|
Plagegeister aller Art und deren Bekämpfung: smart repair virus auf rechnerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
05.07.2012, 15:43 | #1 |
| smart repair virus auf rechner hallo, ich habe seit 2 Tagen das Problem das ich den smart Repair (HDD) virus auf der Platte habe bzw. hatte. Der alle Benutzer Dateien versteckt hat, so daß ich einen schwarzen Screen ohne Benutzer Ansicht (Windows 7 Premium) hatte. Bei allen Scans wurden die Daten immer gefunden nur konnte ich diese nicht anwählen. Vorerst habe ich diverese SpywareTools (Google Suche) ausprobiert. u.a. spywarefighter (habe ich nach 14 std. scan ohne Fortschritt abgebrochen) und Trojan Killer 2.1. . Bei letzteren fanden sich im Netz nicht die zusätzlichen benötigten Programme, unheader.exe und restore.exe. Durch Zufalll habe ich heute auf der englischen Seite die betreffenden Programme gefunden und versucht diese auszuführen. (Ohne Erfolg). Die diversen Installationen habe ich im abgesicherten Modus soweit es ging gelöscht. Sowie auch den CCleaner laufen lassen. Was zur Folge hatte, dass der Virus nicht mehr startet und Teile meiner Benutzerdaten und Programme wieder Fehlerfrei angezeigt werden (keine Ahnung warum). Bestimmte Komponennten fehlen aber immer noch. Der Scan mit Malwarebytes, ergibt das der Virus sich noch immer im System befindet. Daher möchte ich nun ein Neues Thema diesbezüglich erstellen. Vielen Dank und Grüße N Bau ------------------------------------------ Mein Report (logfile): ------------------------------------------ Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.05.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Nici :: NICI-PC [Administrator] 05.07.2012 16:10:32 mbam-log-2012-07-05 (16-10-32).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 236990 Laufzeit: 7 Minute(n), 58 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 4 C:\Users\Nici\AppData\Local\Temp\ICReinstall_DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Nici\Downloads\DownloadManagerSetup.exe (PUP.Adware.InstallCore) -> Keine Aktion durchgeführt. C:\Users\Nici\Downloads\SoftonicDownloader_fuer_utorrent(1).exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. C:\Users\Nici\Downloads\SoftonicDownloader_fuer_utorrent.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt. (Ende) ------------------------------------------ Die Anzahl der infizierten Dateien ändert sich immer wieder. ------------------------------------------ Als nächstes werden dann die weiteren Berichte folgen. Schritt: 1 = Defogger ausgeführt. Schritt 2 - OTL.txt: ----------------------------------------OTL Logfile: Code:
ATTFilter OTL logfile created on: 05.07.2012 17:16:15 - Run 2 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\Nici\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,74 Gb Total Physical Memory | 1,84 Gb Available Physical Memory | 49,28% Memory free 7,48 Gb Paging File | 5,28 Gb Available in Paging File | 70,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 552,22 Gb Total Space | 467,79 Gb Free Space | 84,71% Space Free | Partition Type: NTFS Drive D: | 29,00 Gb Total Space | 27,85 Gb Free Space | 96,04% Space Free | Partition Type: NTFS Computer Name: NICI-PC | User Name: Nici | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.07.05 16:57:49 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Nici\Downloads\OTL(1).exe PRC - [2012.06.27 17:11:10 | 001,090,440 | -H-- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe PRC - [2012.06.27 17:01:34 | 000,791,488 | -H-- | M] (Spigot, Inc.) -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe PRC - [2012.06.25 13:23:04 | 001,200,752 | ---- | M] (SPAMfighter) -- C:\Program Files (x86)\Fighters\SPYWAREfighter\swproTray.exe PRC - [2012.06.25 12:44:56 | 000,717,312 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVScanningService.exe PRC - [2012.06.25 12:44:56 | 000,237,344 | ---- | M] (Preventon Technologies Limited) -- C:\Program Files (x86)\Common Files\Common Toolkit Suite\AVEngine\AVWatchService.exe PRC - [2012.06.23 11:50:28 | 001,535,176 | -H-- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_3_300_262.exe PRC - [2012.04.30 15:42:51 | 000,924,600 | -H-- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe PRC - [2012.01.18 17:36:46 | 001,452,680 | ---- | M] (SPAMfighter ApS) -- C:\Program Files (x86)\Fighters\Tray\FightersTray.exe PRC - [2011.10.13 18:21:52 | 000,249,648 | -H-- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE PRC - [2010.05.28 05:14:52 | 000,376,176 | -H-- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe PRC - [2010.05.28 05:14:02 | 000,709,488 | -H-- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe PRC - [2010.05.28 05:13:38 | 000,314,736 | -H-- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe PRC - [2010.05.19 19:21:46 | 000,364,400 | -H-- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe PRC - [2010.05.19 19:21:26 | 000,322,416 | -H-- | M] (Egis Technology Inc. ) -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe PRC - [2010.05.04 13:07:22 | 000,503,080 | -H-- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2010.04.07 07:23:00 | 001,800,808 | -H-- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.03.11 00:11:56 | 000,407,920 | -H-- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe PRC - [2010.03.11 00:11:42 | 000,201,584 | -H-- | M] (Egis Technology Inc.) -- C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe PRC - [2010.03.03 00:37:40 | 000,171,104 | -H-- | M] (CyberLink Corp.) -- C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe PRC - [2010.01.19 04:44:40 | 000,536,576 | -H-- | M] (Vimicro) -- C:\Program Files (x86)\USB Camera2\VM332_STI.EXE PRC - [2009.09.30 14:02:38 | 002,320,920 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 14:02:36 | 000,268,824 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.07.14 16:27:26 | 000,038,152 | -H-- | M] (Lenovo Group Limited) -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe PRC - [2009.06.04 21:03:32 | 000,186,904 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2009.06.04 21:03:06 | 000,354,840 | -H-- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe ========== Modules (No Company Name) ========== MOD - [2012.06.23 11:50:27 | 009,459,912 | -H-- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll MOD - [2012.06.05 11:13:42 | 000,144,704 | ---- | M] () -- C:\Users\Nici\AppData\Roaming\12012\components\AcroFF.dll MOD - [2012.04.30 15:42:51 | 001,952,696 | -H-- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.03.20 13:11:30 | 000,162,192 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Windows\SysNative\mfevtps.exe -- (mfevtp) SRV:64bit: - [2012.03.20 12:56:24 | 000,210,584 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe -- (mfefire) SRV:64bit: - [2012.03.20 12:55:54 | 000,199,272 | -H-- | M] () [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (MSK80Service) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc) SRV:64bit: - [2011.01.27 19:28:20 | 000,249,936 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McMPFSvc) SRV - [2012.06.27 17:01:34 | 000,791,488 | -H-- | M] (Spigot, Inc.) [Auto | Running] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012.06.25 12:44:56 | 000,717,312 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVScanningService.exe -- (AV Engine Scanning Service) SRV - [2012.06.25 12:44:56 | 000,237,344 | ---- | M] () [Auto | Running] -- C:/Program Files (x86)/Common Files/Common Toolkit Suite/AVEngine/AVWatchService.exe -- (AV Watch Service) SRV - [2012.06.23 11:50:33 | 000,250,056 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.05 15:17:44 | 000,160,944 | RH-- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.04.30 15:42:52 | 000,129,976 | -H-- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.04.19 08:22:48 | 000,502,032 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee\VirusScan\mcods.exe -- (McODS) SRV - [2012.01.23 13:40:12 | 001,324,680 | ---- | M] (SPAMfighter ApS) [Auto | Running] -- C:\Program Files (x86)\Fighters\FighterSuiteService.exe -- (Suite Service) SRV - [2011.10.21 16:23:42 | 000,196,176 | -H-- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.10.13 18:21:52 | 000,249,648 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.05.28 05:14:02 | 000,709,488 | -H-- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisService.exe -- (EgisTec Service) SRV - [2010.05.28 05:13:38 | 000,314,736 | -H-- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec BioExcess\EgisDSService.exe -- (EgisTec Data Security Service) SRV - [2010.05.19 19:21:26 | 000,322,416 | -H-- | M] (Egis Technology Inc. ) [Auto | Running] -- C:\Program Files (x86)\EgisTec Port Locker\Egishlpsvc.exe -- (EgisTec Service Help) SRV - [2010.05.04 13:07:22 | 000,503,080 | -H-- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010.04.20 15:29:08 | 000,903,456 | -H-- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.04.07 07:23:00 | 001,800,808 | -H-- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.03.18 14:16:28 | 000,130,384 | -H-- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.02.05 16:43:20 | 000,311,296 | -H-- | M] (Realtek Semiconductor Corp.) [Auto | Running] -- C:\Programme\Realtek\RtLED\RtLEDService.exe -- (RtLedService) SRV - [2009.09.30 14:02:38 | 002,320,920 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2009.09.30 14:02:36 | 000,268,824 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2009.09.22 20:16:32 | 000,579,400 | -H-- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2009.08.14 16:22:48 | 000,509,192 | -H-- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Programme\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.07.16 05:12:42 | 000,276,296 | -H-- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\PS_MDP.dll -- (PS_MDP) SRV - [2009.07.14 16:27:26 | 000,038,152 | -H-- | M] (Lenovo Group Limited) [Auto | Running] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\IGRS.exe -- (IGRS) SRV - [2009.07.14 16:27:20 | 000,103,688 | -H-- | M] (Lenovo Group Limited) [Auto | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\common\router.dll -- (ReadyComm.DirectRouter) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.06.04 21:03:06 | 000,354,840 | -H-- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON) Intel(R) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.06.25 12:44:58 | 000,013,720 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avfsfilter.sys -- (AVFSFilter) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.22 13:29:46 | 000,647,208 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfehidk.sys -- (mfehidk) DRV:64bit: - [2012.02.22 13:29:46 | 000,487,296 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfefirek.sys -- (mfefirek) DRV:64bit: - [2012.02.22 13:29:46 | 000,289,664 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\mfewfpk.sys -- (mfewfpk) DRV:64bit: - [2012.02.22 13:29:46 | 000,229,528 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeavfk.sys -- (mfeavfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,160,792 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\mfeapfk.sys -- (mfeapfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,100,912 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mferkdet.sys -- (mferkdet) DRV:64bit: - [2012.02.22 13:29:46 | 000,075,936 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mfenlfk.sys -- (mfenlfk) DRV:64bit: - [2012.02.22 13:29:46 | 000,065,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cfwids.sys -- (cfwids) DRV:64bit: - [2012.01.04 16:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver) DRV:64bit: - [2011.10.23 23:17:46 | 000,303,616 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2011.10.23 23:17:45 | 000,035,328 | ---- | M] () [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.08.27 04:59:56 | 000,055,880 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\EgisTecFF.sys -- (EgisTecFF) DRV:64bit: - [2010.08.27 04:46:51 | 000,035,888 | ---- | M] (EgisTec) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\FPSensor.sys -- (FPSensor) EgisTec-Corp Fingerprint Reader Driver (FPSensor.sys) DRV:64bit: - [2010.08.27 04:46:50 | 000,060,464 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDVDisk.sys -- (mwlPSDVDisk) DRV:64bit: - [2010.08.27 04:46:50 | 000,022,576 | ---- | M] (Egis Technology Inc.) [File_System | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDFilter.sys -- (mwlPSDFilter) DRV:64bit: - [2010.08.27 04:46:50 | 000,020,016 | ---- | M] (Egis Technology Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\mwlPSDNserv.sys -- (mwlPSDNServ) DRV:64bit: - [2010.08.25 20:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.05.10 12:17:50 | 000,229,488 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vm332avs.sys -- (vm332avs) DRV:64bit: - [2010.04.08 18:11:12 | 000,054,824 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2010.03.26 11:14:50 | 000,162,304 | ---- | M] (ELAN Microelectronics Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.03.24 11:57:20 | 000,243,744 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.02.25 19:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.22 12:03:44 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.02 17:52:02 | 003,058,168 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX) DRV:64bit: - [2010.02.02 09:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R) DRV:64bit: - [2010.01.15 20:08:34 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2010.01.15 08:23:20 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.01.15 08:23:14 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.01.15 08:23:10 | 000,021,288 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.10.19 02:40:50 | 000,028,176 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2009.09.17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.16 13:55:34 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror) DRV:64bit: - [2009.07.16 05:38:20 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:28 | 005,434,368 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netw5v64.sys -- (netw5v64) Intel(R) DRV:64bit: - [2009.06.10 22:34:36 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\k57nd60a.sys -- (k57nd60a) Broadcom NetLink (TM) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.06.04 20:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.04.07 09:33:08 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV - [2011.09.01 21:44:45 | 000,011,376 | -H-- | M] () [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\SECDRV.SYS -- (SecDrv) DRV - [2010.12.30 20:02:28 | 000,120,320 | -H-- | M] () [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\SSHDRV65.sys -- (SSHDRV65) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKCU\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2269050&SSPV=IENOSGBR IE - HKCU\..\SearchScopes\{F8F531DB-80C2-4A20-AA01-2E794CA48DC7}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://www.web.de/" FF - prefs.js..extensions.enabledItems: {e4a8a97b-f2ed-450b-b12d-ee082ba24781}:0.9.2 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198 FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.11.3.15590 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: pdfforge@mybrowserbar.com:4.3 FF - prefs.js..extensions.enabledItems: wtxpcom@mybrowserbar.com:4.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL () FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~2\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Nici\AppData\Roaming\12012 [2012.06.05 11:13:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2012.06.27 09:08:04 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.17 01:18:35 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.17 01:18:35 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.06.20 09:12:22 | 000,000,000 | -H-D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{184AA5E6-741D-464a-820E-94B3ABC2F3B4}: C:\Users\Nici\AppData\Roaming\12012 [2012.06.05 11:13:43 | 000,000,000 | ---D | M] [2011.01.05 09:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nici\AppData\Roaming\mozilla\Extensions [2011.01.05 09:53:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nici\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.02 09:01:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nici\AppData\Roaming\mozilla\Firefox\Profiles\zqzygbv1.default\extensions [2012.06.01 08:51:14 | 000,000,000 | ---D | M] (DVDVideoSoftTB) -- C:\Users\Nici\AppData\Roaming\mozilla\Firefox\Profiles\zqzygbv1.default\extensions\{872b5b88-9db5-4310-bdd0-ac189557e5f5} [2011.07.10 10:32:07 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Nici\AppData\Roaming\mozilla\Firefox\Profiles\zqzygbv1.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 15:58:04 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Users\Nici\AppData\Roaming\mozilla\Firefox\Profiles\zqzygbv1.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781} [2012.03.20 07:54:02 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.03.01 21:13:32 | 000,000,000 | -H-D | M] (Skype Click to Call) -- C:\Program Files (x86)\mozilla firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.27 09:08:04 | 000,000,000 | -H-D | M] (McAfee ScriptScan for Firefox) -- C:\PROGRAM FILES (X86)\COMMON FILES\MCAFEE\SYSTEMCORE [2012.07.02 09:01:58 | 000,000,000 | -H-D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012.07.02 09:01:58 | 000,000,000 | -H-D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF [2012.06.05 11:13:43 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\NICI\APPDATA\ROAMING\12012 [2012.06.24 21:33:46 | 000,697,058 | ---- | M] () (No name found) -- C:\USERS\NICI\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\ZQZYGBV1.DEFAULT\EXTENSIONS\{DC572301-7619-498C-A57D-39143191B318}.XPI [2012.04.30 15:42:52 | 000,097,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2011.04.14 14:01:38 | 000,024,376 | -H-- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.03.11 14:15:03 | 000,476,904 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npdeployJava1.dll [2012.01.29 16:02:49 | 000,001,392 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.01.29 15:50:55 | 000,002,252 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.01.29 16:02:49 | 000,001,153 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.01.29 16:02:49 | 000,006,805 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.01.29 16:02:49 | 000,001,178 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.01.29 16:02:49 | 000,001,105 | -H-- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\pdf.dll CHR - plugin: Google Gears 0.5.33.0 (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gears.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\8.0.552.224\gcswf32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.2.183.23\npGoogleOneClick8.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.50917.0\npctrl.dll CHR - plugin: Default Plug-in (Enabled) = default_plugin O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\PROGRA~1\mcafee\msk\MSKAPB~1.DLL File not found O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Programme\Common Files\McAfee\SystemCore\ScriptSn.20120627090047.dll (McAfee, Inc.) O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Programme\McAfee\MSK\mskapbho.dll () O2 - BHO: (IEPwdBankBHO Class) - {56CBB761-DA41-4E31-B270-B13B4B0A61D0} - C:\Program Files (x86)\EgisTec BioExcess\EgisIEPwdBank.dll (Egis Technology Inc. ) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20120627090047.dll (McAfee, Inc.) O2 - BHO: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (DVDVideoSoftTB Toolbar) - {872b5b88-9db5-4310-bdd0-ac189557e5f5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.0\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (DVDVideoSoftTB Toolbar) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - C:\Program Files (x86)\DVDVideoSoftTB\prxtbDVDV.dll (Conduit Ltd.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronics Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IAAnotif] C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\iaanotif.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [332BigDog] C:\Program Files (x86)\USB Camera2\VM332_STI.EXE (Vimicro) O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CommonToolkitTray] C:\Program Files (x86)\Fighters\Tray\FightersTray.exe (SPAMfighter ApS) O4 - HKLM..\Run: [EgisTecPMMUpdate] C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [EgisUpdate] C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe (Egis Technology Inc.) O4 - HKLM..\Run: [IMSS] C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IMSS\PIconStartup.exe () O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [PLTSR] C:\Program Files (x86)\EgisTec Port Locker\EgisPLTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [SearchSettings] C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) O4 - HKLM..\Run: [SWPROguard] C:\Program Files (x86)\Fighters\SPYWAREfighter\swprotray.exe (SPAMfighter) O4 - HKLM..\Run: [UCam_Menu] C:\Program Files (x86)\Lenovo\YouCam\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VitaKeyTSR] C:\Program Files (x86)\EgisTec BioExcess\EgisTSR.exe (Egis Technology Inc. ) O4 - HKLM..\Run: [YouCam Mirror Tray icon] C:\Program Files (x86)\Lenovo\YouCam\YouCamTray.exe (CyberLink Corp.) O4 - HKCU..\Run: [AdobeBridge] File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\Nici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Free YouTube Download - C:\Users\Nici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Nici\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A0C478D-0DC3-4FAB-828F-8CCBBBCC8913}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{11637F28-6342-4DC8-A0FF-32E37EF681EF}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl64.dll (McAfee, Inc.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\progra~2\mcafee\msc\mcsniepl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 17:15:09 | 000,000,000 | ---D | C] -- C:\Users\Nici\trojaner-bord [2012.07.05 16:51:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ipswitch [2012.07.05 16:00:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.07.05 07:11:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.07.05 07:11:17 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.07.05 07:11:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.07.05 06:44:18 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Malwarebytes [2012.07.05 06:44:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 23:13:53 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.07.04 23:11:52 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton [2012.07.04 23:11:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.07.04 16:25:02 | 000,000,000 | ---D | C] -- C:\ProgramData\clp [2012.07.04 16:24:49 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Fighters [2012.07.04 16:24:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Common Toolkit Suite [2012.07.04 16:24:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fighters [2012.07.04 16:24:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Common Toolkit Suite [2012.07.04 16:22:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Fighters [2012.07.04 14:56:20 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2012.07.04 14:56:07 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2012.07.04 09:49:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\PC Tools [2012.07.04 09:47:28 | 000,251,528 | ---- | C] (PC Tools) -- C:\windows\SysNative\drivers\PCTSD64.sys [2012.07.04 09:47:28 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\PC Tools [2012.07.04 09:46:35 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\TestApp [2012.07.04 09:46:35 | 000,000,000 | ---D | C] -- C:\ProgramData\PC Tools [2012.07.04 08:28:24 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Data Recovery [2012.07.02 09:01:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Spigot [2012.07.02 09:01:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\pdfforge Toolbar [2012.07.02 09:01:55 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Application Updater [2012.06.19 15:31:14 | 000,000,000 | -H-D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.06.19 15:31:06 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.06.12 17:03:10 | 000,000,000 | ---D | C] -- C:\Users\Nici\AppData\Local\Macromedia [2012.06.09 08:21:09 | 000,000,000 | ---D | C] -- C:\Users\Nici\05_Rezepte [2012.01.02 16:39:05 | 004,529,299 | -H-- | C] (FileZilla Project) -- C:\Program Files\FileZilla_3.5.2_win32-setup.exe [2011.09.12 21:12:28 | 493,296,308 | -H-- | C] (Adobe Systems, Incorporated) -- C:\Program Files\Adobe Photoshop CS5 Extended.exe [2011.05.20 17:41:31 | 008,417,616 | -H-- | C] (Mozilla) -- C:\Program Files\Firefox Setup 3.6.13.exe [2011.03.29 21:28:20 | 017,468,504 | -H-- | C] (pdfforge GbR) -- C:\Program Files\PDFCreator-1_2_0_setup.exe [2011.02.25 16:04:58 | 073,294,968 | -H-- | C] (Landesfinanzdirektion Thüringen) -- C:\Program Files\ElsterFormular-12.1.0.6164k.exe [2011.01.14 13:12:12 | 000,921,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\jxpiinstall.exe [2010.12.30 17:32:29 | 019,075,976 | -H-- | C] (Skype Technologies S.A.) -- C:\Program Files\skype_4.2_setup_deutsch.exe [2010.12.30 17:26:45 | 002,928,600 | -H-- | C] (Piriform Ltd) -- C:\Program Files\ccsetup211.exe [2010.12.30 17:26:33 | 009,278,632 | -H-- | C] (Mozilla) -- C:\Program Files\Thunderbird_Setup_3.1.6.exe [2010.12.30 17:26:21 | 000,921,376 | -H-- | C] (Sun Microsystems, Inc.) -- C:\Program Files\jxpiinstall.exe [1 C:\Users\Nici\AppData\Roaming\*.tmp files -> C:\Users\Nici\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.07.05 17:02:05 | 000,001,106 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 16:50:27 | 000,000,884 | -H-- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.07.05 16:05:50 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.07.05 15:59:42 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 15:59:42 | 000,013,632 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.05 15:55:03 | 000,001,102 | -H-- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 15:52:00 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.07.05 15:51:44 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.07.05 15:51:36 | 3010,797,568 | -HS- | M] () -- C:\hiberfil.sys [2012.07.05 15:35:30 | 000,066,472 | ---- | M] () -- C:\Users\Nici\Documents\cc_20120705_153514.reg [2012.07.05 15:34:58 | 000,066,472 | ---- | M] () -- C:\Users\Nici\Documents\cc_20120705_153454.reg [2012.07.05 15:34:42 | 000,072,254 | ---- | M] () -- C:\Users\Nici\Documents\cc_20120705_153431.reg [2012.07.05 09:08:55 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 07:44:00 | 000,000,000 | ---- | M] () -- C:\Users\Nici\defogger_reenable [2012.07.05 06:40:19 | 000,001,109 | ---- | M] () -- C:\Users\Nici\Desktop\Continue Download Manager Installation.lnk [2012.07.04 23:11:52 | 000,001,261 | ---- | M] () -- C:\Users\Nici\Desktop\Norton-Installationsdateien.lnk [2012.07.04 08:58:42 | 000,000,000 | -H-- | M] () -- C:\ProgramData\-qtwMWkYYN5A5vF [2012.07.04 08:58:36 | 000,000,256 | -H-- | M] () -- C:\ProgramData\qtwMWkYYN5A5vF [2012.07.04 08:38:48 | 000,102,362 | ---- | M] () -- C:\Users\Nici\Documents\cc_20120704_083841.reg [2012.06.25 12:44:58 | 000,013,720 | ---- | M] () -- C:\windows\SysNative\drivers\avfsfilter.sys [2012.06.17 23:27:26 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.06.17 23:27:26 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.06.17 23:27:26 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.06.17 23:27:26 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.06.17 23:27:26 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.06.17 16:33:52 | 000,118,970 | ---- | M] () -- C:\Users\Nici\Desktop\Route.pdf [2012.06.17 10:01:24 | 000,054,114 | ---- | M] () -- C:\Users\Nici\Desktop\Wulfener Hals.pdf [2012.06.15 07:32:21 | 005,079,528 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.06.05 23:52:11 | 000,000,016 | ---- | M] () -- C:\Users\Nici\AppData\Roaming\blckdom.res [1 C:\Users\Nici\AppData\Roaming\*.tmp files -> C:\Users\Nici\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.07.05 16:01:07 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2012.07.05 15:35:16 | 000,066,472 | ---- | C] () -- C:\Users\Nici\Documents\cc_20120705_153514.reg [2012.07.05 15:34:55 | 000,066,472 | ---- | C] () -- C:\Users\Nici\Documents\cc_20120705_153454.reg [2012.07.05 15:34:39 | 000,072,254 | ---- | C] () -- C:\Users\Nici\Documents\cc_20120705_153431.reg [2012.07.05 09:08:55 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.07.05 07:44:00 | 000,000,000 | ---- | C] () -- C:\Users\Nici\defogger_reenable [2012.07.05 06:40:19 | 000,001,109 | ---- | C] () -- C:\Users\Nici\Desktop\Continue Download Manager Installation.lnk [2012.07.04 23:11:52 | 000,001,261 | ---- | C] () -- C:\Users\Nici\Desktop\Norton-Installationsdateien.lnk [2012.07.04 08:38:45 | 000,102,362 | ---- | C] () -- C:\Users\Nici\Documents\cc_20120704_083841.reg [2012.07.04 08:28:43 | 000,000,000 | -H-- | C] () -- C:\ProgramData\-qtwMWkYYN5A5vF [2012.07.04 08:28:19 | 000,000,256 | -H-- | C] () -- C:\ProgramData\qtwMWkYYN5A5vF [2012.06.25 12:44:58 | 000,013,720 | ---- | C] () -- C:\windows\SysNative\drivers\avfsfilter.sys [2012.06.17 16:33:51 | 000,118,970 | ---- | C] () -- C:\Users\Nici\Desktop\Route.pdf [2012.06.17 09:59:27 | 000,054,114 | ---- | C] () -- C:\Users\Nici\Desktop\Wulfener Hals.pdf [2012.06.05 11:13:39 | 000,000,016 | ---- | C] () -- C:\Users\Nici\AppData\Roaming\blckdom.res [2012.06.01 12:20:53 | 000,001,363 | ---- | C] () -- C:\Users\Nici\AppData\Local\recently-used.xbel [2012.05.04 22:30:43 | 000,052,952 | ---- | C] () -- C:\Users\Nici\Besenriede 1A, 21709 Himmelpforten nach Lustrupvej 4, 6760 Ribe, Dänemark - Google Maps.pdf [2012.03.23 13:37:04 | 000,124,719 | ---- | C] () -- C:\Users\Nici\turm.jpg [2012.01.21 11:56:25 | 000,069,491 | ---- | C] () -- C:\Users\Nici\404601_229074707175911_100002201509034_518280_1879635835_n.jpg [2011.10.24 23:48:37 | 001,211,961 | -H-- | C] () -- C:\Program Files\DS-Punkte.rar [2011.10.24 23:45:08 | 001,660,147 | -H-- | C] () -- C:\Program Files\winrar-x64-401d.exe [2011.10.24 23:39:52 | 001,531,359 | -H-- | C] () -- C:\Program Files\wrar401d.exe [2011.09.01 21:44:45 | 000,011,376 | -H-- | C] () -- C:\windows\SysWow64\drivers\SECDRV.SYS [2011.06.24 09:58:18 | 000,000,000 | ---- | C] () -- C:\Users\Nici\AppData\Local\{F692AD36-EB0A-4AF0-9118-55C6AB0F31DF} [2011.06.24 09:53:50 | 000,000,000 | ---- | C] () -- C:\Users\Nici\AppData\Local\{25C662A2-6486-42DD-8E5B-CF89D9C35E31} [2011.06.23 10:19:49 | 000,197,913 | ---- | C] () -- C:\Users\Nici\scabbard slide.jpg [2011.05.20 17:39:56 | 002,432,944 | -H-- | C] () -- C:\Program Files\AdobeDownloadAssistant.exe [2011.05.12 11:38:33 | 000,000,274 | ---- | C] () -- C:\Users\Nici\.jupload.properties [2011.03.31 21:03:53 | 000,113,120 | ---- | C] () -- C:\Users\Nici\StillCap0018.jpg [2011.03.31 21:02:04 | 000,325,867 | ---- | C] () -- C:\Users\Nici\Video call snapshot 13.png [2011.03.29 00:04:55 | 000,009,334 | ---- | C] () -- C:\Users\Nici\Sudienbescheinigung Julia Meyer.pdf [2011.03.26 22:28:05 | 000,036,713 | ---- | C] () -- C:\Users\Nici\197806_1617072503600_1139996279_1255070_3636698_n.jpg [2011.03.26 22:27:59 | 000,033,846 | ---- | C] () -- C:\Users\Nici\188635_1622806126937_1139996279_1263859_1123563_n.jpg [2011.03.18 22:30:03 | 000,000,088 | -H-- | C] () -- C:\ProgramData\profile.xml [2011.03.18 15:41:37 | 000,000,000 | -H-- | C] () -- C:\windows\nsreg.dat [2011.03.01 21:31:19 | 000,185,789 | ---- | C] () -- C:\Users\Nici\fjord.jpg [2011.02.12 23:53:32 | 000,000,264 | -H-- | C] () -- C:\windows\SIERRA.INI [2011.01.20 00:35:37 | 000,000,116 | -H-- | C] () -- C:\windows\NeroDigital.ini [2011.01.11 21:53:17 | 000,777,728 | -H-- | C] () -- C:\windows\SysWow64\SSLSVC.DLL [2011.01.11 21:53:17 | 000,069,632 | -H-- | C] () -- C:\windows\SysWow64\xmltok.dll [2011.01.11 21:53:17 | 000,040,960 | -H-- | C] () -- C:\windows\SysWow64\cfmsg.dll [2011.01.11 21:53:17 | 000,036,864 | -H-- | C] () -- C:\windows\SysWow64\xmlparse.dll [2011.01.11 21:53:08 | 000,114,688 | -H-- | C] () -- C:\windows\SysWow64\lang_cfml.dll [2011.01.11 21:53:08 | 000,028,672 | -H-- | C] () -- C:\windows\SysWow64\xml_datagrove.dll [2011.01.09 12:43:26 | 000,293,176 | -H-- | C] () -- C:\Program Files\SoftonicDownloader_fuer_nero-burning-rom.exe [2011.01.07 11:57:25 | 000,000,056 | -H-- | C] () -- C:\windows\SysWow64\ezsidmv.dat [2011.01.07 01:25:32 | 000,021,840 | -H-- | C] () -- C:\windows\SysWow64\SIntfNT.dll [2011.01.07 01:25:32 | 000,017,212 | -H-- | C] () -- C:\windows\SysWow64\SIntf32.dll [2011.01.07 01:25:31 | 000,012,067 | -H-- | C] () -- C:\windows\SysWow64\SIntf16.dll [2011.01.07 01:08:46 | 000,039,434 | -H-- | C] () -- C:\windows\DIIUnin.dat [2010.12.30 20:02:28 | 000,120,320 | -H-- | C] () -- C:\windows\SysWow64\drivers\SSHDRV65.sys [2010.12.30 18:11:28 | 000,072,192 | -H-- | C] () -- C:\windows\unlite3.exe [2010.12.30 17:26:51 | 030,424,567 | -H-- | C] () -- C:\Program Files\xampp-win32-1.5.1-installer.exe [2010.08.27 05:01:49 | 000,016,648 | RH-- | C] () -- C:\windows\SysWow64\LogAPI.dll [2010.08.25 20:34:30 | 000,127,868 | -H-- | C] () -- C:\windows\SysWow64\igcompkrng575.bin [2010.08.25 20:34:30 | 000,104,796 | -H-- | C] () -- C:\windows\SysWow64\igfcg575m.bin ========== LOP Check ========== [2012.06.05 11:13:43 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\12012 [2011.05.20 17:46:09 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant [2012.06.01 08:50:57 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\DVDVideoSoft [2011.08.16 10:28:16 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\DVDVideoSoftIEHelpers [2011.02.25 14:37:03 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\elsterformular [2012.07.04 16:25:11 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\Fighters [2012.07.05 16:47:27 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\FileZilla [2012.06.01 11:58:01 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\inkscape [2012.06.05 11:13:28 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\kock [2012.03.02 20:25:13 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\living-e [2012.06.01 14:55:41 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\PDAppFlex [2012.06.01 14:56:53 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1 [2012.07.04 09:46:35 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\TestApp [2011.09.12 21:13:42 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\Thinstall [2011.01.05 09:53:38 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\Thunderbird [2012.05.13 00:54:32 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\TS3Client [2012.05.12 23:47:28 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\ts3overlay [2012.01.03 22:11:34 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\webedition_e.V [2012.07.01 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Nici\AppData\Roaming\xmldm [2012.06.26 07:35:27 | 000,032,632 | -H-- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 127 bytes -> C:\ProgramData\Temp:430C6D84 @Alternate Data Stream - 105 bytes -> C:\ProgramData\Temp:DFC5A2B2 < End of report > --- --- --- Eine Extra.txt von OTL wird nicht bereitgestellt? ich habe aber noch eine Datei Extra.txt von einem Durchlauf den ich unabhängig zu meinem neuen Thema gemacht habe. Wenn gewünscht und Sinnvoll reiche ich diese hier gerne nach. Vielen Dank und Grüße N Bau --------------- Schritt 3 - Gmer In meinem Erstdurchlauf habe ich hier in Schritt 3 einen Fehler gemacht! Obwohl ich ein x64 basierter- PC = 64bit System habe - so habe ich obwohl hier steht: Gmer nicht anwenden - dieses Angewendet. Da ich aber die Virussoftware nicht ausstellen konnte, sollte das Ergebnis eh unbrauchbar sein. Anti Virensoftware von Mc-Affee. Eine Gmer.txt liegt nicht vor Vielen Dank. -------- Nachsatz: Einleitend stand noch etwas von: 3. Bei Dateien wie locked-<DATEINAME>.<ENDUNG>.wxyz entschlüsseln: Übersicht der 8 Entschlüsselungs-Tools Damit weiss ich leider nichts anzufangen da ich nicht weis was ich entschlüsseln muss oder nicht und wo an welcher Stelle. -------- Ob meine Angaben und Daten Vollständig sind - oder noch Angaben fehlen - werden Sie mir bestimmt dann mitteilen. Bis dahin vielen Dank und ich freue mich auf Ihr Feedback. N. Bau Inzwischen, durch recherchen auch auf einem anderen Bord (hier hxxp://forum.avira.com), konnte ich Teile meines Systems, der Benutzerdaten und Programme wieder herstellen bzw. rekonstruieren. Vollständig sind diese aber noch nicht. Zudem habe ich auch dort einen Eintrag erstellt (natürlich in der Hoffnung auf eine schnelle Lösung). Wenn Sie das stört (doppeltes Hilfegesuch) - verstehe ich das sehr wohl - nur verstehen sie auch meine Panik - nicht arbeiten zu können. Dies bitte ich Sie daher zu entschuldigen. Ich werde sie auf dem laufenden halten und bedanke mich für die Möglichkeit Hilfe zu erlangen. Vielen Dank Geändert von nbau (05.07.2012 um 16:42 Uhr) |
09.07.2012, 14:39 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | smart repair virus auf rechner Bitte erstmal routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
09.07.2012, 16:12 | #3 |
| smart repair virus auf rechner Hallo Arne, vielen lieben Dank für die Tipps und Hilfemöglichkeiten.
__________________Zwischenzeitlich habe ich den Rechner aber über die Recovery Partition neu aufgesetzt. Ich hatte einfach zu viele Fehler aber auch sich behinderne Antispymale Progromme im System. Sodaß ich zwar den Virus elemenieren konnte aber das System hier Windows nicht mehr vollständig herstellen konnte. Vielen Danke für Deine Mühe und Grüße nBau |
Themen zu smart repair virus auf rechner |
administrator, alternate, anti-malware, appdata, autostart, benutzerdaten, bingbar, ccsetup, conduit, continue, dateien, diverse, explorer, folge, google, google earth, heuristiks/extra, heuristiks/shuriken, icreinstall, intranet, lenovo, locker, logfile, malwarebytes, nicht mehr, pdfforge toolbar, plug-in, problem, programme, pup.adware.installcore, rechner, screen, searchscopes, seite, smart repair, spyware, startet, suche, suite/avengine/avscanningservice.exe, suite/avengine/avwatchservice.exe, system, temp, trojan, verschlüsselungs-trojaner, virus, warum, wieder herstellen, windows |