evtl. notwendig Leawo Video Converter 2012 Version 4.0.0.2 Leawo Software 17.02.2012 4.0.0.2 notwendig Lexware Elster Haufe-Lexware GmbH & Co.KG 30.12.2011 68,2MB 10.25.00.0003 notwendig Lexware financial office 2012 Haufe-Lexware GmbH & Co.KG 19.02.2012 836MB 16.03.00.0173 notwendig Lexware Info Service Haufe-Lexware GmbH & Co.KG 30.12.2011 14,9MB 2.80.00.0007 notwendig Magic Desktop EasyBits Software AS 22.08.2011 107,4MB 3.0 unbekannt Malwarebytes Anti-Malware Version 1.60.1.1000 Malwarebytes Corporation 14.03.2012 17,4MB 1.60.1.1000 notwendig McAfee Security Scan Plus McAfee, Inc. 18.02.2012 8,30MB 2.0.181.2 notwendig Mediathek 2.5.0 21.12.2011 2.5.0 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 24.10.2011 38,8MB 4.0.30319 notwendig Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 24.10.2011 2,94MB 4.0.30319 notwendig?? Microsoft .NET Framework 4 Extended Microsoft Corporation 19.12.2011 52,0MB 4.0.30319 notwendig?? Microsoft Office 2010 Microsoft Corporation 20.06.2011 6,31MB 14.0.4763.1000 notwendig Microsoft Office Enterprise 2007 Microsoft Corporation 20.12.2011 12.0.6425.1000 notwendig Microsoft Office File Validation Add-In Microsoft Corporation 09.02.2012 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Klick-und-Los 2010 Microsoft Corporation 11.10.2011 14.0.4763.1000 unbekannt Microsoft Office Outlook Connector Microsoft Corporation 16.02.2012 3,34MB 14.0.5118.5000 notwendig Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 11.10.2011 14.0.5128.5002 notwendig Microsoft Silverlight Microsoft Corporation 15.02.2012 60,3MB 4.1.10111.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 20.06.2011 1,70MB 3.1.0000 notwendig Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.02.2012 2,38MB 8.0.56336 notwendig?? Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 20.06.2011 0,77MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 22.08.2011 0,77MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 13.10.2011 0,77MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 30.12.2011 0,23MB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 22.08.2011 0,58MB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 13.10.2011 0,59MB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Corporation 13.10.2011 13,7MB 10.0.30319 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 29.12.2011 16,5MB 10.0.40219 unbekannt Microsoft WSE 3.0 Runtime Microsoft Corp. 30.12.2011 0,92MB 3.0.5305.0 unbekannt Miranda Fusion 3.1.10.0 Miranda Fusion Team 07.03.2012 27,5MB 3.1.10.0 notwendig?? Miro Participatory Culture Foundation 27.12.2011 4.0.3 unbekannt Mozilla Firefox 10.0.2 (x86 de) Mozilla 16.02.2012 43,5MB 10.0.2 notwendig MSXML 4.0 SP2 (KB954430) Microsoft Corporation 29.12.2011 1,28MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 29.12.2011 1,33MB 4.20.9876.0 unbekannt NetworkClient Ihr Firmenname 12.03.2012 149,8MB 5.00.74.189 notwendig Nokia Connectivity Cable Driver Nokia 18.02.2012 3,94MB 7.1.69.0 notwendig Nokia Suite Nokia 18.02.2012 3.3.86.0 notwendig Norton Internet Security Symantec Corporation 06.10.2011 18.7.0.13 notwendig?? OCR Software by I.R.I.S. 13.0 HP 25.01.2012 13.0 notwendig Paint.NET v3.5.10 dotPDN LLC 28.12.2011 10,7MB 3.60.0 notwendig PantsOff 2.0 Christoph Bünger Software 18.02.2012 2.0 unbekannt PC Beschleunigen - Vollständige Deinstallation Speedchecker Limited 21.12.2011 5,76MB 2.3.18 evtl. notwendig PC Connectivity Solution Nokia 18.02.2012 20,9MB 11.5.29.0 unbekannt PC Tools Registry Mechanic 11.0 PC Tools 02.02.2012 31,5MB 11.0 unbekannt PDF Expert 6 - Installer Avanquest GmbH 16.02.2012 26,1MB notwendig PDFCreator Frank Heindörfer, Philip Chinery 13.03.2012 1.3.0 notwendig pdfforge Toolbar v5.1 Spigot, Inc. 11.03.2012 10,9MB 5.1 notwendig?? PhotoFiltre 6.5.1 21.12.2011 6.5.1 unbekannt PixiePack Codec Pack None 18.02.2012 17,2MB 1.1.1200.0 notwendig PL-2303 USB-to-Serial Prolific Technology INC 21.01.2012 1.00.000 notwendig PL-2303 USB-to-Serial 20.06.2011 notwendig Q-Dir 21.12.2011 unbekannt QuickTime Apple Inc. 21.01.2012 73,3MB 7.71.80.42 notwendig Realtek Ethernet Controller Driver Realtek 22.08.2011 7.41.216.2011 notwendig Realtek PCIE Card Reader Realtek Semiconductor Corp. 22.08.2011 6.1.7600.74 notwendig Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 22.08.2011 0,59MB 2.0.32.0 notwendig Safari Apple Inc. 21.01.2012 43,3MB 5.34.52.7 unnötig Skype™ 5.5 Skype Technologies S.A. 19.12.2011 17,0MB 5.5.124 notwendig SpeedCommander 12 SpeedProject 15.02.2012 12 notwendig StarMoney 7.0 Star Finanz GmbH 28.12.2011 7.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 22.08.2011 46,4MB 15.2.4.4 evtl. notwendig TeamViewer 7 TeamViewer 18.02.2012 7.0.12541 notwendig Tunebite RapidSolution Software AG 18.02.2012 192,7MB 7.2.12800.0 notwendig?? TuneUp Utilities 2011 TuneUp Software 15.02.2012 10.0.4600.4 notwendig Uniblue DriverScanner Uniblue Systems Ltd 27.12.2011 25,4MB 4.0.3.4 notwendig?? UpdateStar UpdateStar GmbH 16.02.2012 25,8MB 6.0.1036 notwendig Validity WBF DDK Validity Sensors, Inc. 22.08.2011 22,6MB 4.3.118.0 unbekannt VLC media player 1.1.11 VideoLAN 21.12.2011 1.1.11 notwendig VodBurner Netralia 18.02.2012 10,1MB 1.0.5 unbekannt Winamp Nullsoft, Inc 21.12.2011 5.621 notwendig Winamp Erkennungs-Plug-in Nullsoft, Inc 21.12.2011 63,00KB 1.0.0.1 notwendig Windows 7 Codec Pack 3.3.0 Windows 7 Codec Pack 21.12.2011 notwendig Windows Live Essentials Microsoft Corporation 17.02.2012 15.4.3538.0513 notwendig Windows Live Mesh ActiveX Control for Remote Connections Microsoft Corporation 20.06.2011 5,57MB 15.4.5722.2 notwendig?? Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 20.06.2011 5,58MB 15.4.5722.2 notwendig?? Windows-Treiberpaket - Nokia pccsmcfd (08/22/2008 7.0.0.0) Nokia 18.02.2012 08/22/2008 7.0.0.0 notwendig WinRAR 4.01 (64-Bit) win.rar GmbH 21.12.2011 4.01.0 notwendig Yahoo! Messenger Yahoo! Inc. 21.01.2012 notwendig Yahoo! Software Update 21.01.2012 notwendig Yahoo! Toolbar 21.01.2012 notwendig |
|
16.03.2012, 12:02
| #14 |
| /// Malware-holic | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? deinstaliere: 1-abc Acronis Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Adobe Shockwave Ashampoo DE Toolbar Ashampoo WinOptimizer : verzichte auf solche software, bringt nichts und kann dem system schaden Audials : beide BayWatcher Bing COMPUTERBILD eMule Evernote Google : die mit unnötig gekennzeichneten ICQ Sparberater ICQ Toolbar Java: alle Download der kostenlosen Java-Software downloade java jre, instalieren. deinstalieren: Magic Desktop McAfee Security Scan Norton : woher soll ich wissen, ob du das nutzt, falls ja, avira weg. falls nein, norton weg PantsOff PC Beschleunigen : blödsinn, weg damit, kann ebenfalls dem pc schaden. PC Tools pdfforge PhotoFiltre TuneUp : wie viel tuning programme brauchst du :d gilt das selbe wie für die andern. Uniblue VodBurner Yahoo! Toolbar code packs: wofür brauchst du die alle, der vlc spielt doch eig alles ab. Windows 7 Codec PixiePack K-Lite können alle weg. öffne ccleaner, analysieren CCleaner starten. teste wie der pc läuft
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
16.03.2012, 12:22
| #15 |
| | Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? Ich deinstalliere alle diese Programme jetzt, kann ich dann zum herunterladen von Adobe Reader und Java wieder online gehen oder soll ich es von einem anderen PC runterladen und dann offline hinein kopieren?? So mache ich es jetzt die ganze Zeit. INfizierter PC ist im offline Modus. |
|
| Themen zu Bundespolizei Virus eingefangen,Windows wird blockiert, was kann ich tun? |
| abgesicherte, abgesicherten, ahnung, anweisung, blockiert, dateien, downloaden, eingefangen, fremd, gefangen, gen, gestern, installiere, installieren, kurze, laden, link, modus, normale, normalen, seite, startseite, system, vieles, virus, windows |
Linear-Darstellung
