|
Log-Analyse und Auswertung: OTL Logfiles auswertung nach virusschädenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
26.11.2012, 01:22 | #1 |
| OTL Logfiles auswertung nach virusschäden Zu meinem einstand bei euch erstmal ein Hallo an alle Ich habe ein Pronlem mit meinem Rechner, ich habe mal von einem Freund ein EBook bekommen und wollte, da ich lange danach gesucht habe, es auch sogleich von dem Stick auf meinem Rechner ziehen. Leider habe ich diesen nicht vorher vom Antivirenprogramm scannen lassen Was sich auch gleich rechte. Denn am Tag darauf sprang mein Scanner an, wie jeden Tag und BAMM hatt er angeschlagen. Mir war auch sofort klar woher. ich Scannte also den Stick und wie sollte es auch sein auf dem Scheiß Stick habe ich rein zufällig die selbe Seuche gehabt. Naja was tat ich, alles bereinigen. Leider habe ich seit der Infizierung mein Baby schon wieder neu gestartet somit hatte ich durch einmal nicht aufgepasst gleich drei Dumheiten mit einmal begangen und die Seuche konnte schon mal ein wenig unheil Anrichten "tolles Ü.-Ei". Nun denn, nach den Scans beseitigte ich den mist vom Rechner und Stick und ich hatte bis dahin keine Probleme. Ich hoffte das nicht viel Schaden angerichtet wurde und es sa auch erstmal supi aus. Ich hatte erstmal keine Probleme bis, ich ihn dann runterfahren wollte. Bei der Abmeldung dauerte es erstmal bestimmt 5 Minuten und ich dachte schon das er sich aufgehangen hatte, doch dann passierte was kurzer Bluescreen blingte auf und Mein Rechner startete neu. Meine Fresse dachte ich, da hab ich also den Salat und zu meiner Freude hat mein Internet auch nicht mehr funktioniert. Ich muss dazu sagen ich gehe mit einem Stick von Blau.de on, das Programm auf dem Stick ist der XS Manager. Das mit dem Verbindungsfehler habe ich schon wieder hinbekommen aber ich habe zwei datein mit der Bezeichnung Desktop.ini auf dem Desktop. Davon geht eine zu öffnen und bei der anderen wird mir der zugriff verweigert. In der geöffnetten Datei steht dann dieses hier: [LocalizedFileNames] Backup and Restore Center.lnk=@%systemroot%\system32\sdcpl.dll,-101 [.ShellClassInfo] LocalizedResourceName=@%SystemRoot%\system32\shell32.dll,-21769 IconResource=%SystemRoot%\system32\imageres.dll,-183 Ich weiß nicht was noch an Schäden sind aber ich sende mal ein Logfile von OTL mit ich hoffe das mir jemand behilflich sein kann. Logfile OTL: OTL logfile created on: 26.11.2012 00:15:59 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Smokes-one\Downloads 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 5,70 Gb Available Physical Memory | 71,24% Memory free 15,99 Gb Paging File | 13,27 Gb Available in Paging File | 82,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 455,66 Gb Total Space | 292,56 Gb Free Space | 64,21% Space Free | Partition Type: NTFS Drive D: | 4,38 Gb Total Space | 4,24 Gb Free Space | 96,96% Space Free | Partition Type: UDF Drive E: | 465,76 Gb Total Space | 2,17 Gb Free Space | 0,47% Space Free | Partition Type: NTFS Drive F: | 1,86 Gb Total Space | 0,01 Gb Free Space | 0,31% Space Free | Partition Type: FAT32 Computer Name: SMOKES-ONE-PC | User Name: Smokes-one | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.11.22 15:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Smokes-one\Downloads\OTL.exe PRC - [2012.11.10 12:21:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_110.exe PRC - [2012.10.27 20:29:14 | 000,917,984 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2012.10.13 18:53:22 | 000,075,136 | ---- | M] () -- C:\Windows\SysWOW64\PnkBstrA.exe PRC - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Nero\Update\NASvc.exe PRC - [2011.05.22 12:10:22 | 000,243,776 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\qimlsrv.exe PRC - [2011.03.21 01:42:48 | 000,096,320 | ---- | M] (Comvigo, Inc.) -- C:\Windows\SysWOW64\dsrviml.exe PRC - [2010.06.25 17:37:32 | 000,160,992 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\starter4g.exe PRC - [2010.06.25 17:37:28 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) -- C:\Windows\service4g.exe PRC - [2010.04.27 14:42:51 | 001,531,560 | ---- | M] (WebToGo Mobiles Internet GmbH) -- C:\Program Files (x86)\XSManager\XSManager.exe PRC - [2010.04.22 12:59:36 | 000,339,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe PRC - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGService.exe PRC - [2010.04.07 10:30:22 | 001,146,440 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe PRC - [2010.03.31 15:06:52 | 001,499,720 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe PRC - [2010.03.31 15:06:48 | 000,963,144 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe PRC - [2010.03.31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe PRC - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe ========== Modules (No Company Name) ========== MOD - [2012.11.10 12:21:32 | 014,586,808 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll MOD - [2012.10.27 20:29:13 | 002,295,264 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2011.03.02 11:40:51 | 000,140,288 | ---- | M] () -- C:\Programme\WinRAR\RarExt32.dll MOD - [2010.06.22 18:48:58 | 000,143,360 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDetection.dll MOD - [2010.04.27 14:42:55 | 000,183,976 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGSMSPCClient.Dll MOD - [2010.04.27 14:42:54 | 000,048,808 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDriverInstall.dll MOD - [2010.04.27 14:42:54 | 000,028,328 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDriverInstallX.Dll MOD - [2010.04.27 14:42:49 | 000,020,136 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_WTGSMSPCClientGer.dll MOD - [2010.04.27 14:42:46 | 000,896,680 | ---- | M] () -- C:\Program Files (x86)\XSManager\4GSystems_OneClickAssistantGer.dll MOD - [2010.04.12 17:59:40 | 000,376,832 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgCore.dll MOD - [2010.04.12 17:59:28 | 000,139,264 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgBluetooth.dll MOD - [2010.04.12 17:59:24 | 000,065,536 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDialup.dll MOD - [2010.04.12 17:59:18 | 000,110,592 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgDatabase.dll MOD - [2010.04.12 17:59:14 | 000,086,016 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgPorts.dll MOD - [2010.04.12 17:59:10 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\XSManager\WtgUtil.dll MOD - [2010.04.12 17:59:04 | 000,024,576 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGDebugs.dll MOD - [2010.01.30 01:41:12 | 004,254,560 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf MOD - [2009.12.08 11:22:58 | 000,593,920 | ---- | M] () -- C:\Program Files (x86)\XSManager\WTGXMLUtil.dll ========== Services (SafeList) ========== SRV:64bit: - [2012.04.06 03:16:02 | 000,236,544 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2012.01.10 15:09:50 | 000,027,760 | ---- | M] (VIA Technologies, Inc.) [Auto | Running] -- C:\Windows\SysNative\ViakaraokeSrv.exe -- (VIAKaraokeService) SRV - [2012.11.10 12:21:33 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.10.27 20:29:13 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.10.21 18:30:21 | 000,529,744 | ---- | M] (Valve Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2012.10.13 18:53:22 | 000,075,136 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PnkBstrA.exe -- (PnkBstrA) SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.07.27 12:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.11.25 15:32:36 | 000,687,400 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) SRV - [2010.09.22 17:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.09.21 13:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.06.25 17:37:28 | 000,145,120 | R--- | M] (4G Systems GmbH & Co. KG) [Auto | Running] -- C:\Windows\service4g.exe -- (XS Stick Service) SRV - [2010.04.22 12:59:36 | 000,339,016 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan) SRV - [2010.04.16 04:08:54 | 001,666,096 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc) SRV - [2010.04.12 18:03:44 | 000,329,168 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\XSManager\WTGService.exe -- (WTGService) SRV - [2010.04.07 10:30:22 | 001,146,440 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy) SRV - [2010.03.31 15:06:48 | 000,410,696 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.15 10:23:40 | 001,778,336 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.08.24 21:16:12 | 000,544,768 | ---- | M] (mst software GmbH, Germany) [On_Demand | Stopped] -- C:\Program Files (x86)\Ashampoo\Ashampoo WinOptimizer 2012\DfsdkS64.exe -- (DfSdkS) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.04.30 10:23:26 | 000,090,112 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Sony Ericsson\Sony Ericsson PC Suite\SupServ.exe -- (OMSI download service) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.11.25 19:07:50 | 000,117,888 | ---- | M] (Mobile Connector) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\cmnsusbser.sys -- (cmnsusbser) DRV:64bit: - [2012.09.23 13:53:35 | 000,034,032 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\seehcri.sys -- (seehcri) DRV:64bit: - [2012.09.03 12:35:05 | 000,040,392 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave) DRV:64bit: - [2012.09.03 12:35:02 | 000,057,288 | ---- | M] (G DATA Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt) DRV:64bit: - [2012.09.03 12:34:58 | 000,049,096 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre) DRV:64bit: - [2012.09.03 12:34:44 | 000,084,936 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt) DRV:64bit: - [2012.09.03 12:34:43 | 000,048,584 | ---- | M] (G DATA Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd) DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.04.06 06:22:40 | 011,174,400 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2012.04.06 02:10:44 | 000,343,040 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.23 13:32:04 | 000,095,760 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AtihdW76.sys -- (AtiHDAudioService) DRV:64bit: - [2012.01.10 15:09:44 | 002,184,816 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\viahduaa.sys -- (VIAHdAudAddService) DRV:64bit: - [2011.12.19 22:49:22 | 000,637,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\iaStorS.sys -- (iaStorS) DRV:64bit: - [2011.12.13 18:44:16 | 000,056,448 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter) DRV:64bit: - [2011.12.01 10:42:44 | 000,072,240 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVol.sys -- (NBVol) DRV:64bit: - [2011.12.01 10:42:44 | 000,015,920 | ---- | M] (Nero AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\NBVolUp.sys -- (NBVolUp) DRV:64bit: - [2011.11.24 23:25:52 | 000,015,360 | ---- | M] (June Fabrics Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pneteth.sys -- (pneteth) DRV:64bit: - [2011.10.17 15:55:32 | 000,559,384 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.08.26 04:08:54 | 000,023,832 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF) DRV:64bit: - [2011.08.26 04:08:52 | 000,562,456 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA) DRV:64bit: - [2011.08.11 07:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.21 04:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 04:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.09.22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010.03.15 10:38:46 | 000,161,904 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdm.sys -- (s1039mdm) DRV:64bit: - [2010.03.15 10:38:46 | 000,158,320 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039unic.sys -- (s1039unic) DRV:64bit: - [2010.03.15 10:38:46 | 000,141,424 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mgmt.sys -- (s1039mgmt) DRV:64bit: - [2010.03.15 10:38:46 | 000,137,328 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039obex.sys -- (s1039obex) DRV:64bit: - [2010.03.15 10:38:46 | 000,034,416 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039nd5.sys -- (s1039nd5) DRV:64bit: - [2010.03.15 10:38:46 | 000,019,568 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039mdfl.sys -- (s1039mdfl) DRV:64bit: - [2010.03.15 10:38:38 | 000,127,600 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s1039bus.sys -- (s1039bus) DRV:64bit: - [2010.02.18 08:18:24 | 000,046,136 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdiox64.sys -- (amdiox64) DRV:64bit: - [2010.01.06 11:26:06 | 000,235,312 | ---- | M] (Advanced Micro Devices, Inc) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\ahcix64s.sys -- (ahcix64s) DRV:64bit: - [2009.09.19 05:30:14 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm) DRV:64bit: - [2009.09.19 05:30:14 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) DRV:64bit: - [2009.09.19 05:30:14 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) DRV:64bit: - [2009.07.23 08:07:36 | 000,096,768 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciPPorts.sys -- (PciPPorts) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.12.19 03:25:34 | 000,122,880 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciSPorts.sys -- (PciSPorts) DRV:64bit: - [2008.12.19 03:23:30 | 000,068,608 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\PciIsaSerial.sys -- (PciIsaSerial) DRV:64bit: - [2008.05.16 10:33:06 | 000,158,760 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdm.sys -- (s0016mdm) DRV:64bit: - [2008.05.16 10:33:06 | 000,151,592 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016unic.sys -- (s0016unic) DRV:64bit: - [2008.05.16 10:33:06 | 000,137,256 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mgmt.sys -- (s0016mgmt) DRV:64bit: - [2008.05.16 10:33:06 | 000,136,744 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016obex.sys -- (s0016obex) DRV:64bit: - [2008.05.16 10:33:06 | 000,034,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016nd5.sys -- (s0016nd5) DRV:64bit: - [2008.05.16 10:33:04 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016mdfl.sys -- (s0016mdfl) DRV:64bit: - [2008.05.16 10:32:56 | 000,115,240 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s0016bus.sys -- (s0016bus) DRV - [2012.11.25 16:18:26 | 000,106,224 | ---- | M] (G Data Software) [Kernel | System | Stopped] -- C:\Windows\SysWOW64\drivers\GRD.sys -- (GRD) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3} IE:64bit: - HKLM\..\SearchScopes\{E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3} IE - HKLM\..\SearchScopes\{E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MNMTDF&pc=MANM&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://nmd.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.hyrican.de [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://nmd.msn.com IE - HKCU\..\SearchScopes,DefaultScope = {E8E51D67-4FFA-44E4-A01E-C5F3FE4FA8A3} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..network.proxy.backup.ftp: "" FF - prefs.js..network.proxy.backup.ftp_port: 0 FF - prefs.js..network.proxy.backup.socks: "" FF - prefs.js..network.proxy.backup.socks_port: 0 FF - prefs.js..network.proxy.backup.ssl: "" FF - prefs.js..network.proxy.backup.ssl_port: 0 FF - prefs.js..network.proxy.ftp: "213.42.124.114" FF - prefs.js..network.proxy.ftp_port: 80 FF - prefs.js..network.proxy.http: "213.42.124.114" FF - prefs.js..network.proxy.http_port: 80 FF - prefs.js..network.proxy.share_proxy_settings: true FF - prefs.js..network.proxy.socks: "213.42.124.114" FF - prefs.js..network.proxy.socks_port: 80 FF - prefs.js..network.proxy.ssl: "213.42.124.114" FF - prefs.js..network.proxy.ssl_port: 80 FF - prefs.js..network.proxy.type: 0 FF - user.js..browser.search.openintab: false FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.50401.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Nero.com/KM: C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL (Nero AG) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Smokes-one\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:29:14 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.10.27 20:29:14 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.03 18:03:19 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\Extensions [2012.11.23 09:45:20 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\Firefox\Profiles\gbvbhhkr.default\extensions [2012.11.23 09:45:20 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Smokes-one\AppData\Roaming\mozilla\firefox\profiles\gbvbhhkr.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012.10.27 20:29:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.10.27 20:29:14 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 03:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 03:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 03:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 03:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 03:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 03:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O3:64bit: - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\Webfilter\AVKWebIEx64.dll (G Data Software AG) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (G Data WebFilter) - {0124123D-61B4-456f-AF86-78C53A0790C5} - C:\Program Files (x86)\G Data\InternetSecurity\WebFilter\AvkWebIE.dll (G Data Software AG) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4 - HKLM..\Run: [amd_dc_opt] C:\Program Files (x86)\AMD\Dual-Core Optimizer\amd_dc_opt.exe (AMD) O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG) O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG) O4 - HKLM..\Run: [HDAudDeck] C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) O4 - HKLM..\Run: [starter4g] C:\Windows\starter4g.exe (4G Systems GmbH & Co. KG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoPropertiesMyComputer = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoViewContextMenu = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFileAssociate = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoClose = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: StartMenuLogoff = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: VerboseStatus = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispCPL = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispSettingsPage = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 2016 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 1 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{987ECD16-26A5-42F4-B804-94519DC1459C}: NameServer = 212.23.97.2 212.23.97.3 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E7BFF06B-3B4B-4284-9DAF-DE2BCA711659}: DhcpNameServer = 139.7.30.125 139.7.30.126 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~4\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2012.09.03 12:49:15 | 000,000,000 | RH-- | M] () - D:\autorun.wbcat -- [ UDF ] O32 - AutoRun File - [2012.09.03 12:49:15 | 000,000,135 | ---- | M] () - D:\autorun.inf -- [ UDF ] O33 - MountPoints2\{0923b36d-f917-11e1-8662-50e5499af0ea}\Shell - "" = AutoRun O33 - MountPoints2\{0923b36d-f917-11e1-8662-50e5499af0ea}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a O33 - MountPoints2\{2a38df85-f5b7-11e1-b26f-50e5499af0ea}\Shell - "" = AutoRun O33 - MountPoints2\{2a38df85-f5b7-11e1-b26f-50e5499af0ea}\Shell\AutoRun\command - "" = E:\autorun.exe O33 - MountPoints2\{89d4acbf-057c-11e2-8ea9-50e5499af0ea}\Shell - "" = AutoRun O33 - MountPoints2\{89d4acbf-057c-11e2-8ea9-50e5499af0ea}\Shell\AutoRun\command - "" = J:\Startme.exe O33 - MountPoints2\{cf50b337-03d2-11e2-b2f1-50e5499af0ea}\Shell - "" = AutoRun O33 - MountPoints2\{cf50b337-03d2-11e2-b2f1-50e5499af0ea}\Shell\AutoRun\command - "" = L:\Startme.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.11.25 19:08:05 | 000,312,544 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\windows\updater4g.exe [2012.11.25 19:08:04 | 000,160,992 | R--- | C] (4G Systems GmbH & Co. KG) -- C:\windows\starter4g.exe [2012.11.25 19:08:04 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Roaming\XSManager [2012.11.25 19:07:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XSManager [2012.11.25 19:07:49 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XSManager [2012.11.25 19:04:28 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\MigWiz [2012.11.21 19:55:44 | 000,000,000 | ---D | C] -- C:\windows\Minidump [2012.11.20 20:59:39 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\mshtmled.dll [2012.11.20 20:59:39 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\mshtmled.dll [2012.11.20 20:59:38 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieui.dll [2012.11.20 20:59:38 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\url.dll [2012.11.20 20:59:38 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\url.dll [2012.11.20 20:59:38 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieui.dll [2012.11.20 20:59:38 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ieUnatt.exe [2012.11.20 20:59:38 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ieUnatt.exe [2012.11.20 20:59:37 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript9.dll [2012.11.20 20:59:37 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\inetcpl.cpl [2012.11.20 20:59:37 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\inetcpl.cpl [2012.11.20 20:59:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\msfeeds.dll [2012.11.20 20:59:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\jscript.dll [2012.11.20 20:59:36 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\jscript.dll [2012.11.20 20:59:36 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\vbscript.dll [2012.11.17 16:19:41 | 000,054,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\drivers\WdfLdr.sys [2012.11.17 16:19:41 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\Wdfres.dll [2012.11.17 15:31:01 | 000,095,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\synceng.dll [2012.11.17 15:31:01 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\synceng.dll [2012.11.17 15:03:24 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcore6.dll [2012.11.17 15:03:24 | 000,193,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\dhcpcore6.dll [2012.11.17 15:03:24 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\dhcpcsvc6.dll [2012.11.17 14:57:38 | 000,246,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netcorehc.dll [2012.11.17 14:57:38 | 000,216,576 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\ncsi.dll [2012.11.17 14:57:38 | 000,175,104 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netcorehc.dll [2012.11.17 14:57:38 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\ncsi.dll [2012.11.17 14:57:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\netevent.dll [2012.11.17 14:57:38 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\netevent.dll [2012.11.17 01:26:20 | 000,744,448 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFx.dll [2012.11.17 01:26:20 | 000,229,888 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFHost.exe [2012.11.17 01:26:20 | 000,194,048 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFPlatform.dll [2012.11.17 01:26:20 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\WUDFCoinstaller.dll [2012.11.08 22:50:26 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Desktop\PdaNet 3.5 with Key [2012.11.08 22:46:40 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Desktop\Manhunt.2-RELOADED [2012.11.07 19:20:50 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Roaming\Unity [2012.11.07 19:17:31 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\Unity [2012.11.04 17:28:11 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Documents\Ubisoft [2012.11.04 17:15:25 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ubisoft [2012.11.04 15:48:27 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\DownTango [2012.11.04 15:48:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Red Sky [2012.11.02 23:48:16 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\Documents\WBGames [2012.11.02 23:47:27 | 000,070,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAPOFX1_2.dll [2012.11.02 23:47:26 | 000,514,384 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\XAudio2_3.dll [2012.11.02 23:47:25 | 000,023,376 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_5.dll [2012.11.02 23:47:20 | 000,025,608 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\X3DAudio1_4.dll [2012.11.02 23:47:15 | 000,081,768 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_3.dll [2012.11.02 23:46:37 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\WBGames [2012.11.02 23:16:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WB Games [2012.11.02 22:57:56 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WB Games [2012.11.02 18:33:48 | 000,000,000 | ---D | C] -- C:\Users\Smokes-one\AppData\Local\Electronic Arts [2012.11.02 18:32:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Electronic Arts [2012.11.02 18:14:16 | 000,364,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_4.dll [2012.11.02 18:14:16 | 000,237,848 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_4.dll [2012.11.02 18:14:12 | 003,977,496 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_31.dll [2012.11.02 18:14:12 | 002,414,360 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_31.dll [2012.11.02 18:14:10 | 000,363,288 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_3.dll [2012.11.02 18:14:10 | 000,236,824 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_3.dll [2012.11.02 18:14:09 | 000,083,736 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_2.dll [2012.11.02 18:14:09 | 000,062,744 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_2.dll [2012.11.02 18:14:07 | 000,354,072 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_2.dll [2012.11.02 18:14:07 | 000,230,168 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_2.dll [2012.11.02 18:14:05 | 000,083,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xinput1_1.dll [2012.11.02 18:14:05 | 000,062,672 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xinput1_1.dll [2012.11.02 18:14:03 | 000,352,464 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_1.dll [2012.11.02 18:14:03 | 000,229,584 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_1.dll [2012.11.02 18:13:43 | 003,927,248 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_30.dll [2012.11.02 18:13:43 | 002,388,176 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_30.dll [2012.11.02 18:13:41 | 000,355,536 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\xactengine2_0.dll [2012.11.02 18:13:41 | 000,230,096 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\xactengine2_0.dll [2012.11.02 18:13:41 | 000,016,592 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\x3daudio1_0.dll [2012.11.02 18:13:41 | 000,014,032 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\x3daudio1_0.dll [2012.11.02 18:13:39 | 003,830,992 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_29.dll [2012.11.02 18:13:39 | 002,332,368 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_29.dll [2012.11.02 18:13:37 | 003,815,120 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_28.dll [2012.11.02 18:13:37 | 002,323,664 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_28.dll [2012.11.02 18:13:34 | 003,807,440 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_27.dll [2012.11.02 18:13:34 | 002,319,568 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_27.dll [2012.11.02 18:13:32 | 003,767,504 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_26.dll [2012.11.02 18:13:32 | 002,297,552 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_26.dll [2012.11.02 18:13:30 | 003,823,312 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_25.dll [2012.11.02 18:13:30 | 002,337,488 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_25.dll [2012.11.02 18:13:28 | 003,544,272 | ---- | C] (Microsoft Corporation) -- C:\windows\SysNative\d3dx9_24.dll [2012.11.02 18:13:28 | 002,222,800 | ---- | C] (Microsoft Corporation) -- C:\windows\SysWow64\d3dx9_24.dll [2012.10.29 16:05:43 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ashampoo [2012.10.29 16:05:39 | 000,034,304 | ---- | C] (mst software GmbH, Germany) -- C:\windows\SysNative\DfSdkBt.exe [2012.10.29 16:05:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ashampoo [2012.10.27 20:29:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.10.19 13:55:36 | 000,148,736 | ---- | C] (Avanquest Software) -- C:\ProgramData\hpe96D5.dll ========== Files - Modified Within 30 Days ========== [2012.11.25 23:29:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.11.25 23:10:55 | 001,498,506 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.11.25 23:10:55 | 000,653,928 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.11.25 23:10:55 | 000,615,810 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.11.25 23:10:55 | 000,129,800 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.11.25 23:10:55 | 000,106,190 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.11.25 23:00:39 | 000,024,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 23:00:39 | 000,024,720 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.25 19:07:53 | 000,001,938 | ---- | M] () -- C:\Users\Public\Desktop\XSManager.lnk [2012.11.25 19:07:50 | 000,133,120 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_netamd.sys [2012.11.25 19:07:50 | 000,118,272 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_seramd.sys [2012.11.25 19:07:50 | 000,117,888 | ---- | M] (Mobile Connector) -- C:\windows\SysNative\drivers\cmnsusbser.sys [2012.11.25 19:07:50 | 000,112,640 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_net32.sys [2012.11.25 19:07:50 | 000,103,680 | ---- | M] (C-motech Co.,Ltd.) -- C:\windows\SysNative\drivers\cm_ser32.sys [2012.11.25 19:07:50 | 000,101,056 | ---- | M] () -- C:\windows\SysNative\drivers\dvb_nova_12mhz_b0.inp [2012.11.25 19:07:50 | 000,092,456 | ---- | M] () -- C:\windows\SysNative\drivers\isdbt_nova_12mhz_b0.inp [2012.11.25 19:07:50 | 000,079,036 | ---- | M] () -- C:\windows\SysNative\drivers\tdmb_nova_12mhz_b0.inp [2012.11.25 19:07:50 | 000,063,648 | ---- | M] (Siano) -- C:\windows\SysNative\drivers\smsbda.sys [2012.11.25 19:07:50 | 000,000,040 | ---- | M] () -- C:\windows\SysNative\drivers\smsbda.cfg [2012.11.25 18:52:30 | 000,065,536 | ---- | M] () -- C:\windows\SysNative\Ikeext.etl [2012.11.25 18:52:24 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.11.25 18:52:19 | 2145,447,935 | -HS- | M] () -- C:\hiberfil.sys [2012.11.25 16:49:05 | 000,378,848 | ---- | M] () -- C:\Users\Smokes-one\Documents\diagnose XS Manager Fehler628.htm [2012.11.25 16:18:26 | 000,106,224 | ---- | M] (G Data Software) -- C:\windows\SysWow64\drivers\GRD.sys [2012.11.22 22:07:43 | 000,004,551 | ---- | M] () -- C:\Users\Smokes-one\Documents\UDF1_DVD.nru [2012.11.22 10:58:47 | 000,000,894 | ---- | M] () -- C:\Users\Smokes-one\Documents\veränderrung.rtf [2012.11.22 01:09:28 | 574,253,453 | ---- | M] () -- C:\windows\MEMORY.DMP [2012.11.19 22:50:54 | 000,007,597 | ---- | M] () -- C:\Users\Smokes-one\AppData\Local\Resmon.ResmonCfg [2012.11.17 17:39:26 | 000,416,312 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012.11.14 12:23:37 | 000,000,014 | ---- | M] () -- C:\end [2012.11.10 12:21:32 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerApp.exe [2012.11.10 12:21:32 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\windows\SysWow64\FlashPlayerCPLApp.cpl [2012.11.04 17:27:50 | 000,002,110 | ---- | M] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk [2012.11.02 23:16:36 | 000,001,859 | ---- | M] () -- C:\Users\Public\Desktop\F.E.A.R. Ultimate Shooter Edition - F.E.A.R 2.lnk [2012.11.02 18:32:00 | 000,002,083 | ---- | M] () -- C:\Users\Public\Desktop\Harry Potter und der Halbblut-Prinz™.lnk [2012.10.29 16:05:44 | 000,002,293 | ---- | M] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2012).lnk [2012.10.29 16:05:43 | 000,001,263 | ---- | M] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk [2012.10.29 01:50:59 | 000,000,377 | ---- | M] () -- C:\Users\Smokes-one\Documents\Rechner gescannt3.rtf ========== Files Created - No Company Name ========== [2012.11.25 19:08:04 | 000,000,040 | ---- | C] () -- C:\windows\SysNative\drivers\smsbda.cfg [2012.11.25 19:07:53 | 000,001,938 | ---- | C] () -- C:\Users\Public\Desktop\XSManager.lnk [2012.11.25 16:49:14 | 000,065,536 | ---- | C] () -- C:\windows\SysNative\Ikeext.etl [2012.11.25 16:49:03 | 000,378,848 | ---- | C] () -- C:\Users\Smokes-one\Documents\diagnose XS Manager Fehler628.htm [2012.11.22 22:07:43 | 000,004,551 | ---- | C] () -- C:\Users\Smokes-one\Documents\UDF1_DVD.nru [2012.11.22 10:58:47 | 000,000,894 | ---- | C] () -- C:\Users\Smokes-one\Documents\veränderrung.rtf [2012.11.21 19:55:40 | 574,253,453 | ---- | C] () -- C:\windows\MEMORY.DMP [2012.11.20 17:44:52 | 2145,447,935 | -HS- | C] () -- C:\hiberfil.sys [2012.11.17 16:19:42 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.11.17 01:26:20 | 000,000,003 | ---- | C] () -- C:\windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.11.04 17:27:50 | 000,002,110 | ---- | C] () -- C:\Users\Public\Desktop\Tom Clancy's Rainbow Six Vegas.lnk [2012.11.04 15:48:08 | 000,000,014 | ---- | C] () -- C:\end [2012.11.02 23:16:36 | 000,001,859 | ---- | C] () -- C:\Users\Public\Desktop\F.E.A.R. Ultimate Shooter Edition - F.E.A.R 2.lnk [2012.11.02 18:32:00 | 000,002,083 | ---- | C] () -- C:\Users\Public\Desktop\Harry Potter und der Halbblut-Prinz™.lnk [2012.10.29 16:05:44 | 000,002,293 | ---- | C] () -- C:\Users\Public\Desktop\Ein-Klick-Optimierung (WO2012).lnk [2012.10.29 16:05:43 | 000,001,263 | ---- | C] () -- C:\Users\Public\Desktop\Ashampoo WinOptimizer 2012.lnk [2012.10.29 02:39:37 | 000,007,597 | ---- | C] () -- C:\Users\Smokes-one\AppData\Local\Resmon.ResmonCfg [2012.10.29 01:50:59 | 000,000,377 | ---- | C] () -- C:\Users\Smokes-one\Documents\Rechner gescannt3.rtf [2012.10.13 18:53:28 | 000,189,248 | ---- | C] () -- C:\windows\SysWow64\PnkBstrB.exe [2012.10.13 18:53:22 | 000,075,136 | ---- | C] () -- C:\windows\SysWow64\PnkBstrA.exe [2012.04.18 10:50:20 | 000,000,000 | ---- | C] () -- C:\windows\ativpsrm.bin [2012.04.18 10:47:39 | 000,204,952 | ---- | C] () -- C:\windows\SysWow64\ativvsvl.dat [2012.04.18 10:47:39 | 000,157,144 | ---- | C] () -- C:\windows\SysWow64\ativvsva.dat [2012.04.18 10:47:39 | 000,003,917 | ---- | C] () -- C:\windows\SysWow64\atipblag.dat [2012.04.18 10:23:31 | 000,000,032 | ---- | C] () -- C:\windows\CD_Start.INI [2012.04.18 10:19:43 | 000,085,761 | ---- | C] () -- C:\windows\SysWow64\tnblf.exe [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\windows\SysWow64\winiml.dat [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\winiml.dat [2011.05.22 14:09:18 | 000,019,624 | ---- | C] () -- C:\ProgramData\iml.xml [2011.04.09 17:55:28 | 000,179,261 | ---- | C] () -- C:\windows\SysWow64\xlive.dll.cat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Wegen dem Internet Stick bin ich mal der Meinung das etwas in der Registry gelöscht wurde, denn nach Neuinstallation funzte es wieder bisher fehlerfrei. Also bin ich der Annahme das die Schadsoftware in der Regisrty rumgegeistert ist. Ich bedanke mich schon mal im vorraus !!! Smoky983 |
26.11.2012, 08:24 | #2 | |
/// Malwareteam | OTL Logfiles auswertung nach virusschädenZitat:
Wer geklaute Software einsetzt, braucht sich über Virusschäden nicht zu wundern! Alleine der Besuch auf Seiten, welche diese Dateien zum Download anbieten, beinhaltet ein hohes Risiko sich zu infizieren. Wenn Du den Crack startest, startest du eine ausführbare Datei aus einer sehr dubiosen Quelle. Im Quellcode der Datei kann alles mögliche stehen. ( z.B downloaden und ausführen von Malwaredateien ) Dies ist einer der Hauptursachen für Infektionen. Ausserdem sind Cracks, Keygens, usw. illegal und das ist genauso Diebstahl wie in einem Laden. Darum haben wir uns darauf geeinigt: Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden. Deshalb beschränkt sich unsere Hilfe für dich auf eine Anleitung zur Neuinstallation und Absicherung des Systems
__________________ |
26.11.2012, 13:25 | #3 |
| OTL Logfiles auswertung nach virusschäden HO HO HO, da muss ich erstmal ein dickes fettes Veto einlegen. Denn der PDA-NET ist nicht Illegal erworben !!! Da ich ihn anfangs als "freeware" auf meinem Rechner geladen hatte und nach 14 Tagen wurde der Dienst eingestell und mir wurde der Key, zur freischaltung der Vollversion gegen einen Aufpreis, angeboten. Dieses angebot nahm ich dann auch an und bekam den Key dann auch zugesand. Den Download von Programm und Key legte ich dann in einem Extraordner auf dem Desktop an. Da ich bemerkte, dass mir PDA-Net auf dem Handy sämtliche Interneteinstellungen verstellte, sogar so doll dass ich mein Handy wieder auf Werkseinstelungen resetten musste. Also löschte ich es wieder, da ich aber dafür bezahlt habe, habe ich installationsdatei und Key auf dem Rechner gelassen.
__________________Es wäre ganz nett wenn mir dennoch geholfen wird. |
Themen zu OTL Logfiles auswertung nach virusschäden |
adobe, antivirus, aufgehangen, autorun, bho, bluescreen, desktop.ini, explorer, firefox, firewall, flash player, format, freude, helper, home, internet, logfile, mozilla, nodrives, nvidia, nvidia update, programm, programme, registry, scan, security, senden, software, stick, vdeck.exe, verbindungsfehler, windows |