| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
07.08.2012, 15:29
| #1 |
| |  Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert Moin Moin, hab mir anscheinend den "Bundestrojaner gefangen". Der Scan mit Malewarebytes ergab folgendes: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Datenbank Version: v2012.08.07.04 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 JoH :: LENIGMA [Administrator] 07.08.2012 14:40:01 mbam-log-2012-08-07 (15-52-00).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 682392 Laufzeit: 1 Stunde(n), 9 Minute(n), 25 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 3 C:\Users\JoH\AppData\Local\Microsoft\Windows\1657\thawbrkr.exe (Spyware.Zeus) -> Keine Aktion durchgeführt. C:\Users\JoH\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\O60LTV3I\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Keine Aktion durchgeführt. C:\Users\JoH\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20\54892794-1029af54 (Spyware.Zeus) -> Keine Aktion durchgeführt. (Ende) OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2012 16:02:36 - Run 1 OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\JoH\Desktop 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,97 Gb Total Physical Memory | 3,17 Gb Available Physical Memory | 79,98% Memory free 7,93 Gb Paging File | 7,18 Gb Available in Paging File | 90,51% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 147,41 Gb Total Space | 82,31 Gb Free Space | 55,84% Space Free | Partition Type: NTFS Drive D: | 105,19 Gb Total Space | 1,04 Gb Free Space | 0,99% Space Free | Partition Type: NTFS Drive E: | 45,39 Gb Total Space | 22,26 Gb Free Space | 49,04% Space Free | Partition Type: NTFS Computer Name: LENIGMA | User Name: JoH | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\JoH\Desktop\OTL.exe (OldTimer Tools) PRC - C:\p\i\Opera\opera.exe (Opera Software) PRC - C:\p\i\Opera\pluginwrapper\opera_plugin_wrapper.exe (Opera Software) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () MOD - C:\p\i\Opera\gstreamer\gstreamer.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstoggdec.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstwebmdec.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstffmpegcolorspace.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstcoreplugins.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstaudioresample.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstaudioconvert.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstwavparse.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstdirectsound.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstdecodebin2.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstautodetect.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gstwaveform.dll () MOD - C:\p\i\Opera\gstreamer\plugins\gsttypefindfunctions.dll () ========== Win32 Services (SafeList) ========== SRV:64bit: - (NIApplicationWebServer64) -- C:\Program Files\National Instruments\Shared\NI WebServer\ApplicationWebServer.exe File not found SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Macromedia Licensing Service) -- C:\Program Files (x86)\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe () SRV - (BstHdLogRotatorSvc) -- C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe (BlueStack Systems, Inc.) SRV - (BstHdAndroidSvc) -- C:\Program Files (x86)\BlueStacks\HD-Service.exe (BlueStack Systems, Inc.) SRV - (AntiVirSchedulerService) -- C:\p\s\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\p\s\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (SkypeUpdate) -- C:\p\i\Skype\Updater\Updater.exe (Skype Technologies) SRV - (VMnetDHCP) -- C:\Windows\SysWOW64\vmnetdhcp.exe (VMware, Inc.) SRV - (VMware NAT Service) -- C:\Windows\SysWOW64\vmnat.exe (VMware, Inc.) SRV - (VMAuthdService) -- C:\p\s\VMWare\vmware-authd.exe (VMware, Inc.) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Flexera Software, Inc.) SRV - (SolidWorks Licensing Service) -- C:\Program Files (x86)\Common Files\SolidWorks Shared\Service\SolidWorksLicensing.exe (SolidWorks) SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Flexera Software, Inc.) SRV - (SbieSvc) -- C:\p\s\Sandboxie\SbieSvc.exe (SANDBOXIE L.T.D) SRV - (VMUSBArbService) -- C:\Program Files (x86)\Common Files\VMware\USB\vmware-usbarbitrator64.exe (VMware, Inc.) SRV - (CoordinatorServiceHost) -- C:\p\s\Solidworks\SolidWorks\swScheduler\DTSCoordinatorService.exe (Dassault Systèmes SolidWorks Corp.) SRV - (GiN_Flash_Enabler) -- C:\Windows\SysWOW64\GiNflSRV.exe (G.i.N. mbH) SRV - (CVPND) -- C:\p\i\VPN Client\cvpnd.exe (Cisco Systems, Inc.) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (pgsql-8.3) -- C:\p\s\PostgreSQL\8.3\bin\pg_ctl.exe (PostgreSQL Global Development Group) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (PSI_SVC_2) -- c:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\p\o\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira GmbH) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira GmbH) DRV:64bit: - (vmx86) -- C:\Windows\SysNative\drivers\vmx86.sys (VMware, Inc.) DRV:64bit: - (vmkbd) -- C:\Windows\SysNative\drivers\VMkbd.sys (VMware, Inc.) DRV:64bit: - (VMnetuserif) -- C:\Windows\SysNative\drivers\vmnetuserif.sys (VMware, Inc.) DRV:64bit: - (VMnetBridge) -- C:\Windows\SysNative\drivers\vmnetbridge.sys (VMware, Inc.) DRV:64bit: - (VMnetAdapter) -- C:\Windows\SysNative\drivers\vmnetadapter.sys (VMware, Inc.) DRV:64bit: - (dtsoftbus01) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira GmbH) DRV:64bit: - (hcmon) -- C:\Windows\SysNative\drivers\hcmon.sys (VMware, Inc.) DRV:64bit: - (vmusb) -- C:\Windows\SysNative\drivers\vmusb.sys (VMware, Inc.) DRV:64bit: - (vmci) -- C:\Windows\SysNative\drivers\vmci.sys (VMware, Inc.) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (usbser) -- C:\Windows\SysNative\drivers\usbser.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (WinDriver6) -- C:\Windows\SysNative\drivers\windrvr6.sys (Jungo) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (WmVirHid) -- C:\Windows\SysNative\drivers\WmVirHid.sys (Logitech Inc.) DRV:64bit: - (WmHidLo) -- C:\Windows\SysNative\drivers\WmHidLo.sys (Logitech Inc.) DRV:64bit: - (WmBEnum) -- C:\Windows\SysNative\drivers\WmBEnum.sys (Logitech Inc.) DRV:64bit: - (WmXlCore) -- C:\Windows\SysNative\drivers\WmXlCore.sys (Logitech Inc.) DRV:64bit: - (WmFilter) -- C:\Windows\SysNative\drivers\WmFilter.sys (Logitech Inc.) DRV:64bit: - (CVPNDRVA) -- C:\Windows\SysNative\drivers\CVPNDRVA.sys () DRV:64bit: - (CVirtA) -- C:\Windows\SysNative\drivers\CVirtA64.sys (Cisco Systems, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (atikmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (rimmptsk) -- C:\Windows\SysNative\drivers\rimmpx64.sys (REDC) DRV:64bit: - (rismxdp) -- C:\Windows\SysNative\drivers\rixdpx64.sys (REDC) DRV:64bit: - (rimsptsk) -- C:\Windows\SysNative\drivers\rimspx64.sys (REDC) DRV:64bit: - (netw5v64) -- C:\Windows\SysNative\drivers\netw5v64.sys (Intel Corporation) DRV:64bit: - (k57nd60a) -- C:\Windows\SysNative\drivers\k57nd60a.sys (Broadcom Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (DNE) -- C:\Windows\SysNative\drivers\dne64x.sys (Deterministic Networks, Inc.) DRV:64bit: - (Ser2pl) -- C:\Windows\SysNative\drivers\ser2pl64.sys (Prolific Technology Inc.) DRV - (BstHdDrv) -- C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys (BlueStack Systems) DRV - (pfc) -- C:\Windows\SysWOW64\drivers\pfc.sys (Padus, Inc.) DRV - (SbieDrv) -- C:\p\s\Sandboxie\SbieDrv.sys (SANDBOXIE L.T.D) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = C:\Users\JoH\Desktop IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:Tabs IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1C 9D D5 5F 5C 05 CD 01 [binary data] IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwproxy.fh-kiel.de:8080 ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_270.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\p\o\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\p\o\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_270.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\p\s\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\p\m\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\p\o\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\p\s\java\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tracker-software.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\p\o\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF - HKCU\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\p\o\Tracker Software\PDF Viewer\Win32\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\p\o\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\p\o\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\p\s\java\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\p\s\java\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (PDFXChange 4.0) - {42DFA04F-0F16-418e-B80C-AB97A5AFAD39} - C:\p\o\Tracker Software\PDF-XChange 4\PXCIEAddin4.dll (Tracker Softaware) O4:64bit: - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4:64bit: - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [thawbrkr] C:\Users\JoH\AppData\Local\Microsoft\Windows\1657\thawbrkr.exe File not found O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] C:\p\s\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [GrooveMonitor] C:\p\o\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) O4 - HKLM..\Run: [HTC Sync Loader] C:\p\h\HTC\HTC Sync 3.0\htcUPCTLoader.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000..\Run: [DAEMON Tools Lite] C:\p\s\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\p\s\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - Startup: C:\Users\JoH\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\JoH\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\S-1-5-21-2138712517-4037603368-1868619528-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - C:\p\o\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\p\o\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\p\o\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\p\o\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\p\o\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\JoH\Desktop\PartyPoker.lnk File not found O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Users\JoH\Desktop\PartyPoker.lnk File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000012 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000013 - C:\Windows\SysNative\vsocklib.dll (VMware, Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Computer, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\SysWOW64\vsocklib.dll (VMware, Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {CB927D12-4FF7-4A9E-A169-56E4B8A75598} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab (Reg Error: Key error.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 149.222.20.10 149.222.20.11 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7E26B550-B1D0-4179-A301-7E4E550EDEB0}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C72AD1C1-FEF4-44BC-95B7-3A498E26D8D6}: DhcpNameServer = 149.222.20.10 149.222.20.11 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\p\o\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\p\o\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.03.16 12:48:52 | 000,000,000 | ---D | M] - E:\Autoruns -- [ NTFS ] O33 - MountPoints2\{c13ae0a0-9795-11e1-825f-005056c00008}\Shell - "" = AutoRun O33 - MountPoints2\{c13ae0a0-9795-11e1-825f-005056c00008}\Shell\AutoRun\command - "" = G:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.08.07 16:00:27 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\JoH\Desktop\OTL.exe [2012.08.07 13:33:51 | 000,000,000 | ---D | C] -- C:\Users\JoH\AppData\Roaming\Malwarebytes [2012.08.07 13:33:42 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.07 13:33:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.07 13:32:02 | 010,652,120 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\JoH\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.07 00:14:23 | 000,000,000 | ---D | C] -- C:\Users\JoH\Desktop\SARDU_2.0.4.3 [2012.08.06 23:56:53 | 000,000,000 | ---D | C] -- C:\Users\JoH\AppData\Roaming\hellomoto [2012.08.03 11:57:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Macrovision [2012.08.03 11:55:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia Shared [2012.08.03 11:55:08 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msvcr70.dll [2012.08.03 11:54:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Macromedia [2012.08.03 11:54:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Macromedia [2012.08.03 11:51:33 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\InstallShield [2012.08.01 11:42:17 | 000,000,000 | ---D | C] -- C:\Users\JoH\Desktop\powerplatform [2012.08.01 11:31:40 | 000,000,000 | ---D | C] -- C:\Users\JoH\Desktop\PCB-Tools_P3 [2012.07.29 11:57:36 | 000,000,000 | ---D | C] -- C:\Users\JoH\Desktop\led_cube_1.2 [2012.07.22 23:22:17 | 000,000,000 | ---D | C] -- C:\Users\JoH\AppData\Roaming\Canneverbe Limited [2012.07.22 23:22:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Canneverbe Limited [2012.07.21 11:58:46 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\d3dx9_31.dll [2012.07.21 11:58:46 | 001,892,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\D3DX9_42.dll [2012.07.19 12:39:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks [2012.07.19 12:39:47 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\BlueStacks [2012.07.19 12:37:57 | 000,000,000 | ---D | C] -- C:\Users\JoH\AppData\Local\BlueStacks [2012.07.19 12:36:56 | 000,000,000 | ---D | C] -- C:\ProgramData\BlueStacks [2012.07.19 12:33:33 | 000,000,000 | ---D | C] -- C:\Users\JoH\AppData\Local\BlueStacksSetup [2012.07.11 17:26:51 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2012.07.11 17:26:51 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2012.07.11 17:26:50 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2012.07.11 17:26:50 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2012.07.11 17:26:49 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2012.07.11 17:26:49 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2012.07.11 17:26:49 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2012.07.11 17:26:49 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2012.07.11 17:26:48 | 002,311,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2012.07.11 17:26:48 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2012.07.11 17:26:48 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2012.07.11 17:26:48 | 000,818,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2012.07.11 17:26:48 | 000,716,800 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2012.07.11 08:18:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\msxml3r.dll [2012.07.11 08:18:41 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msxml3r.dll [2012.07.11 08:18:36 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2012.07.11 08:18:31 | 000,805,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\cdosys.dll [2012.07.11 08:18:30 | 001,133,568 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\cdosys.dll ========== Files - Modified Within 30 Days ========== [2012.08.07 16:00:27 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\JoH\Desktop\OTL.exe [2012.08.07 15:57:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.08.07 15:57:05 | 3193,581,568 | -HS- | M] () -- C:\hiberfil.sys [2012.08.07 15:47:22 | 000,078,804 | ---- | M] () -- C:\Windows\Q-Dir.ini [2012.08.07 14:13:28 | 001,630,354 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.08.07 14:13:28 | 000,703,080 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.08.07 14:13:28 | 000,657,792 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.08.07 14:13:28 | 000,150,402 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.08.07 14:13:28 | 000,123,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.08.07 13:33:43 | 000,000,856 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 13:32:02 | 010,652,120 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\JoH\Desktop\mbam-setup-1.62.0.1300.exe [2012.08.07 00:23:41 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 00:23:41 | 000,022,000 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.08.07 00:17:14 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.07 00:13:29 | 010,475,186 | ---- | M] () -- C:\Users\JoH\Desktop\SARDU_2.0.4.3.zip [2012.08.06 23:51:03 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.08.06 16:48:08 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.06 13:06:21 | 000,695,015 | ---- | M] () -- C:\Users\JoH\Desktop\xxx2Bachelorthesis_Christian_Loof.pdf [2012.08.03 21:56:20 | 000,014,688 | ---- | M] () -- C:\Users\JoH\Desktop\FEMAJUMFJ1I6COK.zip [2012.08.03 21:51:18 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2012.08.03 21:51:18 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2012.08.01 11:41:53 | 087,384,903 | ---- | M] () -- C:\Users\JoH\Desktop\powerplatform.zip [2012.08.01 11:31:34 | 000,513,365 | ---- | M] () -- C:\Users\JoH\Desktop\PCB-Tools_P3.zip [2012.07.28 11:39:40 | 002,958,390 | ---- | M] () -- C:\Windows\ACD Wallpaper.bmp [2012.07.19 16:13:37 | 000,001,890 | -HS- | M] () -- C:\ProgramData\KGyGaAvL.sys [2012.07.19 15:22:51 | 000,090,580 | ---- | M] () -- C:\Users\JoH\final_bstSnapshot_64732.jpg [2012.07.19 15:22:50 | 000,090,664 | ---- | M] () -- C:\Users\JoH\final_bstSnapshot_16218.jpg [2012.07.19 15:22:49 | 000,129,253 | ---- | M] () -- C:\Users\JoH\final_bstSnapshot_1177.jpg [2012.07.19 12:40:20 | 000,001,883 | ---- | M] () -- C:\Users\JoH\Desktop\Start BlueStacks.lnk [2012.07.12 14:30:30 | 002,376,488 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.07.11 08:40:03 | 000,000,615 | ---- | M] () -- C:\Users\JoH\Desktop\GeocachingNetworkKML.kml [2012.07.09 15:13:21 | 000,000,417 | ---- | M] () -- C:\Windows\solvermfc.INI ========== Files Created - No Company Name ========== [2012.08.07 13:33:43 | 000,000,856 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.07 00:13:29 | 010,475,186 | ---- | C] () -- C:\Users\JoH\Desktop\SARDU_2.0.4.3.zip [2012.08.06 09:24:54 | 000,695,015 | ---- | C] () -- C:\Users\JoH\Desktop\xxx2Bachelorthesis_Christian_Loof.pdf [2012.08.03 21:56:14 | 000,014,688 | ---- | C] () -- C:\Users\JoH\Desktop\FEMAJUMFJ1I6COK.zip [2012.08.01 11:41:17 | 087,384,903 | ---- | C] () -- C:\Users\JoH\Desktop\powerplatform.zip [2012.08.01 11:31:34 | 000,513,365 | ---- | C] () -- C:\Users\JoH\Desktop\PCB-Tools_P3.zip [2012.07.19 15:22:51 | 000,090,580 | ---- | C] () -- C:\Users\JoH\final_bstSnapshot_64732.jpg [2012.07.19 15:22:50 | 000,090,664 | ---- | C] () -- C:\Users\JoH\final_bstSnapshot_16218.jpg [2012.07.19 15:22:49 | 000,129,253 | ---- | C] () -- C:\Users\JoH\final_bstSnapshot_1177.jpg [2012.07.19 12:40:20 | 000,001,883 | ---- | C] () -- C:\Users\JoH\Desktop\Start BlueStacks.lnk [2012.07.11 08:39:59 | 000,000,615 | ---- | C] () -- C:\Users\JoH\Desktop\GeocachingNetworkKML.kml [2012.07.03 22:41:31 | 000,003,584 | ---- | C] () -- C:\Users\JoH\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.24 22:30:26 | 000,005,014 | ---- | C] () -- C:\ProgramData\bltofzsb.qlf [2012.04.03 10:16:58 | 001,651,246 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.03.31 23:48:12 | 000,152,293 | ---- | C] () -- C:\Users\JoH\AppData\Local\Temp_table.xml [2012.03.30 23:46:51 | 000,000,485 | ---- | C] () -- C:\Users\JoH\SciTE.session [2012.03.27 23:06:11 | 000,006,838 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.03.27 14:42:55 | 000,000,000 | ---- | C] () -- C:\Users\JoH\AppData\Local\Temptable.xml [2012.03.25 23:22:37 | 000,000,417 | ---- | C] () -- C:\Windows\solvermfc.INI [2012.03.22 18:13:35 | 000,000,000 | ---- | C] () -- C:\Windows\eDrawingOfficeAutomator.INI [2012.03.19 11:14:12 | 000,001,890 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2012.03.19 11:14:12 | 000,000,008 | RHS- | C] () -- C:\ProgramData\1549BF6E3F.sys [2012.03.19 10:58:35 | 000,001,776 | ---- | C] () -- C:\Windows\Sandboxie.ini [2012.03.19 10:56:24 | 000,175,616 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.03.19 01:35:57 | 000,078,804 | ---- | C] () -- C:\Windows\Q-Dir.ini [2012.03.19 00:54:34 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.03.27 22:42:49 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\ACD Systems [2012.05.27 01:21:45 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Atmel [2012.04.16 23:54:15 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\CadSoft [2012.07.22 23:22:17 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Canneverbe Limited [2012.03.20 15:35:19 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\DAEMON Tools Lite [2012.03.22 23:34:48 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\DassaultSystemes [2012.05.27 00:42:43 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Dexpot [2012.08.07 00:17:58 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Dropbox [2012.03.28 09:11:12 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\e-academy Inc [2012.04.12 04:47:57 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\EDrawings [2012.06.18 13:33:34 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\FileZilla [2012.08.06 23:57:01 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\hellomoto [2012.06.01 15:54:47 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\HTC [2012.06.01 15:11:45 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\HTC.388BC06ACDAB6261375BCE37FBA2E023C0D7EE34.1 [2012.05.08 15:24:07 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\ibf [2012.04.12 04:57:28 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Luxology [2012.05.15 21:18:34 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Miranda Fusion [2012.06.01 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\MyPhoneExplorer [2012.03.22 15:34:28 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Notepad++ [2012.03.19 01:13:40 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Opera [2012.06.01 15:54:10 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Outlook [2012.03.27 22:04:15 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\PacificPoker [2012.06.21 11:49:58 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\pdfforge [2012.03.19 01:36:37 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\Q-Dir [2012.06.07 00:03:05 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\TeamViewer [2012.07.13 08:05:00 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\uTorrent [2012.07.02 16:55:15 | 000,000,000 | ---D | M] -- C:\Users\JoH\AppData\Roaming\VisualAssist [2012.05.12 13:12:09 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > [/CODE] Gibt es jetzt noch etwas zu tun? Helfen die logs? Das Blockieren ist weg. Ich weiß jetzt allerdings nicht ob das System clean ist oder nicht... Danke schonmal im Vorraus. mfg bibu |
| Themen zu Computer ist für die Verletzung der Gesetze der Bundesrepublik Deutschland wurde blockiert |
| .dll, administrator, adobe flash player, application/pdf:, avira, bho, blockiert, bluestacks, bonjour, browser, computer, download, error, explorer, firefox, flash player, format, google earth, helper, langs, logfile, microsoft, myphoneexplorer, national, opera, plug-in, programme, pup.adware.agent, registry, scan, senden, software, spyware.zeus, tracker, winlogon, wrapper |
Baum-Darstellung