| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exeWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
05.08.2012, 11:54
| #1 |
| |  GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Hi, ich hatte den GVU-Trojaner und hab ihn nach dieser Anleitung versucht zu entfernen:hxxp://www.chip.de/bildergalerie/WindowsUnlocker-Starkes-Tool-gegen-Bundespolizei-Virus-Co.-Galerie_54218633.html Was dazu führte, dass ich wieder Zugang zur Windowsoberfläche bekam und das System auf 2 Tage vor dem Trojaner wiederherstellte. Jetzt habe ich um sicher zu gehen, nochmal, wie oben im Hinweis angegeben mit Malwarebytes einen Vollscan gemacht und der findet noch zwei Dateien. Ich füge hier noch, wie in der Anleitung für neue Themen beschrieben, die otl.txt und Extras.txt aus dem OTL-Scan ein, sowie das Logfile aus dem Malwarebytesscan. Lg RayOTL Logfile: Code:
ATTFilter OTL logfile created on: 05.08.2012 12:04:04 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Wayne\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,58% Memory free 8,00 Gb Paging File | 5,67 Gb Available in Paging File | 70,96% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 171,95 Gb Total Space | 21,41 Gb Free Space | 12,45% Space Free | Partition Type: NTFS Drive D: | 97,66 Gb Total Space | 83,29 Gb Free Space | 85,29% Space Free | Partition Type: NTFS Drive E: | 116,32 Gb Total Space | 116,06 Gb Free Space | 99,78% Space Free | Partition Type: NTFS Drive H: | 663,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 1862,56 Gb Total Space | 1306,11 Gb Free Space | 70,12% Space Free | Partition Type: FAT32 Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.08.05 12:00:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Wayne\Downloads\OTL.exe PRC - [2012.07.03 17:28:24 | 000,400,344 | ---- | M] (Mozilla Messaging) -- C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe PRC - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.07.03 13:46:44 | 000,462,920 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.05.30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe PRC - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.02.24 03:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe PRC - [2012.02.23 12:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe PRC - [2012.02.15 10:32:12 | 000,055,144 | ---- | M] (Apple Inc.) -- C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\SyncServer.exe PRC - [2011.08.14 15:38:42 | 000,400,040 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avcenter.exe PRC - [2011.08.14 15:38:42 | 000,269,480 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2011.04.21 07:52:36 | 000,281,768 | ---- | M] (Avira GmbH) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2010.10.22 02:00:00 | 002,105,344 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WLanGUI.exe PRC - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe PRC - [2009.01.26 16:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 16:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe PRC - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe ========== Modules (No Company Name) ========== MOD - [2012.07.03 17:28:26 | 001,952,728 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\mozjs.dll MOD - [2012.07.03 17:28:26 | 000,162,776 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAP32V60.dll MOD - [2012.07.03 17:28:26 | 000,021,976 | ---- | M] () -- C:\Program Files (x86)\Mozilla Thunderbird\NSLDAPPR32V60.dll MOD - [2011.06.24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2011.06.24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2010.01.28 13:59:50 | 000,355,688 | ---- | M] () -- C:\Program Files (x86)\Avira\AntiVir Desktop\sqlite3.dll MOD - [2007.09.02 13:58:52 | 000,495,616 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.exe MOD - [2007.09.02 13:57:36 | 000,069,632 | ---- | M] () -- C:\Program Files (x86)\RocketDock\RocketDock.dll ========== Win32 Services (SafeList) ========== SRV - [2012.07.03 13:46:44 | 000,655,944 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.06.18 23:44:01 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.16 21:11:42 | 000,216,080 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Programme\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe -- (NitroReaderDriverReadSpool2) SRV - [2012.03.01 02:02:00 | 002,348,352 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.02.29 13:26:46 | 000,382,272 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.08.14 15:38:42 | 000,269,480 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.21 07:52:51 | 000,136,360 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2010.10.22 02:00:00 | 000,376,832 | ---- | M] (AVM Berlin) [Auto | Running] -- C:\Program Files (x86)\avmwlanstick\WlanNetService.exe -- (AVM WLAN Connection Service) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AnyDVD.sys -- (AnyDVD) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.15 11:01:50 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011.08.14 15:38:42 | 000,123,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2011.08.14 15:38:42 | 000,088,288 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2011.04.28 21:18:04 | 000,053,080 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2a.sys -- (TASCAM_US144_MK2_WDM) DRV:64bit: - [2011.04.28 21:18:04 | 000,031,576 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tscusb2m.sys -- (TASCAM_US144_MK2_MIDI) DRV:64bit: - [2011.04.28 21:18:02 | 000,419,160 | ---- | M] (TASCAM) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\tascusb2.sys -- (TASCAM_US122144) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.17 00:58:14 | 000,040,816 | ---- | M] (Elaborate Bytes AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\ElbyCDIO.sys -- (ElbyCDIO) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.10.22 02:00:00 | 000,714,368 | ---- | M] (AVM GmbH) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\fwlanusbn.sys -- (fwlanusbn) DRV:64bit: - [2010.10.22 02:00:00 | 000,014,120 | ---- | M] (AVM Berlin) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\avmeject.sys -- (avmeject) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2009.03.01 23:05:32 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV - [2012.03.27 01:42:14 | 000,138,360 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysWOW64\drivers\AnyDVD.sys -- (AnyDVD) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4 IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 33 54 33 5C 05 64 CC 01 [binary data] IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nitropdf.com/NitroPDF: C:\Program Files (x86)\Nitro PDF\Reader 2\npnitromozilla.dll ( ) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 23:44:02 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 01:11:51 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.07.03 17:28:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 23:44:02 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.13 01:11:51 | 000,000,000 | ---D | M] [2011.08.14 14:48:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\mozilla\Extensions [2012.08.04 20:06:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions [2012.06.04 15:42:43 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.08.04 20:06:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\firefox@ghostery.com [2012.05.22 14:54:26 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Wayne\AppData\Roaming\mozilla\Firefox\Profiles\umlep2k5.default\extensions\ich@maltegoetz.de [2012.05.29 15:19:06 | 000,002,057 | ---- | M] () -- C:\Users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\umlep2k5.default\searchplugins\youtube-videosuche.xml [2012.01.10 03:32:53 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.03 18:13:01 | 000,339,888 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{19503E42-CA3C-4C27-B1E2-9CDB2170EE34}.XPI [2012.05.08 10:51:49 | 000,079,135 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{1A2D0EC4-75F5-4C91-89C4-3656F6E44B68}.XPI [2011.10.30 21:14:42 | 000,434,392 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{D4DD63FA-01E4-46A7-B6B1-EDAB7D6AD389}.XPI [2012.02.17 18:30:38 | 000,709,293 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\{DDC359D1-844A-42A7-9AA1-88A850A938A8}.XPI [2012.07.10 00:25:13 | 000,550,833 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\DIVXWEBPLAYER@DIVX.COM.XPI [2012.03.14 13:56:43 | 000,029,003 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\GROOVESHARKUNLOCKER@OVERLORD1337.XPI [2011.08.23 17:36:10 | 000,242,939 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\ILLIMITUX@ILLIMITUX.NET.XPI [2011.10.22 22:44:58 | 000,007,605 | ---- | M] () (No name found) -- C:\USERS\WAYNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\UMLEP2K5.DEFAULT\EXTENSIONS\SHOW-FILE-SIZE-2@KASHIIF-GMAIL.COM.XPI [2012.06.18 23:44:02 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.03.12 12:12:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.12 12:12:57 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.03.12 12:12:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.03.12 12:12:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.12 12:12:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.12 12:12:57 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.09 17:00:58 | 000,002,168 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 adobeereg.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 3dns.adobe.com O1 - Hosts: 127.0.0.1 3dns-1.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-1.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-4.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-5.adobe.com O1 - Hosts: 127.0.0.1 activate.wip.adobe.com O1 - Hosts: 127.0.0.1 activate.wip1.adobe.com O1 - Hosts: 127.0.0.1 activate.wip2.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate.wip4.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.newoa O1 - Hosts: 127.0.0.1 practivate.adobe.ntp O1 - Hosts: 127.0.0.1 practivate.adobe.ipp O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip.adobe.com O1 - Hosts: 20 more lines... O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.) O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [AVMWlanClient] C:\Program Files (x86)\avmwlanstick\wlangui.exe (AVM Berlin) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKCU..\Run: [AnyDVD] C:\Program Files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O4 - HKCU..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe () O4 - HKCU..\Run: [RocketDock] C:\Program Files (x86)\RocketDock\RocketDock.exe () O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited) O4 - HKCU..\Run: [suyqy.exe] C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe () O4 - HKCU..\Run: [Upgrade] C:\Users\Wayne\AppData\Roaming\Dropbox\{4F994184-2CEF-456C-90EA-16CEB6FC74BF}\Upgrade.exe File not found O4 - HKCU..\Run: [Validator] C:\Users\Wayne\AppData\Roaming\TeamViewer\{4EA3080A-24B1-442F-98D9-7808253D415A}\Validator.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Wayne\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Logitech Touch Mouse Server.lnk = C:\Program Files (x86)\Logitech Touch Mouse Server\iTouch-Server-Win.exe (Logitech, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B8F53F93-6CDF-401B-A258-FD83C1390687}: DhcpNameServer = 192.168.178.1 O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2000.01.18 01:28:36 | 000,028,672 | R--- | M] (Dipl.-Ing. Stefan Krueger <skrueger@installsite.org>) - H:\AUTORUN.EXE -- [ CDFS ] O32 - AutoRun File - [2000.07.18 00:32:26 | 000,000,143 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2000.07.19 00:00:46 | 000,001,045 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ] O32 - Unable to obtain root file information for disk K:\ O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] () O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = H:\Setup\Directx7\dxsetup.exe -- [1999.09.08 16:56:36 | 000,322,320 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = I:\autorun.exe O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = I:\Setup\Directx\dxsetup.exe O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = J:\autorun.exe O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell\dinstall\command - "" = J:\Setup\Directx\dxsetup.exe O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell - "" = AutoRun O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell\AutoRun\command - "" = G:\pushinst.exe O33 - MountPoints2\H\Shell - "" = AutoRun O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] () O33 - MountPoints2\H\Shell\dinstall\command - "" = H:\Setup\Directx7\dxsetup.exe -- [1999.09.08 16:56:36 | 000,322,320 | R--- | M] (Microsoft Corporation) O33 - MountPoints2\I\Shell - "" = AutoRun O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe O33 - MountPoints2\I\Shell\dinstall\command - "" = I:\Setup\directx7\dxsetup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.05 11:57:41 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Desktop\Trojboard [2012.08.05 10:01:59 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Malwarebytes [2012.08.05 10:01:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.05 10:01:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.05 10:01:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.05 10:01:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.08.05 02:33:48 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\ICQ [2012.08.05 02:28:07 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Skype [2012.08.05 02:27:27 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Windows Desktop Search [2012.08.05 02:25:33 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Opera [2012.08.05 02:25:29 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Google Inc [2012.08.04 20:07:39 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\PMB Files [2012.08.04 19:42:14 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.08.02 16:21:02 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Local\Audible [2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Wayne\Documents\Audible [2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\Audible [2012.08.02 16:20:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Audible [2012.07.09 17:13:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Star Trek Armada II [2012.07.09 17:12:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Activision [2012.07.09 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Ondeyz [2012.07.09 16:28:50 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Awasx [2012.07.09 15:50:56 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Help [2012.07.09 15:46:12 | 000,000,000 | ---D | C] -- C:\Users\Wayne\AppData\Roaming\Sun [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.08.05 12:01:52 | 000,000,000 | ---- | M] () -- C:\Users\Wayne\defogger_reenable [2012.08.05 10:01:44 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.05 09:42:52 | 000,007,612 | ---- | M] () -- C:\Users\Wayne\AppData\Local\Resmon.ResmonCfg [2012.08.04 20:16:11 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 20:16:11 | 000,014,624 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.04 20:13:21 | 002,281,910 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.04 20:13:21 | 001,115,618 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.04 20:13:21 | 000,640,590 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.04 20:13:21 | 000,563,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.04 20:13:21 | 000,006,256 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.04 20:07:43 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib [2012.08.04 20:07:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.04 20:07:08 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2012.08.04 19:45:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad [2012.07.11 23:08:08 | 000,293,568 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.09 17:13:17 | 000,000,935 | ---- | M] () -- C:\Windows\STA2.ini [2012.07.09 17:00:58 | 000,002,168 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts [2012.07.09 17:00:58 | 000,002,167 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts.umbrella [1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.08.05 12:01:52 | 000,000,000 | ---- | C] () -- C:\Users\Wayne\defogger_reenable [2012.08.05 10:01:44 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.03 18:02:30 | 004,503,728 | ---- | C] () -- C:\ProgramData\ras_0oed.pad [2012.07.09 17:11:53 | 000,000,935 | ---- | C] () -- C:\Windows\STA2.ini [2012.05.11 07:31:33 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.05.11 00:26:40 | 000,032,256 | ---- | C] () -- C:\Windows\SysWow64\AVSredirect.dll [2012.05.11 00:16:53 | 000,107,520 | RHS- | C] () -- C:\Windows\SysWow64\TAKDSDecoder.dll [2012.04.06 00:43:55 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\CmdLineExt03.dll [2012.03.13 13:00:49 | 000,001,021 | ---- | C] () -- C:\Windows\EFXP.ini [2012.02.29 13:26:56 | 000,416,064 | ---- | C] () -- C:\Windows\SysWow64\nvStreaming.exe [2012.01.15 22:32:44 | 000,001,012 | ---- | C] () -- C:\Windows\ef.ini [2011.08.21 00:40:39 | 000,028,323 | ---- | C] () -- C:\Users\Wayne\helden.zip.hld.ok [2011.08.21 00:40:23 | 000,028,323 | ---- | C] () -- C:\Users\Wayne\helden.zip.hld [2011.08.21 00:27:32 | 000,003,508 | ---- | C] () -- C:\Users\Wayne\.heldEinstellungen4_1.xml [2011.08.21 00:27:31 | 000,000,221 | ---- | C] () -- C:\Users\Wayne\.dsa4.properties [2011.08.20 11:42:58 | 000,007,612 | ---- | C] () -- C:\Users\Wayne\AppData\Local\Resmon.ResmonCfg [2011.08.14 15:54:43 | 000,000,600 | ---- | C] () -- C:\Users\Wayne\AppData\Roaming\winscp.rnd [2011.08.14 15:17:17 | 001,590,298 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2011.09.05 21:19:59 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\AnvSoft [2012.07.03 18:46:17 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Audacity [2012.07.09 16:28:50 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Awasx [2011.10.31 22:24:23 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\BayWotch4 [2011.11.21 16:37:43 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\calibre [2012.06.10 13:28:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Downloaded Installations [2012.08.05 02:32:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Dropbox [2012.08.05 02:24:04 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Enyt [2012.06.10 13:29:06 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\FileOpen [2012.05.13 21:02:22 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\HandBrake [2012.08.05 02:33:48 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\ICQ [2012.05.05 20:49:01 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Kuyle [2011.09.13 11:07:53 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\LolClient [2012.06.13 03:01:45 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Nitro PDF [2012.08.04 20:36:52 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Ondeyz [2011.09.12 17:48:58 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\OpenOffice.org [2012.08.05 02:34:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Opera [2012.06.04 20:53:40 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\redsn0w [2011.08.14 23:50:31 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Sinvise Systems [2012.08.05 02:30:46 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\TeamViewer [2011.08.20 00:27:59 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Thunderbird [2011.08.15 00:05:37 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\VidCoder [2012.08.05 02:27:27 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\Windows Desktop Search [2012.05.29 18:10:20 | 000,000,000 | ---D | M] -- C:\Users\Wayne\AppData\Roaming\xm1 [2012.05.15 19:00:52 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 05.08.2012 12:04:04 - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Wayne\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 1,78 Gb Available Physical Memory | 44,58% Memory free
8,00 Gb Paging File | 5,67 Gb Available in Paging File | 70,96% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 171,95 Gb Total Space | 21,41 Gb Free Space | 12,45% Space Free | Partition Type: NTFS
Drive D: | 97,66 Gb Total Space | 83,29 Gb Free Space | 85,29% Space Free | Partition Type: NTFS
Drive E: | 116,32 Gb Total Space | 116,06 Gb Free Space | 99,78% Space Free | Partition Type: NTFS
Drive H: | 663,36 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1862,56 Gb Total Space | 1306,11 Gb Free Space | 70,12% Space Free | Partition Type: FAT32
Computer Name: WAYNE-PC | User Name: Wayne | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{03924DB3-BE2B-4C50-A6D0-8909FC914724}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{0F6130C0-CA9F-4E05-95D0-879E46CF6A88}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{1E711B3C-FF22-42B6-BDFE-8DAF86EEDCA5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{277C06FF-9B3A-4BE4-BA06-6BC3408CA7CD}" = lport=2869 | protocol=6 | dir=in | app=system |
"{31D13655-226A-4352-93D5-B3BDD0486E56}" = lport=138 | protocol=17 | dir=in | app=system |
"{34A9AAA9-98A5-455C-9CCA-523A8F056E9D}" = lport=137 | protocol=17 | dir=in | app=system |
"{39A108BC-3051-4B96-8F75-6B4EB3EC87DE}" = rport=139 | protocol=6 | dir=out | app=system |
"{3EAD1CC6-B21E-4422-BD14-40C421E1AB6A}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3FB5372C-290E-4980-879A-E2FF30ADBD2C}" = rport=137 | protocol=17 | dir=out | app=system |
"{4BD9C3B8-C4AF-46C9-BCAB-F2E3FE39907D}" = lport=139 | protocol=6 | dir=in | app=system |
"{502D834B-0CA8-44ED-B886-6297373BAF98}" = rport=10243 | protocol=6 | dir=out | app=system |
"{6D1AFB3C-0974-4A6E-AB49-8042980E8ACF}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework64\v4.0.30319\smsvchost.exe |
"{6D59BD40-F573-44E1-B376-A8ACB78BB58B}" = rport=445 | protocol=6 | dir=out | app=system |
"{76C4546C-C3C1-42E5-9B5B-ABC0CE2834C5}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{84524776-FAF6-43C8-9FC1-D175B1BD81E6}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8ABD2703-B883-4A30-921C-A48A7E0BC3D3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{C82F6377-0BE0-4873-94C5-56AE7450069E}" = lport=10243 | protocol=6 | dir=in | app=system |
"{D8903A83-E650-4B57-A3C2-072EF0BD4F0C}" = rport=138 | protocol=17 | dir=out | app=system |
"{DEEC9D52-6125-416F-9107-7F2E1F219428}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E3509AEE-B448-472D-904D-225E2EEA9E12}" = lport=445 | protocol=6 | dir=in | app=system |
"{E909C8B3-9568-4257-90A8-34211EEEC427}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{EEDE7031-62E0-4EDC-B0BF-9904F020AD6F}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{013DA4CE-EB19-4837-B247-D1AE8F5CC6D5}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{08DA6174-2043-4C6B-9AB2-EE881976D13B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{18DB1434-0515-4854-8FBE-B78904AA86F6}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{1AF3980A-0B43-45CA-9113-799F6A6D67EF}" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{1D86C787-3D7E-422A-B949-8E8462FBFEE8}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2542D6DC-EECB-4109-A791-2B6CBE04087B}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{26EBCD64-53AE-4EF3-BE48-686215B833C4}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{39EFEA42-C5E3-410E-83E4-DC0D89B98335}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{436AA665-6EEA-4BC5-BEE4-78E655E23327}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{477D8954-27B5-4047-B4E5-A102052A8358}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{4A3EB0A1-99C1-4D9E-AFE8-71B08DBACE0C}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4BCFA5E4-5240-400B-B202-27DB9FE7A811}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{52BCC33A-ED42-40C6-BA47-8966EBE1FAC9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{652305F3-D8AF-40D6-8237-ECF6BD7EEFBA}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{6844A0C1-D935-4D43-AD90-68A4FDE72089}" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe |
"{71215482-A0EE-4C23-A110-F2280B433131}" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe |
"{73CB25BC-8BBD-49CB-9BD0-C5A363B97302}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{8330F8C0-FEF7-4BF7-908E-A394FE9F2C3F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{89DFF3D6-B05A-4ECA-BE7A-3C9792624619}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8D929E3B-7390-48F5-85B3-265782C83FAA}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9CABEE11-7117-4691-90E5-D29069C32C04}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9CF7BF5B-E792-4D0E-A285-8628B41D4D98}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{9FF0DEBA-2FE6-4B45-A6F2-2DFCE6498AF9}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{A1F88EF1-9B3C-4745-A1EF-62CDE6C34F9A}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{A7347FE6-EA43-4EFB-920E-8D62C495241D}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe |
"{AE1FDE55-CBDC-435D-B43C-16E6D8B69C43}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{AE804350-58A8-4641-B74E-BB28859FEA7E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C21F5FD8-AAE9-4266-AA24-547AD88857B3}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{DD2CD438-8DDE-4455-9FD1-65C89A3C2EBD}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe |
"{E0697E7F-291A-4C4A-841B-0190F76847DA}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe |
"{EA98ECF9-3BCB-48F2-948A-E9E2BD3AE118}" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"{ECC4A08D-BA2A-477F-AFB1-21271F20D37E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F3C0CE6E-AAAC-4282-A32D-5753FB47496A}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe |
"{FDEBCF1E-07E6-48DF-B0B4-38A5E2759F70}" = protocol=6 | dir=out | app=system |
"TCP Query User{02B22C72-60DE-4F95-BD73-5408D388B4BE}C:\program files (x86)\iphone tunnel suite\bin\itunnel.exe" = protocol=6 | dir=in | app=c:\program files (x86)\iphone tunnel suite\bin\itunnel.exe |
"TCP Query User{07979D93-B6D2-4F64-B015-DD8E44E650C0}C:\users\wayne\downloads\tinyumbrella-5.00.09.exe" = protocol=6 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.00.09.exe |
"TCP Query User{0C3AE7F6-E4B3-4E8D-A439-D74B9FACC4D8}C:\users\wayne\downloads\tinyumbrella-5.10.14.exe" = protocol=6 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.10.14.exe |
"TCP Query User{2FF77C6E-2043-48DD-85C5-1159285BEB37}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{306A2DD5-E0DF-4FF4-A149-63045FB03B69}C:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe |
"TCP Query User{3ACD8B76-7992-4595-BDA2-7F4ADE5A279E}G:\star trek\ef2.exe" = protocol=6 | dir=in | app=g:\star trek\ef2.exe |
"TCP Query User{3FFEA1DD-CEF9-4358-B31B-66C27FA01F21}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{445856C9-A92B-48C2-860B-11C2447232BE}G:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=6 | dir=in | app=g:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe |
"TCP Query User{7902FCC6-3130-47E5-B6C7-59AE212569FB}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=6 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"TCP Query User{7AF18BC9-5E85-4763-A24D-E1B801EC2A00}C:\windows\syswow64\java.exe" = protocol=6 | dir=in | app=c:\windows\syswow64\java.exe |
"TCP Query User{7D6153E6-8E66-4B5F-BBE2-47F2F40560C6}G:\star trek\ef2.exe" = protocol=6 | dir=in | app=g:\star trek\ef2.exe |
"TCP Query User{A6A5BF22-515F-4C87-A378-DCF1723F20F2}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe |
"TCP Query User{B83D011B-26DA-4908-AB56-2D35F887CD4E}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{C845B1D3-04BD-489E-9DD6-F7C743B6B506}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"TCP Query User{D2819A6D-3181-47E4-8EBE-730E32C086CE}C:\program files\java\jre7\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"TCP Query User{D768614D-A45B-4155-A53F-7D3E31BBCE85}C:\program files (x86)\calibre2\calibre.exe" = protocol=6 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"TCP Query User{E231EFAD-4394-44C5-893E-B4F23AEB8DF9}C:\users\wayne\appdata\roaming\enyt\yrit.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\enyt\yrit.exe |
"TCP Query User{F5C65411-3F4A-4103-81F9-DC5730DBCB15}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=6 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"TCP Query User{FE562A85-FFAC-4531-A5FF-C18C145A621C}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=6 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe |
"UDP Query User{041321AB-93D8-4FCE-B6CA-59AE2EC8B8DF}G:\star trek\ef2.exe" = protocol=17 | dir=in | app=g:\star trek\ef2.exe |
"UDP Query User{1047F785-C2B5-46C0-847B-616C68029D02}C:\program files (x86)\calibre2\calibre.exe" = protocol=17 | dir=in | app=c:\program files (x86)\calibre2\calibre.exe |
"UDP Query User{1CB1797E-3801-4B71-800E-BAC2D6F418B0}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{1E0436BA-F3ED-4EA3-B93E-C1532ACB8CD3}G:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe" = protocol=17 | dir=in | app=g:\dateien von pcalt\ipod\jailbreak\redsn0w_win_0.9.10b1\redsn0w.exe |
"UDP Query User{2D760379-2F3C-4A60-8321-90907BBFFCBF}C:\program files (x86)\logitech touch mouse server\itouch-server-win.exe" = protocol=17 | dir=in | app=c:\program files (x86)\logitech touch mouse server\itouch-server-win.exe |
"UDP Query User{33D37265-917A-4D36-A77A-F0A469AC8513}C:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{52132288-F903-45B1-B491-B5DCCC954C04}C:\program files\java\jre7\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files\java\jre7\bin\javaw.exe |
"UDP Query User{6674BA8C-6534-4411-99EF-3B7206D2E1E8}C:\users\wayne\appdata\roaming\enyt\yrit.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\enyt\yrit.exe |
"UDP Query User{80D0AC82-6A2A-4E7A-88D8-11A71EE1EFF9}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{ABE288F2-1907-4B9F-835A-8247FA7B1945}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{B17E4CEA-F4BE-44E5-B433-55C612BD234A}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe |
"UDP Query User{B209463F-0E23-4AC8-995E-5747844D7BF5}G:\star trek\ef2.exe" = protocol=17 | dir=in | app=g:\star trek\ef2.exe |
"UDP Query User{BB4589D9-D88F-4ECB-B5AA-40421CCEA8F5}C:\program files (x86)\iphone tunnel suite\bin\itunnel.exe" = protocol=17 | dir=in | app=c:\program files (x86)\iphone tunnel suite\bin\itunnel.exe |
"UDP Query User{C0FF9E6C-02C3-44C4-B808-F5BC39B6AB6A}C:\users\wayne\appdata\roaming\awasx\suyqy.exe" = protocol=17 | dir=in | app=c:\users\wayne\appdata\roaming\awasx\suyqy.exe |
"UDP Query User{DECE5D81-B2EA-4215-AC8E-367375D42CB1}C:\users\wayne\downloads\tinyumbrella-5.00.09.exe" = protocol=17 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.00.09.exe |
"UDP Query User{E2B09821-487B-4725-B6CF-0EA93E6F5BDF}C:\program files (x86)\air mouse\air mouse\air mouse.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\air mouse.exe |
"UDP Query User{E474CA5C-4A36-48FB-AC19-126C9162A07E}C:\windows\syswow64\java.exe" = protocol=17 | dir=in | app=c:\windows\syswow64\java.exe |
"UDP Query User{E6A6FDFC-D22D-4A48-AAEF-0A1B11BC691D}C:\program files (x86)\air mouse\air mouse\mobile mouse service.exe" = protocol=17 | dir=in | app=c:\program files (x86)\air mouse\air mouse\mobile mouse service.exe |
"UDP Query User{FB39A14A-573C-458F-8191-5043C609F0DC}C:\users\wayne\downloads\tinyumbrella-5.10.14.exe" = protocol=17 | dir=in | app=c:\users\wayne\downloads\tinyumbrella-5.10.14.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{26A24AE4-039D-4CA4-87B4-2F86417000FF}" = Java(TM) 7 (64-bit)
"{373934DC-C16C-4CB5-83E2-1E5498CF99EC}" = Shutdown Timer
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6A76BEAF-6D1F-4273-A79B-DA8410A2E56B}" = Apple Mobile Device Support
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{840A3BAA-4C68-4581-9C7A-6F8D6CF531B9}" = iTunes
"{8B485965-8EFE-464A-842F-CF8F18C3DFD7}" = iCloud
"{8E34682C-8118-31F1-BC4C-98CD9675E1C2}" = Microsoft .NET Framework 4 Extended
"{A69B08B1-51B4-46CD-82D2-81232BD51F4A}" = Nitro Reader 2
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 296.10
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0213
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.7.11
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D34C07CA-DCF0-4A5C-A4DD-55522B17F4F2}" = WBFS Manager 4.0
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"CCleaner" = CCleaner
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"USB_AUDIO_DEusb-audio.deTascam" = US-122 MKII / US-144 MKII
"WinRAR archiver" = WinRAR 4.01 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B6A9773-F8F8-4D3F-BCF0-029D2B87DB8A}" = Deus Ex - Invisible War
"{0E64B098-8018-4256-BA23-C316A43AD9B0}" = QuickTime
"{122ADF8C-DDA1-480C-9936-C88F2825B265}" = Apple Application Support
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2133CB3F-F891-4081-8681-FEE2B2419FF4}" = Orb Runtime libraries
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{26A24AE4-039D-4CA4-87B4-2F83217000FF}" = Java(TM) 7 Update 1
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7D59CEDD-C68B-4506-A7E2-E4D13FC5373B}" = calibre
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{99367836-0A29-4EC8-88DB-CA774E5F93BA}_is1" = iPhone Tunnel Suite v3.0
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9FCA0420-CB8D-4D05-B5B0-905063930DE4}" = Mobile Mouse Server
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7DF423F-02E6-40d1-936B-BAF28C884C00}_is1" = 4Videosoft Video Converter Platinum 5.0.12
"{B93DCF58-AA57-41EC-8D69-B05C66C6312D}_is1" = SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51
"{C779648B-410E-4BBA-B75B-5815BCEFE71D}" = Safari
"{DA909E62-3B45-4BA1-8B58-FCAEBA4BCEC9}" = NVIDIA PhysX
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Any Video Converter_is1" = Any Video Converter 3.2.7
"AnyDVD" = AnyDVD
"Audacity_is1" = Audacity 2.0
"Audiograbber" = Audiograbber 1.83 SE
"Audiograbber-Lame" = Audiograbber MP3-Plugin (64 bit)
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"AVMWLANCLI" = AVM FRITZ!WLAN
"baywotch4_is1" = BayWotch v4.2.13
"CloneDVD2" = CloneDVD2
"conduitEngine" = Conduit Engine
"Diablo II" = Diablo II
"Elite Force" = Elite Force
"Free M4a to MP3 Converter_is1" = Free M4a to MP3 Converter 7.0
"Guitar Pro 5_is1" = Guitar Pro 5.2
"HandBrake" = HandBrake 0.9.6
"Homeworld2" = Homeworld2
"LAME_is1" = LAME v3.99.3 (for Windows)
"Logitech Touch Mouse Server" = Logitech Touch Mouse Server 1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"MiKTeX 2.9" = MiKTeX 2.9
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"Mozilla Thunderbird 12.0.1 (x86 de)" = Mozilla Thunderbird 12.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIA StereoUSB Driver" = NVIDIA 3D Vision Controller Driver
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"RocketDock_is1" = RocketDock 1.3.5
"SFT_de3 Toolbar" = SFT_de3 Toolbar
"Star Trek Armada II" = Star Trek Armada II
"Texmaker" = Texmaker
"TeXnicCenter_is1" = TeXnicCenter Version 1.0 Stable RC1
"VidCoder_is1" = VidCoder 1.0.0 (x86)
"VirtualCloneDrive" = VirtualCloneDrive
"VLC media player" = VLC media player 1.1.11
"winscp3_is1" = WinSCP 4.3.4
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 04.08.2012 13:52:09 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 13:52:09 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 04.08.2012 14:07:16 | Computer Name = Wayne-PC | Source = Avira AntiVir | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 04.08.2012 14:07:16 | Computer Name = Wayne-PC | Source = Avira AntiVir | ID = 4117
Description = Die Lizenzdatei enthält keine gültige Lizenz. Der Dienst wird beendet!
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3012
Description = Die Zeichenfolgen der Leistungsindikatoren in der Leistungsindikatorenregistrierung
werden beschädigt wenn der Prozess "Performance" auf dem Erweiterungsleistungsindikator-Anbieter
ausgeführt wird. Der Wert "BaseIndex" aus der Leistungsregistrierung ist das erste
DWORD im Datenbereich, der Wert "LastCounter" ist das zweite DWORD im Datenbereich
und der Werte "LastHelp" ist das dritte DWORD im Datenbereich.
Error - 04.08.2012 14:13:18 | Computer Name = Wayne-PC | Source = Microsoft-Windows-LoadPerf | ID = 3011
Description = Fehler beim Herunterladen der Zeichenfolgen der Leistungsindikatoren
für Dienst "WmiApRpl" (WmiApRpl). Der Fehlercode ist das erste DWORD im Datenbereich.
Error - 04.08.2012 18:28:45 | Computer Name = Wayne-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\spybot - search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der
Wert "*" des "language"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 05.08.2012 03:44:01 | Computer Name = Wayne-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: iTunes.exe, Version: 10.6.3.25, Zeitstempel:
0x4fd16377 Name des fehlerhaften Moduls: CoreFoundation.dll, Version: 1.630.16.0,
Zeitstempel: 0x4f3a0c6f Ausnahmecode: 0xc0000005 Fehleroffset: 0x000582d7 ID des fehlerhaften
Prozesses: 0x1580 Startzeit der fehlerhaften Anwendung: 0x01cd726c9039f0ed Pfad der
fehlerhaften Anwendung: C:\Program Files (x86)\iTunes\iTunes.exe Pfad des fehlerhaften
Moduls: C:\Program Files (x86)\Common Files\Apple\Apple Application Support\CoreFoundation.dll
Berichtskennung:
52429a4a-ded1-11e1-943d-001c4afe2da6
Error - 05.08.2012 04:06:30 | Computer Name = Wayne-PC | Source = Application Hang | ID = 1002
Description = Programm mbam.exe, Version 1.62.0.87 kann nicht mehr unter Windows
ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung,
um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: 17fc Startzeit:
01cd72e09a4e40f2 Endzeit: 15 Anwendungspfad: C:\Program Files (x86)\Malwarebytes'
Anti-Malware\mbam.exe Berichts-ID: 6e0987b8-ded4-11e1-943d-001c4afe2da6
[ System Events ]
Error - 04.08.2012 13:35:52 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "\Device\HarddiskVolume2" den Befehl "chkdsk" aus.
Error - 04.08.2012 13:35:56 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 04.08.2012 13:35:57 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 04.08.2012 13:35:57 | Computer Name = Wayne-PC | Source = Ntfs | ID = 262199
Description = Die Dateisystemstruktur auf dem Datenträger ist beschädigt und unbrauchbar.
Führen
Sie auf dem Volume "C:" den Befehl "chkdsk" aus.
Error - 04.08.2012 13:43:18 | Computer Name = Wayne-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?04.?08.?2012 um 19:38:40 unerwartet heruntergefahren.
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 04.08.2012 14:04:09 | Computer Name = Wayne-PC | Source = VDS Basic Provider | ID = 33554433
Description =
Error - 04.08.2012 14:10:42 | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
Error - 05.08.2012 03:41:08 | Computer Name = Wayne-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
von Dienst AntiVirSchedulerService erreicht.
< End of report >
|
|
05.08.2012, 12:15
| #2 |
| /// Helfer-Team  | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Fixen mit OTL Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).
Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddrnw&s={searchTerms}&f=4
IE - HKLM\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\..\URLSearchHook: {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = http://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT3031778
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
FF - prefs.js..browser.search.useDBForOrder: true
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_257.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_257.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O2 - BHO: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files (x86)\ConduitEngine\prxConduitEngin.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (SFT_de3 Toolbar) - {ff88a983-649d-4207-9336-9b999280b436} - C:\Program Files (x86)\SFT_de3\prxtbSFT0.dll (Conduit Ltd.)
O4 - HKCU..\Run: [Pando Media Booster] C:\Program Files (x86)\Pando Networks\Media Booster\PMB.exe ()
O4 - HKCU..\Run: [suyqy.exe] C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe ()
O4 - HKCU..\Run: [Upgrade] C:\Users\Wayne\AppData\Roaming\Dropbox\{4F994184-2CEF-456C-90EA-16CEB6FC74BF}\Upgrade.exe File not found
O4 - HKCU..\Run: [Validator] C:\Users\Wayne\AppData\Roaming\TeamViewer\{4EA3080A-24B1-442F-98D9-7808253D415A}\Validator.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 10.0.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Java Plug-in 1.7.0)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2000.07.18 00:32:26 | 000,000,143 | R--- | M] () - H:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000.07.19 00:00:46 | 000,001,045 | R--- | M] () - H:\AUTORUN.INI -- [ CDFS ]
O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4be-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] ()
O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4cf-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = I:\autorun.exe
O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell - "" = AutoRun
O33 - MountPoints2\{6a8bd4d0-3fb6-11e1-9822-001c4afe2da6}\Shell\AutoRun\command - "" = J:\autorun.exe
O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell - "" = AutoRun
O33 - MountPoints2\{7e37dd61-c66d-11e0-b9f3-001fd0ddc09a}\Shell\AutoRun\command - "" = G:\pushinst.exe
O33 - MountPoints2\H\Shell - "" = AutoRun
O33 - MountPoints2\H\Shell\AutoRun\command - "" = H:\Setup.exe -- [1999.06.28 00:35:30 | 000,008,928 | R--- | M] ()
O33 - MountPoints2\I\Shell - "" = AutoRun
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\Setup.exe
[1 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ]
[2012.08.04 19:45:49 | 004,503,728 | ---- | M] () -- C:\ProgramData\ras_0oed.pad
:Files
C:\Users\Wayne\AppData\Roaming\Awasx\
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[emptyflash]
Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________ |
|
05.08.2012, 12:32
| #3 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Herzlichen Dank,
__________________Ich habe das genauso gemacht. Es gab eine Fehlermeldung, dass in Laufwerk H kein Datenträger ist. Habe auf weiter geklickt. Dann ging es auch weiter, reboot gemacht, wie verlangt von OTL. Jetzt nach dem reboot mukiert sich Antivir, dass es einen Virus gefunden haben will. (TR/Spy.Gen8) Log von OTL ist im Anhang. Lg Ray |
|
05.08.2012, 12:34
| #4 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Sehr gut!  Wie laeuft der Rechner? 1. Schritt Bitte einen Vollscan mit Malwarebytes Anti-Malware machen und Log posten.danach: 2. Schritt Downloade Dir bitte AdwCleaner auf deinen Desktop.
|
|
05.08.2012, 14:01
| #5 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Hi, Also der Rechner ist auf jeden Fall wieder schneller...:-) Nun aber: Also Malwarebytes hat es entfernt. Ich hänge beide Logfiles an. Lg Ray |
|
05.08.2012, 20:44
| #6 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Sehr gut!
danach: Malware-Scan mit Emsisoft Anti-Malware Lade die Gratisversion von => Emsisoft Anti-Malware herunter und installiere das Programm. Lade über Jetzt Updaten die aktuellen Signaturen herunter. Wähle den Freeware-Modus aus. Wähle Detail Scan und starte über den Button Scan die Überprüfung des Computers. Am Ende des Scans nichts loeschen lassen!. Mit Klick auf Bericht speichern das Logfile auf dem Desktop speichern und hier in den Thread posten. Anleitung: http://www.trojaner-board.de/103809-...i-malware.html
__________________ --> GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe |
|
06.08.2012, 19:32
| #7 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Ok habe alles, so gemacht. Hier die Dateien. Lg Ray |
|
07.08.2012, 14:01
| #8 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Sehr gut! Deinstalliere: Emsisoft Anti-Malware ESET Online Scanner Vorbereitung
|
|
08.08.2012, 09:58
| #9 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=25ad0714aeba4849825dbd96ce9c91dc # end=finished # remove_checked=true # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-08-07 11:57:17 # local_time=2012-08-08 01:57:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1797 16775165 100 94 265849 80901694 103450 0 # compatibility_mode=5893 16776573 100 94 207 95999681 0 0 # compatibility_mode=8192 67108863 100 0 86 86 0 0 # scanned=311903 # found=2 # cleaned=2 # scan_time=14006 C:\Users\Wayne\AppData\Roaming\Identities\{0C6D7EB9-BE29-49DA-AE4E-2EC905E9E2C5}\LicenseValidator.exe probably a variant of Win32/Agent.IMALNPM trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C G:\PSP\DCIM\IMG_1559.rar Archbomb.RAR trojan (cleaned by deleting - quarantined) 00000000000000000000000000000000 C Hat soweit alles gesklappt, wie in der Anleitung, danke lG Ray |
|
08.08.2012, 15:32
| #10 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Malware mit Combofix beseitigen Lade Combofix von einem der folgenden Download-Spiegel herunter: BleepingComputer.com - ForoSpyware.com und speichere das Programm auf den Desktop, nicht woanders hin, das ist wichtig! Beachte die ausführliche Original-Anleitung. Zurzeit ist Combofix auf folgenden Windows-Versionen lauffähig:
Vorbereitung und wichtige Hinweise
Combofix nicht auf eigene Faust einsetzen. Wenn keine entsprechende Infektion vorliegt, kann das den Rechner lahmlegen und/oder nachhaltig schädigen! |
|
14.08.2012, 11:08
| #11 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Hi t'john, bitte entschuldige, dass das so lange gedauert hat, aber nach dem scan ging meine Fritzboxsoftware nicht mehr und die letzten Tage musste ich ziemlich viel arbeiten, sodass ich nicht dazu gekommen bin, meinen PC nochmal anzu machen. Nun Aber die beiden gewünschten Dateien: Combofix Logfile: Code:
ATTFilter ComboFix 12-08-09.01 - Wayne 10.08.2012 16:01:00.1.3 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4094.2834 [GMT 2:00]
ausgeführt von:: c:\users\Wayne\Desktop\ComboFix.exe
AV: AntiVir Desktop *Disabled/Updated* {090F9C29-64CE-6C6F-379C-5901B49A85B7}
SP: AntiVir Desktop *Disabled/Updated* {B26E7DCD-42F4-63E1-0D2C-6273CF1DCF0A}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\INSTALL.LOG
c:\users\Wayne\AppData\Roaming\Help\coredb\storage
c:\windows\IsUn0407.exe
K:\Autorun.inf
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-10 bis 2012-08-10 ))))))))))))))))))))))))))))))
.
.
2012-08-10 09:39 . 2012-07-16 00:40 9133488 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{E01B5B74-D3FE-4DCD-959A-F7F135E7BB22}\mpengine.dll
2012-08-08 12:17 . 2012-08-08 12:17 -------- d-----w- c:\programdata\McAfee
2012-08-08 09:12 . 2012-08-08 09:12 -------- d-----w- c:\users\Wayne\AppData\Roaming\Nero
2012-08-08 09:04 . 2012-08-08 09:07 -------- d-----w- c:\program files (x86)\Common Files\Nero
2012-08-08 09:04 . 2012-08-08 09:12 -------- d-----w- c:\programdata\Nero
2012-08-07 20:24 . 2011-12-01 09:42 15920 ----a-w- c:\windows\system32\drivers\NBVolUp.sys
2012-08-07 20:24 . 2011-12-01 09:42 72240 ----a-w- c:\windows\system32\drivers\NBVol.sys
2012-08-07 20:24 . 2012-08-08 09:11 -------- d-----w- c:\program files (x86)\Nero
2012-08-07 20:24 . 2010-05-26 09:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-08-07 20:23 . 2009-09-04 15:29 1974616 ----a-w- c:\windows\SysWow64\D3DCompiler_42.dll
2012-08-07 20:23 . 2010-05-26 09:41 470880 ----a-w- c:\windows\SysWow64\d3dx10_43.dll
2012-08-07 20:23 . 2009-09-04 15:29 1892184 ----a-w- c:\windows\SysWow64\D3DX9_42.dll
2012-08-07 20:23 . 2010-05-26 09:41 1998168 ----a-w- c:\windows\SysWow64\D3DX9_43.dll
2012-08-07 20:22 . 2008-10-15 04:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-08-07 20:22 . 2010-05-26 09:41 1868128 ----a-w- c:\windows\SysWow64\d3dcsx_43.dll
2012-08-07 20:22 . 2007-07-19 16:14 3727720 ----a-w- c:\windows\SysWow64\d3dx9_35.dll
2012-08-07 20:21 . 2010-05-26 09:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-08-07 20:21 . 2007-05-16 14:45 3497832 ----a-w- c:\windows\SysWow64\d3dx9_34.dll
2012-08-06 13:29 . 2012-08-07 19:59 -------- d-----w- c:\program files (x86)\Emsisoft Anti-Malware
2012-08-05 11:22 . 2012-08-05 11:22 -------- d-----w- C:\_OTL
2012-08-05 08:01 . 2012-08-05 08:01 -------- d-----w- c:\users\Wayne\AppData\Roaming\Malwarebytes
2012-08-05 08:01 . 2012-08-05 08:01 -------- d-----w- c:\programdata\Malwarebytes
2012-08-05 08:01 . 2012-08-05 08:01 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-08-05 08:01 . 2012-07-03 11:46 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-08-05 00:33 . 2012-08-05 00:33 -------- d-----w- c:\users\Wayne\AppData\Roaming\ICQ
2012-08-05 00:28 . 2012-08-05 00:28 -------- d-----w- c:\users\Wayne\AppData\Roaming\Skype
2012-08-05 00:27 . 2012-08-05 00:27 -------- d-----w- c:\users\Wayne\AppData\Roaming\Windows Desktop Search
2012-08-05 00:25 . 2012-08-05 00:33 -------- d-----w- c:\users\Wayne\AppData\Roaming\Google Inc
2012-08-04 18:07 . 2012-08-04 18:27 -------- d-----w- c:\users\Wayne\AppData\Local\PMB Files
2012-08-04 17:42 . 2012-08-04 17:42 -------- d-----w- C:\found.001
2012-08-02 14:21 . 2012-08-02 14:24 -------- d-----w- c:\users\Wayne\AppData\Local\Audible
2012-08-02 14:20 . 2012-08-02 14:20 -------- d-----w- c:\program files (x86)\Audible
2012-07-11 20:05 . 2012-06-12 03:08 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-11 19:55 . 2012-06-06 06:05 495616 ----a-w- c:\program files\Common Files\System\ado\msadox.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-08-08 21:22 . 2012-04-05 10:31 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-08-08 21:22 . 2011-08-14 12:58 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-07-11 20:02 . 2011-08-17 21:26 59701280 ----a-w- c:\windows\system32\MRT.exe
2012-06-02 22:19 . 2012-06-25 11:02 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-25 11:02 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:19 . 2012-06-25 11:02 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-25 11:02 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-25 11:02 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:15 . 2012-06-25 11:02 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:15 . 2012-06-25 11:02 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-25 11:01 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:15 . 2012-06-25 11:01 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2011-08-16 21:17 279656 ------w- c:\windows\system32\MpSigStub.exe
2012-05-16 19:11 . 2012-06-10 11:28 29712 ----a-w- c:\windows\system32\nitrolocalmon2.dll
2012-05-16 19:11 . 2012-06-10 11:28 17936 ----a-w- c:\windows\system32\nitrolocalui2.dll
2006-05-03 10:06 163328 --sha-r- c:\windows\SysWOW64\flvDX.dll
2007-02-21 11:47 31232 --sha-r- c:\windows\SysWOW64\msfDX.dll
2008-03-16 13:30 216064 --sha-r- c:\windows\SysWOW64\nbDX.dll
2010-01-06 22:00 107520 --sha-r- c:\windows\SysWOW64\TAKDSDecoder.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 94208 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RocketDock"="c:\program files (x86)\RocketDock\RocketDock.exe" [2007-09-02 495616]
"iCloudServices"="c:\program files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"SpybotSD TeaTimer"="c:\program files (x86)\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVMWlanClient"="c:\program files (x86)\avmwlanstick\wlangui.exe" [2010-10-22 2105344]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2011-04-21 281768]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2011-05-04 252136]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-06-07 421776]
"Malwarebytes' Anti-Malware"="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-07-03 462920]
"NBAgent"="c:\program files (x86)\Nero\Nero 11\Nero BackItUp\NBAgent.exe" [2012-01-13 1493288]
.
c:\users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Wayne\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux2"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SBSDWSCService;SBSD Security Center Service;c:\program files (x86)\Spybot - Search & Destroy\SDWinSec.exe [2009-01-26 1153368]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-08 250056]
R3 avmeject;AVM Eject;c:\windows\system32\drivers\avmeject.sys [2010-10-22 14120]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-08-06 113120]
R3 TASCAM_US122144;TASCAM USB 2.0 Audio Device driver;c:\windows\system32\Drivers\tascusb2.sys [2011-04-28 419160]
R3 TASCAM_US144_MK2_MIDI;TASCAM US-144 mk2 WDM MIDI Device;c:\windows\system32\drivers\tscusb2m.sys [2011-04-28 31576]
R3 TASCAM_US144_MK2_WDM;TASCAM US-144 mk2 WDM;c:\windows\system32\drivers\tscusb2a.sys [2011-04-28 53080]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-02-15 52736]
S0 NBVol;Nero Backup Volume Filter Driver;c:\windows\system32\DRIVERS\NBVol.sys [2011-12-01 72240]
S0 NBVolUp;Nero Backup Volume Upper Filter Driver;c:\windows\system32\DRIVERS\NBVolUp.sys [2011-12-01 15920]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2011-04-21 136360]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-07-03 655944]
S2 NAUpdate;Nero Update;c:\program files (x86)\Nero\Update\NASvc.exe [2011-11-25 687400]
S2 NitroReaderDriverReadSpool2;NitroPDFReaderDriverCreatorReadSpool2;c:\program files\Common Files\Nitro PDF\Reader\2.0\NitroPDFReaderDriverService2x64.exe [2012-05-16 216080]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe [2012-03-01 2348352]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-02-29 382272]
S3 fwlanusbn;FRITZ!WLAN N;c:\windows\system32\DRIVERS\fwlanusbn.sys [2010-10-22 714368]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-07-03 24904]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-05 21:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2011-02-18 05:12 97792 ----a-w- c:\users\Wayne\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = about:blank
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
DPF: {CAFEEFAC-0017-0000-0000-ABCDEFFEDCBA}
FF - ProfilePath - c:\users\Wayne\AppData\Roaming\Mozilla\Firefox\Profiles\umlep2k5.default\
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-AnyDVD - c:\program files (x86)\SlySoft\AnyDVD\AnyDVDtray.exe
Wow6432Node-HKCU-Run-Pando Media Booster - c:\program files (x86)\Pando Networks\Media Booster\PMB.exe
AddRemove-5513-1208-7298-9440 - g:\download\JDownloader\JDUninstall.exe
AddRemove-AnyDVD - c:\program files (x86)\SlySoft\AnyDVD\AnyDVD-uninst.exe
AddRemove-Elite Force - c:\windows\IsUn0407.exe
AddRemove-Star Trek Armada II - c:\windows\IsUn0407.exe
AddRemove-Star Trek Voyager Elite Force - c:\windows\IsUn0407.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_270_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_270.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files (x86)\avmwlanstick\WlanNetService.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-08-10 16:12:19 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-08-10 14:12
.
Vor Suchlauf: 8 Verzeichnis(se), 20.459.274.240 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 22.142.156.800 Bytes frei
.
- - End Of File - - BBFAEE4562449CC854A100D985DFA178
4Videosoft Video Converter Platinum 5.0.12 Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.0) - Deutsch Any Video Converter 3.2.7 AnyDVD Apple Application Support Apple Software Update Audacity 2.0 Audiograbber 1.83 SE Audiograbber MP3-Plugin (64 bit) Avira AntiVir Personal - Free Antivirus AVM FRITZ!WLAN BayWotch v4.2.13 calibre Deus Ex - Invisible War Diablo II Dropbox Elite Force Free M4a to MP3 Converter 7.0 Guitar Pro 5.2 HandBrake 0.9.6 High-Definition Video Playback Homeworld2 iPhone Tunnel Suite v3.0 Java Auto Updater Java(TM) 6 Update 22 Java(TM) 7 Update 1 JDownloader 0.9 LAME v3.99.3 (for Windows) Malwarebytes Anti-Malware Version 1.62.0.1300 Microsoft Silverlight Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 MiKTeX 2.9 Mobile Mouse Server Mozilla Firefox 14.0.1 (x86 de) Mozilla Maintenance Service Mozilla Thunderbird 12.0.1 (x86 de) MSXML 4.0 SP2 (KB954430) MSXML 4.0 SP2 (KB973688) Nero 11 Nero 11 Disc Menus Basic Nero 11 Effects Basic Nero 11 Image Samples Nero 11 Kwik Themes Basic Nero 11 PiP Effects Basic Nero Audio Pack 1 Nero BackItUp 11 Nero BackItUp 11 Help (CHM) Nero Burning ROM 11 Nero Burning ROM 11 Help (CHM) Nero ControlCenter 11 Nero ControlCenter 11 Help (CHM) Nero Core Components 11 Nero CoverDesigner 11 Nero CoverDesigner 11 Help (CHM) Nero Express 11 Nero Express 11 Help (CHM) Nero Kwik Media Nero Kwik Media Help (CHM) Nero Recode 11 Nero Recode 11 Help (CHM) Nero RescueAgent 11 Nero RescueAgent 11 Help (CHM) Nero SharedVideoCodecs Nero SoundTrax 11 Nero SoundTrax 11 Help (CHM) Nero Update Nero Video 11 Nero Video 11 Help (CHM) Nero WaveEditor 11 Nero WaveEditor 11 Help (CHM) nero.prerequisites.msi NVIDIA 3D Vision Controller Driver NVIDIA PhysX NVIDIA Stereoscopic 3D Driver OpenOffice.org 3.3 Orb Runtime libraries Pando Media Booster QuickTime RocketDock 1.3.5 Safari Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Extended (KB2416472) Security Update for Microsoft .NET Framework 4 Extended (KB2487367) Security Update for Microsoft .NET Framework 4 Extended (KB2656351) Spybot - Search & Destroy Star Trek Armada II SUPER © v2012.build.51 (April 7, 2012) Version v2012.build.51 Texmaker TeXnicCenter Version 1.0 Stable RC1 Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2473228) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Update for Microsoft .NET Framework 4 Extended (KB2468871) Update for Microsoft .NET Framework 4 Extended (KB2533523) Update for Microsoft .NET Framework 4 Extended (KB2600217) VidCoder 1.0.0 (x86) VirtualCloneDrive VLC media player 1.1.11 Welcome App (Start-up experience) Windows Media Player Firefox Plugin WinSCP 4.3.4 LG Ray77 |
|
14.08.2012, 11:41
| #12 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck |
|
14.08.2012, 14:45
| #13 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Ich habe die 64-Bit-Version auch installiert, weil in der Systemsteuerung stand, dass sie letztes Jahr installiert wurde. Ist das wichtig bei einem 64-Bitsystem? Lg Ray PluginCheck Der PluginCheck hilft die größten Sicherheitslücken beim Surfen im Internet zu schliessen. Überprüft wird: Browser, Flash, Java und Adobe Reader Version. Firefox 14.0.1 ist aktuell Flash (11,3,300,270) ist aktuell. Java (1,7,0,5) ist aktuell. undefined |
|
14.08.2012, 15:11
| #14 |
| /// Helfer-Team | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Nein, es sei den du benutzt auch explizit den 64 Bit Browser. Sehr gut! damit bist Du sauber und entlassen!  Combofix deinstallieren Bitte vor der folgenden Aktion wieder temporär Antivirus-Programm, evtl. vorhandenes Skript-Blocking (Norton) und Anti-Malware Programme deaktivieren. Start => Ausführen => dort reinschreiben ComboFix /Uninstall => Enter drücken Damit wird Combofix komplett entfernt und der Cache der Systemwiederherstellung geleert, damit auch daraus die Schädlinge verschwinden. Es wird ein neuer Systemwiederherstellungspunkt erstellt. Gleichzeitig setzt Combofix die Zeiteinstellungen wieder auf die Ursprungseinstellungen, und setzt die Systemeinstellungen wieder so zurück, dass Dateierweiterungen und Systemdateien versteckt sind, was Du bei Bedarf im Explorer unter Extras => Ordneroptionen aber wieder ändern bzw. Deinen persönlichen Vorlieben entsprechend anpassen kannst. adwCleaner entfernen
Tool-Bereinigung mit OTL Wir werden nun die CleanUp!-Funktion von OTL nutzen, um die meisten Programme, die wir zur Bereinigung installiert haben, wieder von Deinem System zu löschen.
Zurücksetzen der Sicherheitszonen Lasse die Sicherheitszonen wieder zurücksetzen, da diese manipuliert wurden um den Browser für weitere Angriffe zu öffnen. Gehe dabei so vor: http://www.trojaner-board.de/111805-...ecksetzen.html Systemwiederherstellungen leeren Damit der Rechner nicht mit einer infizierten Systemwiederherstellung erneut infiziert werden kann, muessen wir diese leeren. Dazu schalten wir sie einmal aus und dann wieder ein: Systemwiederherstellung deaktivieren Tutorial fuer Windows XP, Windows Vista, Windows 7 Danach wieder aktivieren. Aufräumen mit CCleaner Lasse mit CCleaner (Download) (Anleitung) Fehler in der
Lektuere zum abarbeiten: http://www.trojaner-board.de/90880-d...tallation.html http://www.trojaner-board.de/105213-...tellungen.html PluginCheck http://www.trojaner-board.de/96344-a...-rechners.html Secunia Online Software Inspector http://www.trojaner-board.de/71715-k...iendungen.html http://www.trojaner-board.de/83238-a...sschalten.html PC wird immer langsamer - was tun? |
|
14.08.2012, 23:39
| #15 |
| | GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe Vielen lieben Dank, hat alles geklappt. Lg Ray |
|
| Themen zu GVU-Trojaner wohl beseitigt, Malwarebytes findet aber C:\Users\Wayne\AppData\Roaming\Awasx\suyqy.exe |
| 7-zip, antivir, any video converter, audiograbber, autorun, avira, bho, bonjour, conduit, converter, desktop, entfernen, error, fehler, firefox, flash player, google, home, install.exe, jdownloader, langs, logfile, mozilla, nvidia update, object, pando media booster, plug-in, prozess, realtek, registry, richtlinie, safer networking, security, software, stick, super, svchost.exe, system, tunnel |
Linear-Darstellung
