| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: erstelltes Thema erscheint nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.12.2012, 21:58
| #16 |
 |  erstelltes Thema erscheint nicht Hallo Matthias, nach sfc/scannnow erschien die Meldung, das einige Dateien nicht repariert werden konnten. Gruß LisaCharly SystemLook 30.07.11 by jpshortstuff Log created at 21:48 on 17/12/2012 by Rita Administrator - Elevation successful ========== filefind ========== Searching for "*chatzum*" C:\chatzum_nt.exe --a---- 3782214 bytes [23:15 29/08/2012] [23:15 29/08/2012] 67D07346CDAEF4D4A2E8178DB8D82C33 C:\Users\Rita\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KQ6H8NRF\search.chatzum[1].xml --a---- 367 bytes [06:42 20/10/2012] [06:42 20/10/2012] 81446B474C5EAEA8F477B50962C8E1EE ========== folderfind ========== Searching for "*chatzum*" No folders found. ========== regfind ========== Searching for "chatzum" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "DisplayName"="ChatZum Search" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "URL"="hxxp://search.chatzum.com/?q={searchTerms}" [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes] "TopResultURLFallback"="hxxp://search.chatzum.com/?q={searchTerms}" [HKEY_CURRENT_USER\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\chatzum_nt.exe"="chatzum_nt" [HKEY_CURRENT_USER\Software\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\chatzum_nt_RASAPI32] [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Tracing\chatzum_nt_RASMANCS] [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1000\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1000\Software\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1000_Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Microsoft\Internet Explorer\SearchScopes] "DisplayName"="ChatZum Search" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Microsoft\Internet Explorer\SearchScopes] "URL"="hxxp://search.chatzum.com/?q={searchTerms}" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Microsoft\Internet Explorer\SearchScopes] "TopResultURLFallback"="hxxp://search.chatzum.com/?q={searchTerms}" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\chatzum_nt.exe"="chatzum_nt" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002\Software\Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002_Classes\Local Settings\Software\Microsoft\Windows\Shell\MuiCache] "C:\chatzum_nt.exe"="chatzum_nt" [HKEY_USERS\S-1-5-21-3306867040-4245769040-2452352677-1002_Classes\Software\Microsoft\Internet Explorer\Main] "Start Page"="hxxp://search.chatzum.com/" Searching for " " [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell] "ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell32] "ConfigXML"="<PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell32" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" Architecture="32" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell32" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> -= EOF =- |
|
18.12.2012, 15:12
| #17 |
| /// TB-Ausbilder   | erstelltes Thema erscheint nicht Servus,
__________________ein kleiner Hinweis: ComboFix wird am Ende des Suchlaufs zwei Dateien hochladen. Dies bitte zulassen und den Anweisungen folgen! Vielen Dank! Schritt 1
Code:
ATTFilter /md5start
explorer.exe
ntdll.dll
/md5stop
Schritt 2 Combofix-Skript
Bitte poste mit deiner nächsten Antwort
|
|
19.12.2012, 18:35
| #18 |
| | erstelltes Thema erscheint nicht Hallo Matthias,
__________________bin genau nach Anweisung vorgegangen. Nach Ausführen von Combofix erschien folgende Meldung: "Combofix muß Maleware zur weiteren Analyse zur Verfügung stellen. Bitte stellen sie sicher, daß sie mit dem Internet verbunden sind." Danach wollte ich Firefox starten, und es kam folgende Meldung: "Es wurde versucht, einen Registrierungsschlüssel einem unzulässigen Vorgang zu unterziehen, der zum Löschen markiert wurde" > OK "Dieses Elemant kann nicht gestartet werden, es wurde verschoben oder gelöscht. Möchten sie dieses Element entfernen?" Habe "Nein" gewählt. Meldung kam immer wieder und ich habe dann "Ja" gewählt. Danach ließ sich Firefox und auch der Internet Explorer nicht mehr starten. Habe dann den PC auf den Wiederherstellungspunkt vor dieser Aktion zurückgesetzt. Hier jetzt die Log Dateien:OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 16:59:18 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 6,30 Gb Available Physical Memory | 79,64% Memory free
15,83 Gb Paging File | 14,02 Gb Available in Paging File | 88,57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 106,71 Gb Free Space | 57,28% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 142,91 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
========== Custom Scans ==========
< MD5 for: EXPLORER.EXE >
[2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe
[2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe
[2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe
[2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe
[2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[2010.11.20 13:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe
[2010.11.20 14:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
[2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe
[2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe
< MD5 for: NTDLL.DLL >
[2010.11.20 14:28:38 | 001,731,936 | ---- | M] (Microsoft Corporation) MD5=3556D5A8BF2CC508BDAB51DEC38D7C61 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_b6fce3b112cd3657\ntdll.dll
[2011.04.13 02:30:32 | 001,739,176 | ---- | M] (Microsoft Corporation) MD5=50392ADDD57A8EBBA345E205AA49FE8C -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20826_none_b597541e2ecab8d4\ntdll.dll
[2011.11.17 07:53:22 | 001,747,400 | ---- | M] (Microsoft Corporation) MD5=56905D1F244981BAE418ED3096E8F544 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.21092_none_b5477d8a2f074778\ntdll.dll
[2011.04.13 02:30:32 | 001,293,120 | ---- | M] (Microsoft Corporation) MD5=5ED76A46EFF78575F99D3BF3302889CF -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_bf15b0014a47881e\ntdll.dll
[2011.04.13 02:30:32 | 001,739,176 | ---- | M] (Microsoft Corporation) MD5=678084C231715CB38A23D7326D6839BA -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16695_none_b4c105af15e6c623\ntdll.dll
[2011.11.17 08:14:10 | 001,739,160 | ---- | M] (Microsoft Corporation) MD5=68DB778AC4FD7896CE2F153353BA15C8 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16915_none_b5178ac115a5de10\ntdll.dll
[2011.11.17 07:30:03 | 001,740,160 | ---- | M] (Microsoft Corporation) MD5=90D3125EE1268D1EEE7751ED54BA41C9 -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.21861_none_b74d73ce2c16101f\ntdll.dll
[2011.11.17 08:17:33 | 001,297,224 | ---- | M] (Microsoft Corporation) MD5=A0145206D9B6C9270D139ADB10CDDCF0 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.21092_none_bf9c27dc63680973\ntdll.dll
[2009.07.14 02:43:10 | 001,736,792 | ---- | M] (Microsoft Corporation) MD5=BC8E5D3038E2CA27AFE8B692907BFD9A -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16385_none_b4cbcfe915deb2bd\ntdll.dll
[2011.11.17 07:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) MD5=CF95B85FF8D128385ABD411C8CA74DED -- C:\Windows\SysNative\ntdll.dll
[2011.11.17 07:41:18 | 001,731,920 | ---- | M] (Microsoft Corporation) MD5=CF95B85FF8D128385ABD411C8CA74DED -- C:\Windows\winsxs\amd64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_b6f317db12d465ed\ntdll.dll
[2011.11.17 06:31:42 | 001,296,200 | ---- | M] (Microsoft Corporation) MD5=D090CC80116EBA8F4852DFE6D05684FD -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.21861_none_c1a21e206076d21a\ntdll.dll
[2011.04.13 02:30:32 | 001,293,632 | ---- | M] (Microsoft Corporation) MD5=D0987BB5FA4155F5998985AE9F5D9994 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.20826_none_bfebfe70632b7acf\ntdll.dll
[2009.07.14 02:17:51 | 001,289,712 | ---- | M] (Microsoft Corporation) MD5=D0B2C365CAB344F1BED8A0DADD507D96 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16385_none_bf207a3b4a3f74b8\ntdll.dll
[2010.11.20 13:24:36 | 001,292,096 | ---- | M] (Microsoft Corporation) MD5=D124F55B9393C976963407DFF51FFA79 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17514_none_c1518e03472df852\ntdll.dll
[2011.11.17 06:41:38 | 001,292,592 | ---- | M] (Microsoft Corporation) MD5=DB6DD54A93522CA3572D04B56C5DB890 -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7600.16915_none_bf6c35134a06a00b\ntdll.dll
[2011.11.17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) MD5=E73B0F1819602CB6EF176FB78D76A47B -- C:\Windows\SysWOW64\ntdll.dll
[2011.11.17 06:38:39 | 001,292,080 | ---- | M] (Microsoft Corporation) MD5=E73B0F1819602CB6EF176FB78D76A47B -- C:\Windows\winsxs\wow64_microsoft-windows-ntdll_31bf3856ad364e35_6.1.7601.17725_none_c147c22d473527e8\ntdll.dll
< >
< End of report >
Combofix Logfile: Code:
ATTFilter ComboFix 12-12-19.02 - Rita 19.12.2012 17:39:01.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8104.6420 [GMT 1:00]
ausgeführt von:: c:\users\Rita\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Rita\Desktop\CFScript.txt
AV: Trend Micro Titanium Internet Security *Disabled/Outdated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Outdated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-19 bis 2012-12-19 ))))))))))))))))))))))))))))))
.
.
2012-12-19 16:45 . 2012-12-19 16:45 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-19 16:45 . 2012-12-19 16:45 -------- d-----w- c:\users\Gast\AppData\Local\temp
2012-12-19 16:45 . 2012-12-19 16:45 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-13 11:11 . 2012-12-13 11:11 -------- d-----w- c:\windows\ERUNT
2012-12-13 11:11 . 2012-12-13 11:11 -------- d-----w- C:\JRT
2012-12-12 11:13 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-07 20:10 . 2012-12-07 20:10 -------- d-----w- c:\users\Rita\AppData\Roaming\ParetoLogic
2012-12-07 20:10 . 2012-12-07 20:10 -------- d-----w- c:\users\Rita\AppData\Roaming\DriverCure
2012-12-07 20:10 . 2012-12-07 20:43 -------- d-----w- c:\programdata\ParetoLogic
2012-12-06 15:52 . 2012-12-06 15:52 -------- d-----w- c:\windows\de
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\en
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\el
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\es
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\fr
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\he
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\it
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\nl
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\ru
2012-12-06 15:51 . 2012-12-06 15:51 -------- d-----w- c:\windows\ar
2012-12-06 15:48 . 2012-12-06 15:48 -------- d-----w- c:\program files (x86)\Microsoft SQL Server Compact Edition
2012-12-06 15:39 . 2012-12-06 15:39 -------- d-----w- c:\program files\Windows Live
2012-12-06 15:38 . 2010-06-02 03:55 77656 ----a-w- c:\windows\system32\XAPOFX1_5.dll
2012-12-06 15:38 . 2010-06-02 03:55 74072 ----a-w- c:\windows\SysWow64\XAPOFX1_5.dll
2012-12-06 15:38 . 2010-06-02 03:55 527192 ----a-w- c:\windows\SysWow64\XAudio2_7.dll
2012-12-06 15:38 . 2010-06-02 03:55 518488 ----a-w- c:\windows\system32\XAudio2_7.dll
2012-12-06 15:38 . 2010-05-26 10:41 276832 ----a-w- c:\windows\system32\d3dx11_43.dll
2012-12-06 15:38 . 2010-05-26 10:41 2526056 ----a-w- c:\windows\system32\D3DCompiler_43.dll
2012-12-06 15:38 . 2010-05-26 10:41 248672 ----a-w- c:\windows\SysWow64\d3dx11_43.dll
2012-12-06 15:38 . 2010-05-26 10:41 2106216 ----a-w- c:\windows\SysWow64\D3DCompiler_43.dll
2012-12-06 15:37 . 2012-12-06 15:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\a0d784621cdd3c708\dsetup32.dll
2012-12-06 15:37 . 2012-12-06 15:37 94040 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37 525656 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37 1691480 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\92dba32a1cdd3c704\dsetup32.dll
2012-12-06 15:37 . 2012-12-06 15:37 89944 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\DSETUP.dll
2012-12-06 15:37 . 2012-12-06 15:37 537432 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\DXSETUP.exe
2012-12-06 15:37 . 2012-12-06 15:37 1801048 ----a-w- c:\program files (x86)\Common Files\Windows Live\.cache\8c04d20b1cdd3c702\dsetup32.dll
2012-12-06 13:53 . 2012-12-06 13:53 -------- d-----w- c:\users\Rita\AppData\Roaming\Malwarebytes
2012-12-06 13:53 . 2012-12-06 13:53 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-06 13:53 . 2012-12-06 13:53 -------- d-----w- c:\programdata\Malwarebytes
2012-12-06 13:53 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-06 13:32 . 2012-12-06 13:32 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-11-29 14:56 . 2012-11-29 14:56 -------- d-----w- c:\users\Gast\AppData\Local\Mozilla
2012-11-29 14:56 . 2012-11-29 14:56 -------- d-----w- c:\users\Gast\AppData\Local\Power2Go
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-13 09:03 . 2012-01-07 15:46 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-14 09:49 . 2012-04-25 07:38 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-11-14 09:49 . 2012-03-11 16:55 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-10-16 08:38 . 2012-11-28 11:44 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:44 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:44 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-14 15:48 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-14 15:48 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-14 15:48 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-14 15:48 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:40 . 2012-12-12 11:13 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-14 15:48 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-14 15:48 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-14 15:48 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-14 15:48 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-14 15:48 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-14 15:48 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-14 15:48 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-14 15:48 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-14 15:48 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-14 15:48 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-14 15:48 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-28 20:03 . 2012-09-28 20:04 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-28 20:03 . 2012-07-05 16:21 821736 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-09-28 20:03 . 2012-02-15 15:09 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-25 22:47 . 2012-11-14 15:48 78336 ----a-w- c:\windows\SysWow64\synceng.dll
2012-09-25 22:46 . 2012-11-14 15:48 95744 ----a-w- c:\windows\system32\synceng.dll
2012-09-21 07:08 . 2011-12-27 19:02 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-09-21 07:07 . 2011-12-27 19:02 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2011-12-09 08:51 . 2012-02-14 18:13 1456640 ----a-w- c:\program files (x86)\Common Files\Falk Navi-Manager.msi
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"ASUSPRP"="c:\program files (x86)\ASUS\APRP\APRP.EXE" [2011-04-13 2018032]
"ASUSWebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe" [2011-02-23 731472]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-08-17 5732992]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-23 1601536]
"RemoteControl10"="c:\program files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-11-12 75048]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Garmin Lifetime Updater"="c:\program files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe" [2012-05-23 1466760]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-09-23 926896]
.
c:\users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-11 29425864]
Intel(R) Turbo Boost Technology Monitor 2.0.lnk - c:\program files\Intel\TurboBoost\SignalIslandUi.exe [2010-11-29 204288]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-4-13 548528]
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [2000-1-21 65588]
Ulead Kalendar Checker 4.0 SE.lnk - c:\program files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe [2011-12-18 69632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"midi2"=wdmaud.drv
.
2;2 UNS;Intel(R) Management and Security Application User Notification Service [x]
R2 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/10/22 09:22;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-11-12 241648]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-20 31232]
R3 TurboBoost;Intel(R) Turbo Boost Technology Monitor 2.0;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-11-29 149504]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-02-08 25960]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-03-13 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-03-13 74912]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-11-29 16120]
S3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2010-08-11 44032]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-03-13 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-03-13 298656]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\DRIVERS\btath_bus.sys [2011-03-13 28832]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\DRIVERS\btath_hcrp.sys [2011-03-13 201376]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-03-13 55456]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\DRIVERS\btath_rcp.sys [2011-03-13 154272]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-03-13 280224]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-08-24 76912]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2010-09-02 08:41 220160 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 162552 ----a-w- c:\users\Rita\AppData\Roaming\Dropbox\bin\DropboxExt64.17.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Trend Micro Titanium"="c:\program files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe" [2011-10-08 1111568]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-10 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-10 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-10 418328]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-03-01 2189416]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SynAsusAcpi"="c:\program files (x86)\Synaptics\SynTP\SynAsusAcpi.exe" [BU]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-03-13 617120]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-03-13 379552]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2011-02-10 197152]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 660360]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild in &Microsoft PhotoDraw öffnen - c:\progra~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\
FF - prefs.js: browser.startup.homepage - hxxps://www.google.de/
FF - prefs.js: network.proxy.type - 0
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_4_402_278_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash32_11_4_402_278.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows CE Services]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,4f,00,46,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-19 17:50:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-19 16:50
ComboFix2.txt 2012-12-13 14:31
.
Vor Suchlauf: 18 Verzeichnis(se), 114.223.734.784 Bytes frei
Nach Suchlauf: 20 Verzeichnis(se), 114.499.719.168 Bytes frei
.
- - End Of File - - C88D8E374531C70F9FD02A5D48842EC7
Hochladen war erfolgreich |
|
19.12.2012, 20:02
| #19 | |||
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus, Zitat:
 Zitat:
Das habe ich im Übrigen in meiner ersten ComboFix Anleitung auch geschrieben: http://www.trojaner-board.de/127929-erstelltes-thema-erscheint.html#post971197 (Schritt 4) Es wäre ganz einfach gewesen. Du machst, was du willst und klickst auf "Ja". Damit bist du selber verantwortlich für die Tatsache, dass der IE und FF nicht mehr funktionierten: Zitat:
Ich frage mich manchmal wirklich, ob meine Anleitungen auch richtig durchgelesen werden...  Gibt es noch Probleme, die auf Malware hindeuten? Starte bitte OTL.exe und drücke den Quick Scan Button. Poste die OTL.txt hier in deinen Thread. |
|
19.12.2012, 21:30
| #20 |
| | erstelltes Thema erscheint nicht Hallo Matthias, sorry, ich bin davon ausgegangen, daß ich mich an die Anweisungen halten muß, die Du mir zuletzt gegeben hast. (hast Du mir ja mal anfangs zur Anwendung der otl.exe geschrieben) Nochmal, ich habe einen Fehler gemacht, tut mir leid. Die Probleme wie am 17.12.12, 17:00 beschrieben bestehen noch.OTL Logfile: Code:
ATTFilter OTL logfile created on: 19.12.2012 21:07:42 - Run 8
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rita\Downloads
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
7,91 Gb Total Physical Memory | 5,65 Gb Available Physical Memory | 71,39% Memory free
15,83 Gb Paging File | 13,40 Gb Available in Paging File | 84,66% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,30 Gb Total Space | 108,39 Gb Free Space | 58,18% Space Free | Partition Type: NTFS
Drive D: | 254,45 Gb Total Space | 254,25 Gb Free Space | 99,92% Space Free | Partition Type: NTFS
Drive F: | 465,76 Gb Total Space | 142,91 Gb Free Space | 30,68% Space Free | Partition Type: NTFS
Drive G: | 1,84 Gb Total Space | 1,59 Gb Free Space | 86,17% Space Free | Partition Type: FAT
Computer Name: RITA-PC | User Name: Rita | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012.12.14 18:42:37 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rita\Downloads\OTL(1).exe
PRC - [2012.12.11 22:05:24 | 029,425,864 | ---- | M] (Dropbox, Inc.) -- C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.11.29 09:26:08 | 000,916,960 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.05.23 12:32:38 | 001,466,760 | ---- | M] (Garmin) -- C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe
PRC - [2011.10.22 17:19:04 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
PRC - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.12 08:24:12 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.10.07 22:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2010.08.17 22:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.02.03 08:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
PRC - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.02 22:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.06.19 18:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
PRC - [2002.05.03 10:47:46 | 000,069,632 | ---- | M] (Ulead Systems, Inc.) -- C:\Program Files (x86)\Ulead Systems\Ulead Photo Express 4.0 SE\CalCheck.exe
========== Modules (No Company Name) ==========
MOD - [2012.11.29 09:26:21 | 002,397,152 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.11.15 15:33:37 | 001,801,728 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\5e3ccfdf88ccd6a9ff4e6ddae7e3fec6\System.Xaml.ni.dll
MOD - [2012.11.15 15:33:37 | 000,393,216 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml.Linq\d6dc54d6b4aadbc921d00c3b76647e61\System.Xml.Linq.ni.dll
MOD - [2012.11.14 17:20:25 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\d040079bc7148afeca03c5abb6fc3c61\System.Windows.Forms.ni.dll
MOD - [2012.11.14 17:20:20 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\4e80768a2d88c7a333e43cbb7a6c0705\System.Drawing.ni.dll
MOD - [2012.11.14 17:20:19 | 000,025,600 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\Accessibility\70705382a499703e7a595fada80b04e6\Accessibility.ni.dll
MOD - [2012.11.14 17:20:07 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\25e672ea505e50ab058258ac72a54f02\System.Xml.ni.dll
MOD - [2012.11.14 17:20:04 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\c64ca3678261c8ffcd9e7efd1af6ed54\System.Configuration.ni.dll
MOD - [2012.11.14 17:20:03 | 007,988,736 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\9dd758ac0bf7358ac6e4720610fcc63c\System.ni.dll
MOD - [2012.11.14 17:19:56 | 011,493,376 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\187d7c66735c533de851c76384f86912\mscorlib.ni.dll
MOD - [2012.11.14 17:00:19 | 018,002,944 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\c881e2d2ec912499834feb85c4c2e483\PresentationFramework.ni.dll
MOD - [2012.11.14 17:00:08 | 011,451,904 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\58f50a891bafb8fd7149e6eebc2b7b52\PresentationCore.ni.dll
MOD - [2012.11.14 17:00:01 | 003,858,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\05ebffcb5aac31412fea8c38cbac8df8\WindowsBase.ni.dll
MOD - [2012.11.14 16:59:59 | 000,595,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\cbb227c0a77a5b15a1255220984239f2\PresentationFramework.Aero.ni.dll
MOD - [2012.11.14 16:57:52 | 013,198,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\caffbced23ee85b40b919ad4a122b7aa\System.Windows.Forms.ni.dll
MOD - [2012.11.14 16:57:45 | 007,069,184 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\752225ca2585aa8f1c46b489e172e920\System.Core.ni.dll
MOD - [2012.11.14 16:57:41 | 005,617,664 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\cb0c00757e89f0b1fe282913ed667212\System.Xml.ni.dll
MOD - [2012.11.14 16:57:41 | 000,736,768 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Security\e450f586600c27379b52c1058292cfd9\System.Security.ni.dll
MOD - [2012.11.14 16:57:39 | 001,666,048 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\9422d0c052186760a4645e10995487f5\System.Drawing.ni.dll
MOD - [2012.11.14 16:57:36 | 009,093,632 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\System\811a7bc79f8f0a5be8065292a320819e\System.ni.dll
MOD - [2012.11.14 16:57:31 | 014,412,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v4.0.30319_32\mscorlib\16126cae96ea2422253ae06eeb672abc\mscorlib.ni.dll
MOD - [2012.09.12 15:57:52 | 000,282,112 | ---- | M] () -- C:\Program Files (x86)\Windows Live\Writer\de\WindowsLive.Writer.Localization.resources.dll
MOD - [2010.11.13 00:26:08 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010.09.24 00:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.11.02 22:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 22:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2007.11.30 19:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
========== Services (SafeList) ==========
SRV:64bit: - File not found [Auto | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp)
SRV:64bit: - [2010.11.30 21:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2010.11.29 23:00:56 | 000,149,504 | ---- | M] (Intel(R) Corporation) [On_Demand | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.11.29 09:26:17 | 000,115,168 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.09.29 19:54:26 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.09.29 19:54:26 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.09.23 20:43:34 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.07.13 12:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011.03.13 18:59:18 | 000,138,400 | ---- | M] (Atheros) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent)
SRV - [2011.03.13 18:58:30 | 000,074,912 | ---- | M] (Atheros Commnucations) [Auto | Running] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc)
SRV - [2011.02.08 03:55:14 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.11.12 23:24:12 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56)
SRV - [2010.10.06 05:04:12 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS)
SRV - [2010.10.06 05:04:08 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS)
SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009.12.15 18:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.06.16 01:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2007.05.31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012.09.29 19:54:26 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.13 18:58:44 | 000,280,224 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter)
DRV:64bit: - [2011.03.13 18:58:44 | 000,201,376 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,154,272 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP)
DRV:64bit: - [2011.03.13 18:58:44 | 000,055,456 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT)
DRV:64bit: - [2011.03.13 18:58:42 | 000,298,656 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP)
DRV:64bit: - [2011.03.13 18:58:42 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort)
DRV:64bit: - [2011.03.13 18:58:42 | 000,028,832 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.04 04:42:20 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP)
DRV:64bit: - [2011.02.08 03:55:06 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.01.27 01:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.29 23:00:04 | 000,016,120 | ---- | M] (Intel(R) Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2010.11.20 14:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:07:06 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010.11.05 16:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2010.10.14 17:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud)
DRV:64bit: - [2010.09.21 17:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2010.09.17 09:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm)
DRV:64bit: - [2010.09.17 09:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi)
DRV:64bit: - [2010.09.17 09:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon)
DRV:64bit: - [2010.09.17 09:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr)
DRV:64bit: - [2010.08.24 10:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2010.08.11 07:11:26 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2010.07.08 10:03:48 | 002,228,736 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.07.20 10:29:40 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2008.05.24 01:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.11.02 13:22:30 | 000,145,448 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdm.sys -- (s217mdm)
DRV:64bit: - [2007.11.02 13:22:30 | 000,138,792 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217unic.sys -- (s217unic)
DRV:64bit: - [2007.11.02 13:22:30 | 000,124,968 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217obex.sys -- (s217obex)
DRV:64bit: - [2007.11.02 13:22:30 | 000,033,832 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217nd5.sys -- (s217nd5)
DRV:64bit: - [2007.11.02 13:22:28 | 000,108,072 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217bus.sys -- (s217bus)
DRV:64bit: - [2007.11.02 13:22:28 | 000,019,496 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\s217mdfl.sys -- (s217mdfl)
DRV - [2010.07.26 21:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 01:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com
IE:64bit: - HKLM\..\SearchScopes,DefaultScope =
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=NP06&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF - prefs.js..extensions.enabledAddons: amznUWL2%40amazon.com:1.10
FF - prefs.js..extensions.enabledAddons: %7B195A3098-0BD5-4e90-AE22-BA1C540AFD1E%7D:4.0.4
FF - prefs.js..extensions.enabledAddons: %7Ba7c6cf7f-112c-4500-a7ea-39801a327e5f%7D:2.0.7
FF - prefs.js..extensions.enabledAddons: %7Bada4b710-8346-4b82-8199-5de2b400a6ae%7D:2.0.2
FF - prefs.js..extensions.enabledAddons: %7Bdc572301-7619-498c-a57d-39143191b318%7D:0.4.0.3.1
FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0033-ABCDEFFEDCBA%7D:6.0.33
FF - prefs.js..extensions.enabledAddons: %7B9AA46F4F-4DC7-4c06-97AF-5035170634FE%7D:5.0.3
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1
FF - prefs.js..network.proxy.type: 0
FF - user.js - File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_110.dll File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_110.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3505.0912: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\firefoxextension\ [2012.04.22 18:52:47 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.06 14:32:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.02 11:47:19 | 000,000,000 | ---D | M]
[2011.12.16 11:52:06 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Extensions
[2012.12.13 12:20:55 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions
[2012.12.01 11:26:47 | 000,000,000 | ---D | M] (Garmin Communicator) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{195A3098-0BD5-4e90-AE22-BA1C540AFD1E}
[2012.11.15 15:38:33 | 000,000,000 | ---D | M] (ReminderFox) -- C:\Users\Rita\AppData\Roaming\mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}
[2012.09.20 08:18:12 | 000,243,287 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\amznUWL2@amazon.com.xpi
[2012.12.06 16:00:54 | 000,109,804 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{9AA46F4F-4DC7-4c06-97AF-5035170634FE}.xpi
[2012.08.24 09:20:22 | 000,341,143 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}.xpi
[2012.11.25 13:13:14 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
[2012.12.01 11:26:47 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Rita\AppData\Roaming\mozilla\firefox\profiles\h2n1xlg0.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi
[2012.12.06 14:32:57 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.12.02 11:47:19 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.11.29 09:26:57 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.11.29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.11.29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.11.29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.11.29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.11.29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.11.29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012.12.13 15:27:53 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.)
O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations)
O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4:64bit: - HKLM..\Run: [SynAsusAcpi] C:\Program Files\Synaptics\SynTP\SynAsusAcpi.exe (Synaptics Incorporated)
O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Trend Micro Titanium] C:\Program Files\Trend Micro\Titanium\UIFramework\uiWinMgr.exe (Trend Micro Inc.)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: [ASUSPRP] C:\Program Files (x86)\ASUS\APRP\APRP.EXE (ASUSTek Computer Inc.)
O4 - HKLM..\Run: [ASUSWebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\3.0.84.161\AsusWSPanel.exe (ecareme)
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [Garmin Lifetime Updater] C:\Program Files (x86)\Garmin\Lifetime Updater\GarminLifetime.exe (Garmin)
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe ()
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Rita\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Intel(R) Turbo Boost Technology Monitor 2.0.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O8 - Extra context menu item: Bild in &Microsoft PhotoDraw öffnen - res://C:\PROGRA~2\MICROS~1\Office\1031\phdintl.dll/phdContext.htm File not found
O9:64bit: - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - Reg Error: Value error. File not found
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.7.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{ED3976E2-EE94-4416-8503-DFC2E9B6A97E}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ipp - No CLSID value found
O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe64.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg.dll (Trend Micro Inc.)
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.6.1010\6.6.1010\TmBpIe32.dll (Trend Micro Inc.)
O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1504\6.6.1088\TmIEPlg32.dll (Trend Micro Inc.)
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
========== Files/Folders - Created Within 30 Days ==========
[2012.12.19 18:11:16 | 000,000,000 | R--D | C] -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
[2012.12.19 17:45:34 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.12.17 15:43:15 | 000,000,000 | ---D | C] -- C:\_OTL
[2012.12.13 17:37:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2012.12.13 15:13:32 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.12.13 15:13:32 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.12.13 15:13:32 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.12.13 15:13:17 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.12.13 15:13:03 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.12.13 12:11:39 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2012.12.13 12:11:29 | 000,000,000 | ---D | C] -- C:\JRT
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.12.07 21:10:51 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.07 21:10:43 | 000,000,000 | ---D | C] -- C:\ProgramData\ParetoLogic
[2012.12.06 16:52:19 | 000,000,000 | ---D | C] -- C:\Windows\de
[2012.12.06 16:51:35 | 000,000,000 | R--D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
[2012.12.06 16:51:33 | 000,000,000 | ---D | C] -- C:\Windows\en
[2012.12.06 16:51:29 | 000,000,000 | ---D | C] -- C:\Windows\el
[2012.12.06 16:51:27 | 000,000,000 | ---D | C] -- C:\Windows\es
[2012.12.06 16:51:25 | 000,000,000 | ---D | C] -- C:\Windows\fr
[2012.12.06 16:51:23 | 000,000,000 | ---D | C] -- C:\Windows\he
[2012.12.06 16:51:21 | 000,000,000 | ---D | C] -- C:\Windows\it
[2012.12.06 16:51:19 | 000,000,000 | ---D | C] -- C:\Windows\nl
[2012.12.06 16:51:16 | 000,000,000 | ---D | C] -- C:\Windows\ru
[2012.12.06 16:51:13 | 000,000,000 | ---D | C] -- C:\Windows\ar
[2012.12.06 16:48:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft SQL Server Compact Edition
[2012.12.06 16:39:14 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live
[2012.12.06 15:13:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{66E2F6A7-298E-4EF0-A61F-747A46BFCF85}
[2012.12.06 14:53:46 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Roaming\Malwarebytes
[2012.12.06 14:53:42 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.12.06 14:53:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.12.06 14:32:58 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2012.12.05 17:20:23 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{D501D416-841F-4D21-9F3F-6CDB3C0B0922}
[2012.12.02 19:40:29 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{C2057799-37A2-4DF5-A56B-BAE7C9403A3D}
[2012.12.02 11:47:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2012.12.01 18:26:48 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{BEFC6E3E-06F7-4375-9426-D4BC01AC11F0}
[2012.11.30 10:31:03 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{1C634F90-39BF-4295-9062-1D3813CEFAD9}
[2012.11.29 13:13:31 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{FF70CEBB-A9A2-41AF-8BC5-CF26966D4B2D}
[2012.11.28 12:39:02 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5BFC3B52-551D-4958-98EE-B52CE182B879}
[2012.11.27 15:36:57 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{34B58A2C-72E8-4260-8A2B-E7266FBD3F93}
[2012.11.26 14:43:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{2A7AC3A5-D422-4996-915B-B1A061D3F8BF}
[2012.11.23 14:58:36 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{5237B8CC-24E1-4538-8EE3-9BF0CD73EC8B}
[2012.11.22 10:41:04 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{392E0CC6-0D82-4E60-A31E-56BEF369D4E1}
[2012.11.21 10:20:18 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{6372F3BA-E0A9-43C3-B8D8-79B3A9C5BEDC}
[2012.11.20 11:22:35 | 000,000,000 | ---D | C] -- C:\Users\Rita\AppData\Local\{EE97A51C-4538-4B31-B285-DDA8CE76EE6F}
========== Files - Modified Within 30 Days ==========
[2012.12.19 20:48:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.12.19 18:17:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 18:17:47 | 000,009,696 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.12.19 18:10:11 | 2078,388,223 | -HS- | M] () -- C:\hiberfil.sys
[2012.12.15 15:11:12 | 000,001,051 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.15 15:11:01 | 000,001,017 | ---- | M] () -- C:\Users\Rita\Desktop\Dropbox.lnk
[2012.12.13 15:27:53 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.12.13 10:18:27 | 000,423,816 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.12.06 16:56:44 | 000,001,362 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.12.06 16:48:27 | 000,000,020 | ---- | M] () -- C:\Windows\4úY
[2012.12.06 15:46:22 | 000,000,000 | ---- | M] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | M] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.22 22:15:33 | 000,002,324 | ---- | M] () -- C:\Windows\SysNative\AutoRunFilter.ini
[2012.11.21 17:51:16 | 000,000,020 | ---- | M] () -- C:\Windows\v
========== Files Created - No Company Name ==========
[2012.12.13 15:13:32 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.12.13 15:13:32 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.12.13 15:13:32 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.12.13 15:13:32 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.12.13 15:13:32 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.12.06 16:51:12 | 000,001,307 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
[2012.12.06 16:51:05 | 000,001,376 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
[2012.12.06 16:48:26 | 000,000,020 | ---- | C] () -- C:\Windows\4úY
[2012.12.06 16:40:25 | 000,002,488 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Messenger.lnk
[2012.12.06 15:46:22 | 000,000,000 | ---- | C] () -- C:\Users\Rita\defogger_reenable
[2012.12.06 14:53:43 | 000,001,115 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.06 14:32:58 | 000,001,153 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk
[2012.11.21 17:51:16 | 000,000,020 | ---- | C] () -- C:\Windows\v
[2012.09.30 18:25:10 | 000,004,433 | ---- | C] () -- C:\Windows\jwwp_x.ini
[2012.07.15 10:48:24 | 000,004,934 | ---- | C] () -- C:\ProgramData\innbfrij.xis
[2012.02.14 19:13:54 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.01.01 21:11:39 | 001,557,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.12.30 17:37:38 | 000,338,432 | ---- | C] () -- C:\Windows\SysWow64\sqlite36_engine.dll
[2011.12.18 20:32:44 | 000,001,471 | ---- | C] () -- C:\Windows\ODBCINST.INI
[2011.12.16 18:57:20 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.12.16 12:17:20 | 000,000,017 | ---- | C] () -- C:\Users\Rita\AppData\Local\resmon.resmoncfg
[2011.10.22 17:05:52 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll
[2011.05.31 04:24:17 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.05.31 04:23:33 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.05.31 04:23:31 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.05.31 04:23:30 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
========== ZeroAccess Check ==========
[2012.11.09 23:09:20 | 000,000,596 | ---- | M] () -- C:\Users\Rita\AppData\Roaming\Mozilla\Firefox\Profiles\h2n1xlg0.default\extensions\{ada4b710-8346-4b82-8199-5de2b400a6ae}\defaults\printing\icons\@.png
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
========== LOP Check ==========
[2011.12.16 11:53:59 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ASUS WebStorage
[2012.12.07 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\DriverCure
[2012.12.19 18:11:51 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Dropbox
[2012.06.03 19:23:11 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Garmin
[2012.07.27 11:15:36 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Imaxel
[2012.11.11 13:10:41 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\jpg-Illuminator
[2012.07.15 14:23:34 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\MOVAVI
[2011.12.18 18:00:49 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Nuance
[2012.12.07 21:10:51 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\ParetoLogic
[2012.09.04 16:36:44 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\SoftGrid Client
[2012.01.01 21:12:26 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\TP
[2011.12.20 18:43:32 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Windows Live Writer
[2011.12.16 18:17:08 | 000,000,000 | ---D | M] -- C:\Users\Rita\AppData\Roaming\Zeon
========== Purity Check ==========
< End of report >
Gruß LisaCharly |
|
20.12.2012, 16:45
| #21 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus,
Gibt es immer noch Probleme mit Chatzum in Firefox? |
|
20.12.2012, 17:57
| #22 |
| | erstelltes Thema erscheint nicht Hallo Matthias, es erscheint nichts wie chatzum search, sondern als Wert about:newtab. Wie soll ich weitermachen? Wie ich am 17.12.12. schon erläutert habe, erscheint beim Öffnen eines neuen Tabs in Firefox "Chatzum Search" nicht mehr. Allerdings ist unter c: die Datei: "chatzum_nt", Typ Anwendung, Größe 3694 KB, immer noch vorhanden. Kann das so bleiben oder ist noch etwas zu tun? Am 17.12.12, 21:58, habe ich geschrieben: ... nach Ausführen von sfc/scannnow erschien die Meldung, dass einige Dateien nicht repariert werden konnten. Darauf hast Du mir noch nicht geantwortet. Gruß LisaCharly |
|
20.12.2012, 18:06
| #23 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus, vielen Dank für die Rückmeldungen.  Wir entfernen jetzt noch die Dateien von chatzum von deinem Rechner, und zwar mit OTL. Wurde beim Ausführen des Befehls sfc /scannow auch angezeigt, welche Systemdateien nicht repariert werden konnten? Führe bitte den Befehl nochmals aus und berichte. Schritt 1 Fixen mit OTL
Code:
ATTFilter :files
C:\chatzum_nt.exe
C:\Users\Rita\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KQ6H8NRF\search.chatzum[1].xml
:Commands
[emptytemp]
Schritt 2 Drücke Start. Gib in den Suchleiste CMD ein. Bei den Ergebnisse rechtsklick auf die cmd.exe -> Als Administrator starten gib folgendes ein: sfc /scannow Bestätige mit Enter. Starte deinen Rechner im Abschluss neu auf. Bitte poste mit deiner nächsten Antwort
|
|
20.12.2012, 20:05
| #24 |
| | erstelltes Thema erscheint nicht Hallo Matthias die Meldung nach sfc/scanow habe ich als Anhang beigefügt.Wenn ich die cbs.log öffnen will, kommt die Meldung "Zugriff verweigert". und hier jetzt die OTL All processes killed ========== FILES ========== C:\chatzum_nt.exe moved successfully. C:\Users\Rita\AppData\LocalLow\Microsoft\Internet Explorer\DOMStore\KQ6H8NRF\search.chatzum[1].xml moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Gast ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->FireFox cache emptied: 0 bytes User: Public ->Temp folder emptied: 0 bytes User: Rita ->Temp folder emptied: 68960 bytes ->Temporary Internet Files folder emptied: 188621 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 21447781 bytes ->Flash cache emptied: 703 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 10542 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 21,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 12202012_185743 Files\Folders moved on Reboot... C:\Users\Rita\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... Gruß LisaCharly |
|
20.12.2012, 20:16
| #25 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus, eine der folgenden Möglichkeiten sollte dir Zugriff auf die Datei CBS.log geben: 1) Klicke auf Start Gib in die Suchleiste notepad ein Bei den Ergebnissen rechtsklick auf die notepad.exe -> Als Administrator starten Klicke auf Datei > Öffnen Navigiere in das angegebene Verzeichnis C:\Windows\Logs\CBS\CBS.log Wähle die datei CBS.log aus und klicke auf öffnen. 2) Rechtsklicke auf den Ordner CBS > Eigenschaften Wähle den Tab Sicherheit aus. Überprüfe, ob die Benutzergruppen System und Administratoren "Vollzugriff" haben. Wenn dem nicht so sein sollte, musst du entsprechende Häkchen setzen und mit Übernehmen und Ok bestätigen. Versuche anschließend mit 1) die Datei zu öffnen. Gibt es noch Probleme mit chatzum? |
|
21.12.2012, 17:39
| #26 |
| | erstelltes Thema erscheint nicht Hallo Matthias, es gibt keine Probleme mehr mit chatzum. c: chatzum_nt ist gelöscht. Die cbs.log ließ sich jetzt öffnen, war aber zu groß und muß laut Meldung als Anhang versendet werden. Gruß LisaCharly |
|
21.12.2012, 20:50
| #27 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus, die Datei CBS.log scheint beschädigt zu sein, ich kann sie nicht öffnen. Entweder du lädst sie nochmal hoch oder du führst sfc /scannow nochmal aus und postest dann die Logdatei oder du teilst den Inhalt der Logdatei auf mehrere Posts auf. Schritt 1
Schritt 2 ESET Online Scanner
Schritt 3 Downloade Dir bitte SecurityCheck
Bitte poste mit deiner nächsten Antwort
|
|
23.12.2012, 23:03
| #28 |
| | erstelltes Thema erscheint nicht Hallo Matthias Hier jetzt die gewünschten Dateien. sfc/scannow führe ich jetzt neu aus und poste die Logdatei aufgeteilt in mehreren Posts. Gruß LisaCharly Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.23.04 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Rita :: RITA-PC [Administrator] 23.12.2012 16:46:21 mbam-log-2012-12-23 (16-46-21).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 257345 Laufzeit: 4 Minute(n), 21 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6844 # api_version=3.0.2 # EOSSerial=f21ad04deb7dca41ae174501870ef32a # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2012-12-23 08:33:16 # local_time=2012-12-23 09:33:16 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=2047 16777215 0 0 0 0 0 0 # compatibility_mode=5893 16776573 100 94 198482 107924646 0 0 # scanned=162039 # found=4 # cleaned=0 # scan_time=13139 F:\RITA-PC\Backup Set 2012-04-21 161934\Backup Files 2012-06-10 120001\Backup files 2.zip multiple threats (unable to clean) A61C6BEA71839BCBE35B659F33ADC4E2CBAA8065 I F:\RITA-PC\Backup Set 2012-10-14 121455\Backup Files 2012-10-14 121455\Backup files 9.zip multiple threats (unable to clean) 4C94AA624C9E5BE5DAC3D977A23BE99D77DC8ADB I F:\RITA-PC\Backup Set 2012-11-11 151017\Backup Files 2012-11-11 151017\Backup files 16.zip multiple threats (unable to clean) 9A4A56B008762AB97AA91F34F7E7E2B6813E44C2 I F:\RITA-PC\Backup Set 2012-12-09 120002\Backup Files 2012-12-09 120002\Backup files 10.zip multiple threats (unable to clean) 6D6E6F069C0083B8B215D4CA57725410B9D59FC2 I Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Trend Micro Titanium Internet Security Antivirus out of date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Java(TM) 6 Update 33 Java 7 Update 7 Java version out of Date! Adobe Flash Player 11.5.502.110 Adobe Reader XI Mozilla Firefox (17.0.1) ````````Process Check: objlist.exe by Laurent```````` Trend Micro UniClient UiFrmWrk uiWatchDog.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Hallo Matthias hier der 1. Teil der cbs.lo 2012-12-23 16:40:10, Info CBS Starting TrustedInstaller initialization. 2012-12-23 16:40:10, Info CBS Loaded Servicing Stack v6.1.7601.17592 with Core: C:\Windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.17592_none_672ce6c3de2cb17f\cbscore.dll 2012-12-23 16:40:13, Info CSI 00000001@2012/12/23:15:40:13.316 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee8d5f0ad @0x7feea269849 @0x7feea2334e3 @0xff1fe97c @0xff1fd799 @0xff1fdb2f) 2012-12-23 16:40:13, Info CSI 00000002@2012/12/23:15:40:13.570 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee8d5f0ad @0x7feea2b6816 @0x7feea282aac @0x7feea2335b9 @0xff1fe97c @0xff1fd799) 2012-12-23 16:40:13, Info CSI 00000003@2012/12/23:15:40:13.617 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee8d5f0ad @0x7fefb838738 @0x7fefb838866 @0xff1fe474 @0xff1fd7de @0xff1fdb2f) 2012-12-23 16:40:13, Info CBS Ending TrustedInstaller initialization. 2012-12-23 16:40:13, Info CBS Starting the TrustedInstaller main loop. 2012-12-23 16:40:13, Info CBS TrustedInstaller service starts successfully. 2012-12-23 16:40:13, Info CBS SQM: Initializing online with Windows opt-in: False 2012-12-23 16:40:13, Info CBS SQM: Cleaning up report files older than 10 days. 2012-12-23 16:40:13, Info CBS SQM: Requesting upload of all unsent reports. 2012-12-23 16:40:13, Info CBS SQM: Failed to start upload with file pattern: C:\Windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL] 2012-12-23 16:40:13, Info CBS SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL] 2012-12-23 16:40:13, Info CBS SQM: Queued 0 file(s) for upload with pattern: C:\Windows\servicing\sqm\*_all.sqm, flags: 0x6 2012-12-23 16:40:13, Info CBS SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL] 2012-12-23 16:40:13, Info CBS No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending. 2012-12-23 16:40:13, Info CBS NonStart: Checking to ensure startup processing was not required. 2012-12-23 16:40:14, Info CSI 00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x117f7f0 2012-12-23 16:40:14, Info CSI 00000005 Creating NT transaction (seq 1), objectname [6]"(null)" 2012-12-23 16:40:14, Info CSI 00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x204 2012-12-23 16:40:14, Info CSI 00000007@2012/12/23:15:40:14.288 CSI perf trace: CSIPERF:TXCOMMIT;180010 2. Teil cbs.log 2012-12-23 16:40:14, Info CBS NonStart: Success, startup processing not required as expected. 2012-12-23 16:40:14, Info CBS Startup processing thread terminated normally 2012-12-23 16:40:14, Info CSI 00000008 CSI Store 4038848 (0x00000000003da0c0) initialized 2012-12-23 16:40:14, Info CBS Session: 30269731_3440413887 initialized by client WindowsUpdateAgent. 2012-12-23 16:40:14, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:14, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7600.16385, state: Superseded 2012-12-23 16:40:14, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, parent found: Microsoft-Windows-Foundation-Package~31bf3856ad364e35~amd64~~6.1.7601.17514, state: Installed 2012-12-23 16:40:14, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, disposition state from detectParent: Installed 2012-12-23 16:40:14, Info CBS Appl: Evaluating package applicability for package WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, applicable state: Installed 2012-12-23 16:40:14, Info CSI 00000009@2012/12/23:15:40:14.834 CSI Transaction @0x3f63f0 initialized for deployment engine {d16d444c-56d8-11d5-882d-0080c847b195} with flags 00000002 and client id [26]"TI5.30269731_3440413887:1/" 2012-12-23 16:40:15, Info CSI 0000000a@2012/12/23:15:40:15.130 CSI Transaction @0x3f63f0 destroyed 2012-12-23 16:40:15, Info CBS Appl: Selfupdate, Component: amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_0.0.0.0_none_bef6e8a66398b19c (7.6.7600.256), elevation:32, lower version revision holder: 7.5.7601.17514 2012-12-23 16:40:15, Info CBS Applicability(ComponentAnalyzerEvaluateSelfUpdate): Component: amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_66110e7f0b087d75, elevate: 32, applicable(true/false): 1 2012-12-23 16:40:15, Info CBS Appl: SelfUpdate detect, component: amd64_microsoft-windows-w..pdateclient-activex_31bf3856ad364e35_7.6.7600.256_none_66110e7f0b087d75, elevation: 32, applicable: 1 2012-12-23 16:40:15, Info CBS Appl: Evaluating applicability block(non detectUpdate part), disposition is: Staged, applicability: Applicable, result applicability state: Installed 2012-12-23 16:40:15, Info CBS Appl: Package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, Update: ActiveX, Applicable: Applicable, Disposition: Installed 2012-12-23 16:40:15, Info CBS External EvaluateApplicability, package: WUClient-SelfUpdate-ActiveX~31bf3856ad364e35~amd64~~7.6.7600.256, package applicable State: Installed, highest update applicable state: Installed, resulting applicable state:Installed 2012-12-23 16:40:15, Info CBS Session: 30269731_3448837902 initialized by client WindowsUpdateAgent. 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~en-US~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ja-JP~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~ja-JP~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~ja-JP~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ar-SA~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~ar-SA~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~ar-SA~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-CN~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~zh-CN~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~zh-CN~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~6.0.6001.18000, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-Server-LanguagePack-Package~31bf3856ad364e35~amd64~zh-TW~6.1.7600.16385, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent 2012-12-23 16:40:15, Info CBS Appl: detect Parent, Package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, Parent: Microsoft-Windows-WindowsFoundation-LanguagePack-Package~31bf3856ad364e35~amd64~cs-CZ~6.0.6000.16386, Disposition = Detect, VersionComp: EQ, ServiceComp: GE, BuildComp: GE, DistributionComp: GE, RevisionComp: GE, Exist: present 2012-12-23 16:40:15, Info CBS Appl: detectParent: package: WUClient-SelfUpdate-Aux-TopLevel~31bf3856ad364e35~amd64~~7.6.7600.256, no parent found, go absent Hallo Matthias, wie ich jetzt gesehen habe, hat die cbs.log 5300 Zeilen. Gibt es vielleicht noch einen anderen Weg? Vielleicht habe ich auch etwas falsch gemacht beim zippen. Wenn Du mir eine Schritt für Schritt Anleitung geben könntest? Gruß LisaCharly |
|
24.12.2012, 11:53
| #29 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Servus, Schließe wie beim ESET Scan evtl. vorhandene externe Festplatten (F:\) wieder an, bevor du OTL startest. Fixen mit OTL
Code:
ATTFilter :files
F:\RITA-PC\Backup Set 2012-04-21 161934\Backup Files 2012-06-10 120001\Backup files 2.zip
F:\RITA-PC\Backup Set 2012-10-14 121455\Backup Files 2012-10-14 121455\Backup files 9.zip
F:\RITA-PC\Backup Set 2012-11-11 151017\Backup Files 2012-11-11 151017\Backup files 16.zip
F:\RITA-PC\Backup Set 2012-12-09 120002\Backup Files 2012-12-09 120002\Backup files 10.zip
:Commands
[reboot]
Gibt es immer noch Probleme mit der explorer.exe? Wenn ja, dann empfehle ich eine Neuinstallation sofern das Problem bisher nicht behoben wurde. |
|
27.12.2012, 11:20
| #30 |
| /// TB-Ausbilder | erstelltes Thema erscheint nicht Fehlende Rückmeldung Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten. PM an mich falls Du denoch weiter machen willst. Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist. Jeder andere bitte hier klicken und einen eigenen Thread erstellen! |
|
| Themen zu erstelltes Thema erscheint nicht |
| bekämpfung, benutzer, benutzername, benutzernamen, chatzum, erschein, erscheint, erstell, erstelltes, falsch, foren, gestern, neu, neues, plagegeister, plagegeister aller art und deren bekämpfung, search, seite, seiten, suche, t-online.de, thema, titel, trotz, warum, öffnet, öffnet seiten |
Textbox.
WARNUNG für die MITLESER: 
Linear-Darstellung
