| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.01.2013, 16:34
| #1 |
| |  GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hallo Leute, habe mir heute auch den GUV Virus eingefangen. Wie ich lesen konnte, haben sich den mehrere eingefangen. Ich komme in den abgesicherten Modus, kann aber keine Wiederherstellung nutzen, da dies deaktiviert war. Desweiteren habe ich noch 2 weitere Systeme auf unterschiedlichen Paritionen, die beide funktionieren. Ich kann sogar das befallene Windows 7 64bit nutzen mit einem kleinen Trick, indem ich nach der Sperrung durch das Virus den TaskManager aufrufe und den Rechner runterfahre. Da im Hintergrund aber noch ein Programm läuft, möchte der TaskManager, das ich das herunterfahren erzwinge, welches ich abbreche. Danach kann ich den PC ganz normal nutzen. Könnt ihr mir helfen ? Gruß mpdreiforyou |
|
09.01.2013, 16:35
| #2 |
| /// Malware-holic   | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hi
__________________man nutzt auch keine Systemwiederherstellung bei Malware! Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
09.01.2013, 17:15
| #3 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hallo,
__________________ich habe nur eine OTL.txt auf dem Desktop. OTL Logfile: Code:
ATTFilter OTL logfile created on: 09.01.2013 17:05:05 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Uli\Desktop 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 5,89 Gb Available Physical Memory | 73,81% Memory free 15,96 Gb Paging File | 14,15 Gb Available in Paging File | 88,64% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 74,43 Gb Total Space | 1,29 Gb Free Space | 1,73% Space Free | Partition Type: NTFS Drive D: | 1167,11 Gb Total Space | 367,48 Gb Free Space | 31,49% Space Free | Partition Type: NTFS Drive E: | 465,76 Gb Total Space | 102,32 Gb Free Space | 21,97% Space Free | Partition Type: NTFS Drive G: | 107,42 Gb Total Space | 64,29 Gb Free Space | 59,85% Space Free | Partition Type: NTFS Drive H: | 97,66 Gb Total Space | 77,46 Gb Free Space | 79,32% Space Free | Partition Type: NTFS Computer Name: KARLCHEN | User Name: Uli | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Uli\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Users\Uli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) PRC - C:\Windows\jmesoft\Service.exe () PRC - C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe (Lenovo) PRC - C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe () PRC - C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe (Lenovo) PRC - C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV:64bit: - (Intel(R) -- C:\Windows\SysNative\IPROSetMonitor.exe (Intel Corporation) SRV:64bit: - (ftpsvc) -- C:\Windows\SysNative\inetsrv\ftpsvc.dll (Microsoft Corporation) SRV:64bit: - (SNMP) -- C:\Windows\SysNative\snmp.exe (Microsoft Corporation) SRV:64bit: - (NfsClnt) -- C:\Windows\SysNative\nfsclnt.exe (Microsoft Corporation) SRV:64bit: - (MSMQTriggers) -- C:\Windows\SysNative\mqtgsvc.exe (Microsoft Corporation) SRV:64bit: - (IISADMIN) -- C:\Windows\SysNative\inetsrv\inetinfo.exe (Microsoft Corporation) SRV:64bit: - (LPDSVC) -- C:\Windows\SysNative\lpdsvc.dll (Microsoft Corporation) SRV:64bit: - (iprip) -- C:\Windows\SysNative\iprip.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (WMSVC) -- C:\Windows\SysNative\inetsrv\WMSvc.exe (Microsoft Corporation) SRV:64bit: - (TlntSvr) -- C:\Windows\SysNative\tlntsvr.exe (Microsoft Corporation) SRV:64bit: - (simptcp) -- C:\Windows\SysNative\TCPSVCS.EXE (Microsoft Corporation) SRV:64bit: - (MSMQ) -- C:\Windows\SysNative\mqsvc.exe (Microsoft Corporation) SRV:64bit: - (CISVC) -- C:\Windows\SysNative\CISVC.EXE (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (IconMan_R) -- C:\Program Files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe (Realsil Microelectronics Inc.) SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (Intel(R) -- C:\Programme\Intel\iCLS Client\HeciServer.exe (Intel(R) Corporation) SRV - (JME Keyboard) -- C:\Windows\jmesoft\Service.exe () SRV - (SNMP) -- C:\Windows\SysWOW64\snmp.exe (Microsoft Corporation) SRV - (WAS) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (W3SVC) -- C:\Windows\SysWOW64\inetsrv\iisw3adm.dll (Microsoft Corporation) SRV - (AppHostSvc) -- C:\Windows\SysWOW64\inetsrv\apphostsvc.dll (Microsoft Corporation) SRV - (HPSLPSVC) -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL (Hewlett-Packard Co.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (LitModeCtrl) -- C:\Programme\Lenovo\Power Dial\LitModeCtrl.exe (Lenovo) SRV - (CEEBC40A-FDED-4C59-B354-939132350B01) -- C:\Program Files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (LenovoCOMSvc) -- C:\Programme\Lenovo\Power Dial\LenovoCOMSvc.exe (Lenovo) SRV - (simptcp) -- C:\Windows\SysWOW64\TCPSVCS.EXE (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (HauppaugeTVServer) -- C:\Program Files (x86)\WinTV\TVServer\HauppaugeTVServer.exe (Hauppauge Computer Works) ========== Driver Services (SafeList) ========== DRV:64bit: - (esgiguard) -- C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys File not found DRV:64bit: - (iaStorA) -- C:\Windows\SysNative\drivers\iaStorA.sys (Intel Corporation) DRV:64bit: - (iaStorF) -- C:\Windows\SysNative\drivers\iaStorF.sys (Intel Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (RTL8192Ce) -- C:\Windows\SysNative\drivers\rtl8192ce.sys (Realtek Semiconductor Corporation ) DRV:64bit: - (RSUSBSTOR) -- C:\Windows\SysNative\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (Uim_IM) -- C:\Windows\SysNative\drivers\Uim_IMx64.sys (Paragon) DRV:64bit: - (UimBus) -- C:\Windows\SysNative\drivers\uimx64.sys (Windows (R) 2000 DDK provider) DRV:64bit: - (Uim_VIM) -- C:\Windows\SysNative\drivers\uim_vimx64.sys (Paragon) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (VClone) -- C:\Windows\SysNative\drivers\VClone.sys (Elaborate Bytes AG) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (RpcXdr) -- C:\Windows\SysNative\drivers\rpcxdr.sys (Microsoft Corporation) DRV:64bit: - (NfsRdr) -- C:\Windows\SysNative\drivers\nfsrdr.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (RMCAST) -- C:\Windows\SysNative\drivers\rmcast.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (acedrv11) -- C:\Windows\SysNative\drivers\acedrv11.sys (Protect Software GmbH) DRV:64bit: - (wsvd) -- C:\Windows\SysNative\drivers\wsvd.sys (CyberLink) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (MQAC) -- C:\Windows\SysNative\drivers\mqac.sys (Microsoft Corporation) DRV:64bit: - (PsxDrv) -- C:\Windows\SysNative\drivers\psxdrv.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (hcw17bda) -- C:\Windows\SysNative\drivers\hcw17bda.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.) DRV:64bit: - (WinI2C-DDC) -- C:\Windows\SysNative\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV:64bit: - (ElbyCDFL) -- C:\Windows\SysNative\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (UnlockerDriver5) -- C:\Program Files (x86)\Unlocker\UnlockerDriver5.sys () DRV - (WinI2C-DDC) -- C:\Windows\SysWOW64\drivers\ddcdrv.sys (Nicomsoft Ltd.) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\SysWOW64\drivers\ElbyCDFL.sys (SlySoft, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = C1 D7 EE 6C 78 12 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&affID=109989&tt=050412_30b&babsrc=SP_ss&mntrId=0860bd63000000000000ac8112b43d50 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LEND_deDE478 IE - HKCU\..\SearchScopes\{C08EBB1E-1D2A-4729-A061-A61E24C6DD94}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=IMB&o=15785&src=kw&q={searchTerms}&locale=&apn_ptnrs=HQ&apn_dtid=YYYYYYYYDE&apn_uid=14a5732e-886c-4681-86ab-a4b5c0d5a30b&apn_sauid=EFB679FF-3836-462C-B971-88DC4ACE33B0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.facebook.com/" FF - prefs.js..extensions.enabledAddons: ffxtlbr%40babylon.com:1.1.9 FF - prefs.js..extensions.enabledAddons: software%40loadtubes.com:1.01 FF - prefs.js..extensions.enabledAddons: %7B46551EC9-40F0-4e47-8E18-8E5CF550CFB8%7D:1.3 FF - prefs.js..extensions.enabledAddons: %7Be4a8a97b-f2ed-450b-b12d-ee082ba24781%7D:1.0 FF - prefs.js..extensions.enabledAddons: %7Be968fc70-8f95-4ab9-9e79-304de2a71ee1%7D:0.7.3 FF - prefs.js..extensions.enabledAddons: %7B23fcfd51-4958-4f00-80a3-ae97e717ed8b%7D:2.1.2.145 FF - prefs.js..extensions.enabledAddons: leethax%40leethax.net:2013.01.03 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - prefs.js..keyword.URL: "hxxp://search.babylon.com/?affID=109989&tt=050412_30b&babsrc=KW_ss&mntrId=0860bd63000000000000ac8112b43d50&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@protectdisc.com/NPMPDRM: C:\Program Files (x86)\Common Files\mpDRM\NPMPDRM.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKCU\Software\MozillaPlugins\@protectdisc.com/NPPDLicenseHelper: C:\Users\Uli\AppData\Roaming\ProtectDisc\License Helper v2\NPPDLicenseHelper.dll ( ) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Uli\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Uli\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 15:04:08 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.07.31 20:01:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.20 16:22:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.04.10 15:04:08 | 000,000,000 | ---D | M] [2012.04.04 16:41:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\Extensions [2013.01.03 19:55:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\Firefox\Profiles\mt51ewtl.default\extensions [2012.10.17 14:17:35 | 000,000,000 | ---D | M] (Charles Autoconfiguration) -- C:\Users\Uli\AppData\Roaming\mozilla\Firefox\Profiles\mt51ewtl.default\extensions\{3e9a3920-1b27-11da-8cd6-0800200c9a66} [2012.04.06 19:28:08 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Uli\AppData\Roaming\mozilla\Firefox\Profiles\mt51ewtl.default\extensions\ffxtlbr@babylon.com [2012.07.05 05:38:52 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\Uli\AppData\Roaming\mozilla\Firefox\Profiles\mt51ewtl.default\extensions\software@loadtubes.com [2013.01.02 06:24:39 | 000,141,384 | ---- | M] () (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\extensions\jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack.xpi [2013.01.03 19:55:18 | 000,021,513 | ---- | M] () (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\extensions\leethax@leethax.net.xpi [2012.09.06 06:56:20 | 000,269,659 | ---- | M] () (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\extensions\{46551EC9-40F0-4e47-8E18-8E5CF550CFB8}.xpi [2012.08.25 07:09:31 | 000,270,021 | ---- | M] () (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}.xpi [2012.04.04 16:49:18 | 000,042,336 | ---- | M] () (No name found) -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\extensions\{e968fc70-8f95-4ab9-9e79-304de2a71ee1}.xpi [2012.08.27 15:22:41 | 000,002,323 | ---- | M] () -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\searchplugins\askcom.xml [2012.04.25 17:36:56 | 000,005,027 | ---- | M] () -- C:\Users\Uli\AppData\Roaming\mozilla\firefox\profiles\mt51ewtl.default\searchplugins\cannapower-user-uploads.xml [2012.10.29 19:28:33 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.07.31 20:01:50 | 000,000,000 | ---D | M] (DivX Plus Web Player HTML5 <video>) -- C:\PROGRAM FILES (X86)\DIVX\DIVX PLUS WEB PLAYER\FIREFOX\DIVXHTML5 [2012.12.20 16:22:15 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010.01.05 17:04:02 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files (x86)\mozilla firefox\components\Scriptff.dll [2012.12.20 16:22:14 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.06 14:38:54 | 000,002,353 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.12.20 16:22:14 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.12.20 16:22:14 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.20 16:22:14 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.12.20 16:22:14 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.12.20 16:22:14 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Uli\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Uli\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Uli\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Browser\nppdf32.dll CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: Silverlight Plug-In (Enabled) = C:\Program Files (x86)\Microsoft Silverlight\4.1.10111.0\npctrl.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll CHR - plugin: CANON iMAGE GATEWAY Album Plugin Utility (Enabled) = C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL CHR - Extension: Wetter (Erweiterung) = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\beapnbfmjmjhhfpaoajfhjbbfnnlfpnc\0.9.0.7_0\ CHR - Extension: YouTube = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Lamborghini Sesto Elemento Theme = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\dappigdjllcnkkoacaoolciaolaaiemb\1.0_0\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Uli\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2012.08.07 10:00:03 | 000,001,334 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 secure.tune-up.com O1 - Hosts: 127.0.0.1 activate.adobe.com O1 - Hosts: 127.0.0.1 practivate.adobe.com O1 - Hosts: 127.0.0.1 ereg.adobe.com O1 - Hosts: 127.0.0.1 activate.wip3.adobe.com O1 - Hosts: 127.0.0.1 wip3.adobe.com O1 - Hosts: 127.0.0.1 3dns-3.adobe.com O1 - Hosts: 127.0.0.1 3dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-2.adobe.com O1 - Hosts: 127.0.0.1 adobe-dns-3.adobe.com O1 - Hosts: 127.0.0.1 ereg.wip3.adobe.com O1 - Hosts: 127.0.0.1 activate-sea.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O1 - Hosts: 127.0.0.1 activate-sjc0.adobe.com O1 - Hosts: 127.0.0.1 wwis-dubc1-vip60.adobe.com O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Uli\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Uli\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O4:64bit: - HKLM..\Run: [MsmqIntCert] C:\Windows\SysNative\mqrt.dll (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\Lenovo\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [CloneCDTray] C:\Program Files (x86)\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe (Intel Corporation) O4 - HKLM..\Run: [jmekey] C:\Windows\jmesoft\hotkey.exe (Lenovo) O4 - HKLM..\Run: [jmesoft] C:\Windows\jmesoft\ServiceLoader.exe () O4 - HKLM..\Run: [Lenovo Dynamic Brightness System] C:\Program Files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe (Lenovo) O4 - HKLM..\Run: [Lenovo Eye Distance System] C:\Program Files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe (Lenovo) O4 - HKLM..\Run: [ModeSwitch] C:\Program Files\Lenovo\Power Dial\LitModeSwitch.exe (Lenovo) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [UnlockerAssistant] C:\Program Files (x86)\Unlocker\UnlockerAssistant.exe () O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKCU..\Run: [Akamai NetSession Interface] C:\Users\Uli\AppData\Local\Akamai\netsession_win.exe (Akamai Technologies, Inc.) O4 - HKCU..\Run: [ApplePhotoStreams] C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8:64bit: - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~2\Office15\ONBttnIE.dll/105 File not found O8 - Extra context menu item: An vorhandenes PDF anfügen - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~2\Office15\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{39759639-DEE9-4FFD-ABF8-DF03B8DB8006}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{501564E6-11A9-4628-8197-10B4DEA1149E}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20 - AppInit_DLLs: (acaptuser32.dll) - C:\Windows\SysWow64\acaptuser32.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - C:\ProgramData\dsgsdgdsgdsgw.bat () O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2013.01.09 11:32:17 | 000,000,000 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{13fdf555-7e66-11e1-b8d7-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{13fdf555-7e66-11e1-b8d7-806e6f6e6963}\Shell\AutoRun\command - "" = F:\AutoLauncher.exe O33 - MountPoints2\{75b174c7-7ee5-11e1-a9e8-40618675bd3a}\Shell - "" = AutoRun O33 - MountPoints2\{75b174c7-7ee5-11e1-a9e8-40618675bd3a}\Shell\AutoRun\command - "" = L:\AUTORUN.EXE O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Macromedia Shockwave Flash ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.09 16:40:25 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe [2013.01.09 11:56:10 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Macrovision [2013.01.09 11:31:55 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group [2013.01.09 11:31:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Wise Installation Wizard [2013.01.09 11:26:20 | 000,256,000 | ---- | C] (Корпорация Майкрософт) -- C:\Users\Uli\wgsdgsdgdsgsd.dll [2013.01.09 11:26:17 | 000,000,000 | ---D | C] -- C:\Windows\Sun [2013.01.04 19:04:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinSCP [2013.01.04 19:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\WinSCP [2013.01.04 18:39:25 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\Cranium_Consulting_and_Cu [2013.01.04 18:39:13 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\iPhoneBrowser [2013.01.04 18:39:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iPhoneBrowser [2013.01.01 15:12:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Intel [2013.01.01 15:08:09 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\2C0A [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C0A [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0C04 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0816 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0804 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0424 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041F [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041E [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041D [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\041B [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0419 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0416 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0415 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0414 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0413 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0412 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0411 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0410 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040E [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040D [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040C [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040B [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\040A [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0409 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0408 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0406 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0405 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0404 [2013.01.01 14:41:39 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\0401 [2013.01.01 14:31:59 | 000,518,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSX64.dll [2013.01.01 14:31:59 | 000,211,184 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSTSH64.dll [2013.01.01 14:31:59 | 000,198,896 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSHP64.dll [2013.01.01 14:31:59 | 000,155,888 | ---- | C] (SRS Labs, Inc.) -- C:\Windows\SysNative\SRSWOW64.dll [2013.01.01 14:31:58 | 000,375,128 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEP64A.dll [2013.01.01 14:31:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DHT64.dll [2013.01.01 14:31:58 | 000,310,104 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RP3DAA64.dll [2013.01.01 14:31:58 | 000,204,120 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEED64A.dll [2013.01.01 14:31:58 | 000,101,208 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEL64A.dll [2013.01.01 14:31:58 | 000,078,680 | ---- | C] (Dolby Laboratories, Inc.) -- C:\Windows\SysNative\RTEEG64A.dll [2013.01.01 14:31:57 | 002,075,712 | ---- | C] (Fortemedia Corporation) -- C:\Windows\SysNative\FMAPO64.dll [2013.01.01 14:28:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Driver Genius Professional Edition [2013.01.01 14:28:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Driver-Soft [2013.01.01 14:26:44 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA [2013.01.01 14:09:11 | 000,000,000 | ---D | C] -- C:\ProgramData\NVIDIA Corporation [2012.12.26 19:25:39 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\{CA711E41-0539-4EEB-9562-C86AC7F0CC6C} [2012.12.25 12:57:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation [2012.12.24 12:16:00 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012.12.24 12:14:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Works [2012.12.24 12:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio [2012.12.24 12:14:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\DESIGNER [2012.12.24 12:13:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Visual Studio 8 [2012.12.24 12:12:23 | 000,000,000 | RH-D | C] -- C:\MSOCache [2012.12.24 11:58:56 | 000,000,000 | ---D | C] -- C:\Windows\PCHEALTH [2012.12.24 11:58:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office [2012.12.22 21:18:42 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\MAGIX [2012.12.22 21:18:02 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\Xara [2012.12.22 21:18:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2012.12.22 21:17:53 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2012.12.22 21:17:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [2012.12.18 16:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Paragon Backup & Recovery™ 2012 Free [2012.12.17 13:56:54 | 000,444,928 | ---- | C] (Embarcadero Technologies, Inc.) -- C:\Windows\SysWow64\midas.dll [2012.12.17 13:56:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ptv shared [2012.12.17 13:56:50 | 000,000,000 | ---D | C] -- C:\ProgramData\PTV-AG [2012.12.17 13:56:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PTV-AG [2012.12.17 13:56:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\map&guide desktop 2012 [2012.12.15 11:33:30 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2012.12.15 11:33:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2012.12.12 14:53:37 | 000,000,000 | ---D | C] -- C:\Users\Uli\Documents\My Albums [2012.12.12 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Windows Live Writer [2012.12.12 14:30:51 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\Windows Live Writer [2012.12.11 21:15:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\jAlbum [2012.12.11 21:15:19 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\Jalbum AB [2012.12.11 18:41:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.12.11 18:41:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2012.12.11 06:34:56 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Roaming\dvdcss [2012.12.10 22:23:52 | 000,000,000 | ---D | C] -- C:\Users\Uli\AppData\Local\{E6E23EE8-EC42-4FA7-BFA3-BA4FDE104813} [2012.04.04 15:59:03 | 001,914,000 | ---- | C] (Adobe Systems Incorporated) -- C:\ProgramData\flashax10.exe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.09 17:04:03 | 000,004,049 | ---- | M] () -- C:\Windows\WINCMD.INI [2013.01.09 17:02:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.09 16:19:05 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.01.09 16:19:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 16:19:04 | 000,021,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.09 16:18:15 | 001,841,962 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.01.09 16:18:15 | 000,787,782 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 16:18:15 | 000,726,226 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 16:18:15 | 000,180,072 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 16:18:15 | 000,147,006 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 16:12:23 | 095,023,320 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.09 16:12:21 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.01.09 16:11:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.09 16:11:53 | 2132,508,671 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 14:13:05 | 000,038,462 | ---- | M] () -- C:\Users\Uli\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2013.01.09 14:11:00 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000UA.job [2013.01.09 13:34:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Uli\Desktop\OTL.exe [2013.01.09 11:55:11 | 003,164,008 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.09 11:49:19 | 001,818,920 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.09 11:32:17 | 000,000,000 | ---- | M] () -- C:\autoexec.bat [2013.01.09 11:26:22 | 000,002,843 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 11:26:22 | 000,001,052 | ---- | M] () -- C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 11:26:22 | 000,000,159 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.09 11:26:22 | 000,000,064 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.09 11:26:20 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Uli\wgsdgsdgdsgsd.dll [2013.01.08 23:11:00 | 000,001,060 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000Core.job [2013.01.07 14:49:52 | 000,140,678 | ---- | M] () -- C:\Users\Uli\Documents\737832_404812606269659_1365067866_o.jpg [2013.01.06 13:50:44 | 000,027,632 | ---- | M] () -- C:\Users\Uli\Documents\Auto.jpg [2013.01.04 20:36:50 | 000,000,600 | ---- | M] () -- C:\Users\Uli\AppData\Roaming\winscp.rnd [2013.01.04 19:04:41 | 000,001,860 | ---- | M] () -- C:\Users\Uli\Desktop\WinSCP.lnk [2013.01.04 19:03:16 | 000,003,019 | ---- | M] () -- C:\Users\Uli\Desktop\iPhoneBrowser.lnk [2013.01.02 18:05:42 | 000,001,245 | ---- | M] () -- C:\Users\Uli\Desktop\Januar - Verknüpfung.lnk [2013.01.01 14:48:58 | 000,001,713 | ---- | M] () -- C:\Users\Uli\Desktop\DriverGenius - Verknüpfung.lnk [2012.12.30 14:12:27 | 000,000,017 | ---- | M] () -- C:\Users\Uli\AppData\Local\resmon.resmoncfg [2012.12.24 12:22:18 | 000,002,703 | ---- | M] () -- C:\Users\Uli\Desktop\Microsoft Office Excel 2007.lnk [2012.12.24 12:21:58 | 000,002,805 | ---- | M] () -- C:\Users\Uli\Desktop\Microsoft Office Groove 2007.lnk [2012.12.22 21:18:01 | 000,001,142 | ---- | M] () -- C:\Users\Public\Desktop\MAGIX Web Designer 7 Premium Download-Version.lnk [2012.12.19 23:21:18 | 000,001,042 | ---- | M] () -- C:\Users\Uli\Desktop\PhotoScape.lnk [2012.12.19 23:18:41 | 000,000,523 | -H-- | M] () -- C:\Windows\SysWow64\ws344069.ocx [2012.12.19 23:18:41 | 000,000,463 | -H-- | M] () -- C:\os466477.bin [2012.12.19 23:18:31 | 000,000,336 | ---- | M] () -- C:\Windows\ULEAD32.INI [2012.12.17 13:57:25 | 000,002,103 | ---- | M] () -- C:\Users\Public\Desktop\map&guide desktop 2012.lnk [2012.12.15 11:33:31 | 000,001,852 | ---- | M] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.13 04:12:44 | 000,002,485 | ---- | M] () -- C:\Users\Uli\Desktop\Google Chrome.lnk [2012.12.12 20:01:52 | 000,266,615 | ---- | M] () -- C:\Windows\hpwins22.dat [2012.12.11 21:15:39 | 000,001,034 | ---- | M] () -- C:\Users\Public\Desktop\jAlbum.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.09 14:13:05 | 000,038,462 | ---- | C] () -- C:\Users\Uli\AppData\Roaming\Tabulatorgetrennte Werte (Windows).ADR [2013.01.09 11:32:17 | 000,000,000 | ---- | C] () -- C:\autoexec.bat [2013.01.09 11:26:22 | 000,002,843 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js [2013.01.09 11:26:22 | 000,001,052 | ---- | C] () -- C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013.01.09 11:26:22 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg [2013.01.09 11:26:22 | 000,000,064 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat [2013.01.09 11:26:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2013.01.07 14:49:52 | 000,140,678 | ---- | C] () -- C:\Users\Uli\Documents\737832_404812606269659_1365067866_o.jpg [2013.01.06 13:50:44 | 000,027,632 | ---- | C] () -- C:\Users\Uli\Documents\Auto.jpg [2013.01.04 19:04:41 | 000,001,860 | ---- | C] () -- C:\Users\Uli\Desktop\WinSCP.lnk [2013.01.04 19:04:41 | 000,000,600 | ---- | C] () -- C:\Users\Uli\AppData\Roaming\winscp.rnd [2013.01.04 19:03:16 | 000,003,019 | ---- | C] () -- C:\Users\Uli\Desktop\iPhoneBrowser.lnk [2013.01.02 18:05:42 | 000,001,245 | ---- | C] () -- C:\Users\Uli\Desktop\Januar - Verknüpfung.lnk [2013.01.01 15:07:22 | 003,663,213 | ---- | C] () -- C:\Windows\SysNative\nvcoproc.bin [2013.01.01 15:06:32 | 000,014,446 | ---- | C] () -- C:\Windows\SysNative\nvinfo.pb [2013.01.01 14:48:58 | 000,001,713 | ---- | C] () -- C:\Users\Uli\Desktop\DriverGenius - Verknüpfung.lnk [2012.12.30 14:12:27 | 000,000,017 | ---- | C] () -- C:\Users\Uli\AppData\Local\resmon.resmoncfg [2012.12.25 03:15:44 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012.12.25 03:05:13 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012.12.24 12:22:18 | 000,002,703 | ---- | C] () -- C:\Users\Uli\Desktop\Microsoft Office Excel 2007.lnk [2012.12.24 12:21:58 | 000,002,805 | ---- | C] () -- C:\Users\Uli\Desktop\Microsoft Office Groove 2007.lnk [2012.12.22 21:18:01 | 000,001,142 | ---- | C] () -- C:\Users\Public\Desktop\MAGIX Web Designer 7 Premium Download-Version.lnk [2012.12.17 13:57:25 | 000,002,115 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\map&guide desktop 2012.lnk [2012.12.17 13:57:25 | 000,002,103 | ---- | C] () -- C:\Users\Public\Desktop\map&guide desktop 2012.lnk [2012.12.15 11:33:31 | 000,001,852 | ---- | C] () -- C:\Users\Public\Desktop\QuickTime Player.lnk [2012.12.11 21:15:39 | 000,001,034 | ---- | C] () -- C:\Users\Public\Desktop\jAlbum.lnk [2012.09.03 10:22:09 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll [2012.08.07 10:48:01 | 000,000,336 | ---- | C] () -- C:\Windows\ULEAD32.INI [2012.07.27 10:36:58 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll [2012.07.23 08:31:38 | 004,428,800 | ---- | C] () -- C:\Windows\SysWow64\x264vfw.dll [2012.07.02 19:28:06 | 000,112,640 | ---- | C] () -- C:\Windows\SysWow64\ff_vfw.dll [2012.06.11 15:13:25 | 000,000,041 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.06.09 18:21:56 | 000,178,688 | ---- | C] () -- C:\Windows\SysWow64\unrar.dll [2012.05.21 17:28:58 | 000,155,648 | ---- | C] () -- C:\Windows\SysWow64\mlc.dll [2012.05.17 12:38:30 | 000,000,160 | ---- | C] () -- C:\Windows\wiso.ini [2012.04.10 15:01:09 | 000,266,615 | ---- | C] () -- C:\Windows\hpwins22.dat [2012.04.10 15:01:09 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat [2012.04.10 14:23:07 | 000,266,606 | ---- | C] () -- C:\Windows\hpwins22.dat.temp [2012.04.10 14:23:07 | 000,002,850 | ---- | C] () -- C:\Windows\hpwmdl22.dat.temp [2012.04.05 10:30:31 | 000,033,169 | ---- | C] () -- C:\Windows\Irremote.ini [2012.04.05 10:29:39 | 000,000,209 | ---- | C] () -- C:\Windows\ODBCINST.INI [2012.04.05 10:29:39 | 000,000,135 | ---- | C] () -- C:\Windows\ODBC.INI [2012.04.05 10:29:29 | 000,142,337 | ---- | C] () -- C:\Windows\SysWow64\Wait.exe [2012.04.05 10:28:48 | 000,006,198 | ---- | C] () -- C:\Windows\HCWPNP.INI [2012.04.04 18:46:15 | 000,000,410 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2012.04.04 16:31:52 | 000,004,049 | ---- | C] () -- C:\Windows\WINCMD.INI [2012.04.04 15:40:12 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2012.04.04 15:38:43 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2012.04.04 15:31:07 | 001,818,920 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011.12.07 22:32:24 | 000,216,064 | ---- | C] ( ) -- C:\Windows\SysWow64\lagarith.dll ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.04.19 12:35:15 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Arkadium [2012.04.06 14:38:42 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Babylon [2012.09.23 17:29:31 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Bigasoft MKV Converter [2012.10.17 14:32:25 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Charles [2012.07.04 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\convert [2012.12.04 22:46:01 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\DATA BECKER Shared [2012.04.09 13:35:33 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\FlashFXP [2012.09.04 11:04:51 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\iFunbox_UserCache [2012.08.27 15:30:43 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\ImgBurn [2012.10.04 14:48:00 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\IrfanView [2012.09.30 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\jAlbum [2012.12.11 21:15:19 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Jalbum AB [2012.10.21 18:35:30 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\LEGO Company [2012.07.04 20:29:44 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\loadtbs [2012.12.22 21:18:42 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\MAGIX [2012.12.01 13:49:40 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\MAP&GUIDE [2012.10.03 16:35:30 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\ObviousIdea [2012.10.04 16:35:06 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\PhotoScape [2012.12.04 22:27:25 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\ProtectDisc [2012.10.27 16:57:37 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\TuneUp Software [2013.01.09 14:41:15 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\uTorrent [2012.07.31 19:58:58 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Win7codecs [2012.12.12 14:30:51 | 000,000,000 | ---D | M] -- C:\Users\Uli\AppData\Roaming\Windows Live Writer ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.01 14:39:33 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.04.04 15:53:30 | 000,000,000 | ---D | M] -- C:\25c30b0d196f4a262e3c485cb81a [2012.10.24 18:29:02 | 000,000,000 | ---D | M] -- C:\archive_db [2012.04.21 12:51:23 | 000,000,000 | ---D | M] -- C:\BigFishGamesCache [2013.01.09 16:13:58 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.04.04 15:25:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.04.04 15:30:19 | 000,000,000 | ---D | M] -- C:\inetpub [2012.12.24 12:12:23 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.09 11:31:55 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.04 19:04:40 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.09 16:11:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.04.04 15:25:18 | 000,000,000 | -HSD | M] -- C:\Programme [2012.04.04 15:25:18 | 000,000,000 | -HSD | M] -- C:\Recovery [2012.09.24 16:49:35 | 000,000,000 | ---D | M] -- C:\SMNPROG [2013.01.08 18:40:42 | 000,000,000 | ---D | M] -- C:\SMNPROGSE [2013.01.09 17:05:56 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.01.01 15:07:14 | 000,000,000 | ---D | M] -- C:\TEMP [2013.01.01 15:08:04 | 000,000,000 | R--D | M] -- C:\Users [2013.01.09 12:11:16 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU(39).TXT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.04.04 15:59:42 | 000,001,100 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2012.04.04 15:59:42 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2012.04.04 16:53:00 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012.09.20 16:51:00 | 000,001,060 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000Core.job [2012.09.20 16:51:00 | 000,001,112 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000UA.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Users\Uli\Documents\DriverGenius\Backup\Driver Backup 4-28-2012-16323\Intel(R) Desktop Workstation Server Express Chipset SATA AHCI Controller\iastor.sys [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Users\Uli\Documents\DriverGenius\Backup\Driver Backup 4-28-2012-17358\Intel(R) Desktop Workstation Server Express Chipset SATA AHCI Controller\iastor.sys [2010.09.13 17:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.09 17:12:27 | 003,932,160 | -HS- | M] () -- C:\Users\Uli\ntuser.dat [2013.01.09 17:12:27 | 000,262,144 | -HS- | M] () -- C:\Users\Uli\ntuser.dat.LOG1 [2012.04.04 15:25:20 | 000,000,000 | -HS- | M] () -- C:\Users\Uli\ntuser.dat.LOG2 [2012.04.04 15:36:35 | 000,065,536 | -HS- | M] () -- C:\Users\Uli\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.04.04 15:36:35 | 000,524,288 | -HS- | M] () -- C:\Users\Uli\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.04.04 15:36:35 | 000,524,288 | -HS- | M] () -- C:\Users\Uli\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.03 21:08:39 | 000,065,536 | -HS- | M] () -- C:\Users\Uli\ntuser.dat{36dc042d-3d81-11e2-82d6-40618675bd3a}.TM.blf [2012.12.03 21:08:39 | 000,524,288 | -HS- | M] () -- C:\Users\Uli\ntuser.dat{36dc042d-3d81-11e2-82d6-40618675bd3a}.TMContainer00000000000000000001.regtrans-ms [2012.12.03 21:08:39 | 000,524,288 | -HS- | M] () -- C:\Users\Uli\ntuser.dat{36dc042d-3d81-11e2-82d6-40618675bd3a}.TMContainer00000000000000000002.regtrans-ms [2012.04.04 15:25:22 | 000,000,020 | -HS- | M] () -- C:\Users\Uli\ntuser.ini [2013.01.09 11:26:20 | 000,256,000 | ---- | M] (Корпорация Майкрософт) -- C:\Users\Uli\wgsdgsdgdsgsd.dll < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Optional: Posix [binary data] [2010.11.21 04:24:41 | 000,089,088 | ---- | M] (Microsoft Corporation) HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindowsPosix [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 124 bytes -> C:\ProgramData\Temp:EB333CFC @Alternate Data Stream - 117 bytes -> C:\ProgramData\Temp:C8B8CEBD < End of report > Wo finde ich denn die Extra.txt ? Danke euch. |
|
09.01.2013, 17:25
| #4 |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2013.01.09 11:26:22 | 000,002,843 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.js
[2013.01.09 11:26:22 | 000,001,052 | ---- | C] () -- C:\Users\Uli\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk
[2013.01.09 11:26:22 | 000,000,159 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.reg
[2013.01.09 11:26:22 | 000,000,064 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.bat
[2013.01.09 11:26:21 | 095,023,320 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 17:35
| #5 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Erst mal, super ! Der Rechner startet normal. Keine GUV mehr. Ich hoffe es war es mit ihm. Hier das File: PHP-Code: |
|
09.01.2013, 17:36
| #6 |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ --> GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert |
|
09.01.2013, 17:42
| #7 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert OK. Hier das Log. PHP-Code: mpdreiforyou |
|
09.01.2013, 17:53
| #8 | |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 18:05
| #9 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hier ist das Log File von Combofix Combofix Logfile: Code:
ATTFilter ComboFix 13-01-08.01 - Uli 09.01.2013 17:57:35.1.8 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.8173.6315 [GMT 1:00]
ausgeführt von:: c:\users\Uli\Desktop\ComboFix.exe
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\smartdl
c:\program files (x86)\smartdl\dler.exe
c:\program files (x86)\smartdl\gunzip.exe
c:\program files (x86)\smartdl\header.bmp
c:\program files (x86)\smartdl\header2.bmp
c:\program files (x86)\smartdl\header3.bmp
c:\program files (x86)\smartdl\next.bmp
c:\program files (x86)\smartdl\skip.bmp
c:\program files (x86)\smartdl\status-o
C:\torrent.exe
c:\users\Public\sdelevURL.tmp
c:\users\Uli\AppData\Roaming\convert\convert.exe
c:\users\Uli\wgsdgsdgdsgsd.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-09 bis 2013-01-09 ))))))))))))))))))))))))))))))
.
.
2013-01-09 16:41 . 2013-01-09 16:41 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D85777CF-4F71-4364-A0E9-4A855025B43B}\offreg.dll
2013-01-09 16:28 . 2013-01-09 16:28 -------- d-----w- C:\_OTL
2013-01-09 10:56 . 2013-01-09 10:56 -------- d-----w- c:\users\Uli\AppData\Roaming\Macrovision
2013-01-09 10:31 . 2013-01-09 10:31 -------- d-----w- c:\program files\Enigma Software Group
2013-01-09 10:31 . 2013-01-09 10:31 -------- d-----w- c:\program files (x86)\Common Files\Wise Installation Wizard
2013-01-09 10:26 . 2013-01-09 10:26 -------- d-----w- c:\windows\Sun
2013-01-09 02:26 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{D85777CF-4F71-4364-A0E9-4A855025B43B}\mpengine.dll
2013-01-04 18:04 . 2013-01-04 18:04 -------- d-----w- c:\program files (x86)\WinSCP
2013-01-04 17:39 . 2013-01-04 17:39 -------- d-----w- c:\users\Uli\AppData\Local\Cranium_Consulting_and_Cu
2013-01-04 17:39 . 2013-01-04 17:39 -------- d-----w- c:\program files (x86)\iPhoneBrowser
2013-01-01 14:13 . 2011-11-28 18:30 584704 ----a-w- c:\windows\system32\Rtlihvs.dll
2013-01-01 14:12 . 2013-01-01 14:12 -------- d-----w- c:\programdata\Intel
2013-01-01 14:12 . 2012-07-12 18:56 62784 ----a-w- c:\windows\system32\drivers\HECIx64.sys
2013-01-01 14:11 . 2010-10-29 15:11 422504 ----a-w- c:\windows\system32\RtsUStor.dll
2013-01-01 14:11 . 2012-11-19 11:10 652344 ----a-w- c:\windows\system32\drivers\iaStorA.sys
2013-01-01 14:11 . 2012-11-19 11:10 28216 ----a-w- c:\windows\system32\drivers\iaStorF.sys
2013-01-01 14:08 . 2013-01-01 14:08 -------- d-----w- c:\program files (x86)\AGEIA Technologies
2013-01-01 14:08 . 2013-01-01 14:08 -------- d-----w- c:\users\UpdatusUser
2013-01-01 14:07 . 2012-12-01 05:49 3663213 ----a-w- c:\windows\system32\nvcoproc.bin
2013-01-01 13:41 . 2013-01-01 13:41 -------- d-----w- c:\windows\system32\2C0A
2013-01-01 13:31 . 2011-04-06 14:33 2826984 ----a-w- c:\windows\system32\drivers\RTKVHD64.sys
2013-01-01 13:28 . 2013-01-01 13:28 -------- d-----w- c:\program files (x86)\Driver-Soft
2013-01-01 13:26 . 2013-01-09 16:31 -------- d-----w- c:\programdata\NVIDIA
2013-01-01 13:09 . 2013-01-01 13:09 -------- d-----w- c:\programdata\NVIDIA Corporation
2012-12-31 14:50 . 2011-11-10 15:54 9882112 ----a-w- c:\windows\SysWow64\RtsUStoricon.dll
2012-12-25 02:15 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-25 02:15 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-25 02:15 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-25 02:15 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-25 02:12 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-25 02:05 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-25 02:05 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-25 02:05 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-25 02:05 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-25 02:05 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-25 02:05 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-25 02:05 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-25 02:05 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-25 02:05 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-25 02:05 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-25 02:05 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-25 02:02 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-25 02:02 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-25 02:02 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-25 02:02 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-25 02:02 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-24 11:13 . 2012-06-02 05:50 458704 ----a-w- c:\windows\system32\drivers\cng.sys
2012-12-24 11:12 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-12-24 10:58 . 2012-12-24 10:58 -------- d-----w- c:\windows\PCHEALTH
2012-12-24 10:58 . 2012-12-24 11:13 -------- d-----w- c:\program files\Microsoft Office
2012-12-22 20:18 . 2012-12-22 20:18 -------- d-----w- c:\users\Uli\AppData\Roaming\MAGIX
2012-12-22 20:18 . 2012-12-22 20:18 -------- d-----w- c:\users\Uli\AppData\Local\Xara
2012-12-22 20:17 . 2012-12-22 20:18 -------- d-----w- c:\programdata\MAGIX
2012-12-22 20:17 . 2012-12-22 20:17 -------- d-----w- c:\program files (x86)\MAGIX
2012-12-17 12:56 . 2011-09-14 10:23 444928 ----a-w- c:\windows\SysWow64\midas.dll
2012-12-17 12:56 . 2012-12-17 12:56 -------- d-----w- c:\program files (x86)\Common Files\ptv shared
2012-12-17 12:56 . 2012-12-17 12:56 -------- d-----w- c:\programdata\PTV-AG
2012-12-17 12:56 . 2012-12-17 12:56 -------- d-----w- c:\program files (x86)\PTV-AG
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin7.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin6.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin5.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin4.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin3.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin2.dll
2012-12-15 10:33 . 2012-12-15 10:33 159744 ----a-w- c:\program files (x86)\Internet Explorer\Plugins\npqtplugin.dll
2012-12-15 10:33 . 2012-12-15 10:33 -------- d-----w- c:\program files (x86)\QuickTime
2012-12-12 13:30 . 2012-12-12 13:30 -------- d-----w- c:\users\Uli\AppData\Local\Windows Live Writer
2012-12-12 13:30 . 2012-12-12 13:30 -------- d-----w- c:\users\Uli\AppData\Roaming\Windows Live Writer
2012-12-11 20:15 . 2012-12-11 20:15 -------- d-----w- c:\users\Uli\AppData\Roaming\Jalbum AB
2012-12-11 17:41 . 2012-12-11 17:41 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-11 17:41 . 2012-12-11 17:41 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-11 17:41 . 2012-12-11 17:41 -------- d-----w- c:\program files (x86)\Java
2012-12-11 05:34 . 2012-12-11 05:34 -------- d-----w- c:\users\Uli\AppData\Roaming\dvdcss
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-09 16:31 . 2012-04-04 14:30 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2013-01-09 10:46 . 2012-04-06 16:30 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-08 21:02 . 2012-04-04 15:52 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-08 21:02 . 2012-04-04 15:52 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-11 17:41 . 2012-09-28 14:46 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-11 17:41 . 2012-09-28 14:46 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-03 15:47 . 2012-04-04 14:38 2816824 ----a-w- c:\windows\system32\nvapi64.dll
2012-12-03 15:47 . 2012-04-04 14:38 15016256 ----a-w- c:\windows\system32\nvwgf2umx.dll
2012-12-03 15:47 . 2012-04-04 14:38 12603960 ----a-w- c:\windows\SysWow64\nvwgf2um.dll
2012-12-01 05:49 . 2011-04-07 19:37 2557800 ----a-w- c:\windows\system32\nvsvcr.dll
2012-12-01 05:49 . 2011-04-07 19:37 63336 ----a-w- c:\windows\system32\nvshext.dll
2012-12-01 05:49 . 2011-04-07 19:37 118120 ----a-w- c:\windows\system32\nvmctray.dll
2012-12-01 05:49 . 2011-04-07 19:37 890216 ----a-w- c:\windows\system32\nvvsvc.exe
2012-12-01 05:48 . 2011-04-07 19:36 6223208 ----a-w- c:\windows\system32\nvcpl.dll
2012-12-01 05:48 . 2011-04-07 19:35 3311464 ----a-w- c:\windows\system32\nvsvc64.dll
2012-11-30 21:43 . 2012-11-30 21:43 438632 ----a-w- c:\windows\SysWow64\nvStreaming.exe
2012-11-30 04:45 . 2013-01-09 04:18 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-03 01:41 . 2012-04-04 14:38 53248 ----a-w- c:\windows\SysWow64\CSVer.dll
2012-10-28 17:48 . 2012-10-28 17:48 560184 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-25 02:12 . 2012-10-25 02:12 94208 ----a-w- c:\windows\SysWow64\QuickTimeVR.qtx
2012-10-25 02:12 . 2012-10-25 02:12 69632 ----a-w- c:\windows\SysWow64\QuickTime.qts
2012-10-17 13:16 . 2012-10-17 13:16 916456 ----a-w- c:\windows\system32\deployJava1.dll
2012-10-17 13:16 . 2012-10-17 13:16 289768 ----a-w- c:\windows\system32\javaws.exe
2012-10-17 13:16 . 2012-10-17 13:16 1034216 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-10-17 13:16 . 2012-10-17 13:16 189416 ----a-w- c:\windows\system32\javaw.exe
2012-10-17 13:16 . 2012-10-17 13:16 188904 ----a-w- c:\windows\system32\java.exe
2012-10-17 13:16 . 2012-10-17 13:16 108008 ----a-w- c:\windows\system32\WindowsAccessBridge-64.dll
2012-10-16 08:38 . 2012-12-24 11:13 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-24 11:13 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-24 11:13 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Uli\AppData\Roaming\loadtbs\toolbar.dll" [2012-06-20 614912]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-04-04 39408]
"Akamai NetSession Interface"="c:\users\Uli\AppData\Local\Akamai\netsession_win.exe" [2012-10-09 4441920]
"ApplePhotoStreams"="c:\program files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-09-10 59280]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" [2012-11-30 56128]
"jmekey"="c:\windows\jmesoft\hotkey.exe" [2011-03-21 118784]
"jmesoft"="c:\windows\jmesoft\ServiceLoader.exe" [2011-03-15 28672]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2011-09-16 115048]
"ModeSwitch"="c:\program files\Lenovo\Power Dial\LitModeSwitch.exe" [2010-09-26 163840]
"Lenovo Dynamic Brightness System"="c:\program files\Lenovo\Lenovo Brightness System\Lenovo Dynamic Brightness System.exe" [2010-10-08 285696]
"Lenovo Eye Distance System"="c:\program files\Lenovo\Lenovo Eye Distance System\Lenovo Eye Distance System.exe" [2010-09-09 265216]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"CLMLServer"="c:\program files (x86)\Lenovo\Power2Go\CLMLSvc.exe" [2009-12-04 103720]
"UpdateP2GoShortCut"="c:\program files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"VirtualCloneDrive"="c:\program files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2011-03-07 89456]
"Acrobat Assistant 8.0"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"UnlockerAssistant"="c:\program files (x86)\Unlocker\UnlockerAssistant.exe" [2010-07-04 17408]
"CloneCDTray"="c:\program files (x86)\SlySoft\CloneCD\CloneCDTray.exe" [2009-01-29 57344]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-10-11 59280]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
AutoStart IR.lnk - c:\program files (x86)\WinTV\Ir.exe [2012-4-5 110647]
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328]
WinTV Recording Status..lnk - c:\program files (x86)\WinTV\WinTV7\WinTVTray.exe [2012-4-5 98304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="c:\progra~3\dsgsdgdsgdsgw.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe Acrobat Speed Launcher"="c:\program files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe"
"HP Software Update"=c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" -atboottime
.
R1 Uim_VIM;UIM Virtual Image Plugin;c:\windows\system32\Drivers\uim_vimx64.sys [2011-11-17 352816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 JME Keyboard;JME Keyboard Driver;c:\windows\jmesoft\Service.exe [2011-03-15 32768]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 esgiguard;esgiguard;c:\program files\Enigma Software Group\SpyHunter\esgiguard.sys [x]
R3 hcw17bda;Hauppauge SMS1000-based;c:\windows\system32\drivers\hcw17bda.sys [2008-12-11 57344]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 WMSVC;Webverwaltungsdienst;c:\windows\system32\inetsrv\wmsvc.exe [2009-07-14 10752]
R3 wsvd;wsvd;c:\windows\system32\DRIVERS\wsvd.sys [2009-07-21 121840]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys [2012-11-19 652344]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys [2012-11-19 28216]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2011-11-29 55856]
S0 sptd;sptd;c:\windows\\SystemRoot\System32\Drivers\sptd.sys [x]
S0 WinI2C-DDC;WinI2C-DDC Kernel Mode Driver;c:\windows\system32\drivers\DDCDrv.sys [2008-04-08 20832]
S2 acedrv11;acedrv11;c:\windows\system32\drivers\acedrv11.sys [2010-02-24 191616]
S2 CEEBC40A-FDED-4C59-B354-939132350B01;Roxio File Backup Service;c:\program files (x86)\Roxio\BackOnTrack\File Backup\FileBackupSVC.exe [2010-08-29 96752]
S2 ftpsvc;Microsoft-FTP-Dienst;c:\windows\system32\svchost.exe [2009-07-14 27136]
S2 HauppaugeTVServer;HauppaugeTVServer;c:\program files (x86)\WinTV\TVServer\HauppaugeTVServer.exe [2009-04-01 442368]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage-Technologie;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2012-11-19 14904]
S2 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek USB 2.0 Card Reader\RIconMan.exe [2012-09-07 2464400]
S2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe [2012-07-27 636952]
S2 Intel(R) PROSet Monitoring Service;Intel(R) PROSet Monitoring Service;c:\windows\system32\IProsetMonitor.exe [2012-09-06 170824]
S2 iprip;RIP-Überwachung;c:\windows\System32\svchost.exe [2009-07-14 27136]
S2 LenovoCOMSvc;LenovoCOMService;c:\program files\Lenovo\Power Dial\LenovoCOMSvc.exe [2009-09-30 49152]
S2 NfsClnt;Client für NFS;c:\windows\system32\nfsclnt.exe [2010-11-21 65536]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-11-30 382824]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesService64.exe [2012-09-14 2365792]
S3 LitModeCtrl;LitModeCtrl;c:\program files\Lenovo\Power Dial\LitModeCtrl.exe [2010-09-09 81920]
S3 NfsRdr;Client für NFS-Redirector;c:\windows\system32\drivers\nfsrdr.sys [2010-11-21 246272]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2012-08-27 107912]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2012-08-27 226696]
S3 PsxDrv;PsxDrv;c:\windows\system32\drivers\psxdrv.sys [2009-07-13 10240]
S3 RpcXdr;Server für NFS Open RPC (ONCRPC);c:\windows\system32\drivers\rpcxdr.sys [2010-11-21 104960]
S3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2012-08-29 243712]
S3 RTL8192Ce;Realtek Wireless LAN 802.11n PCI-E NIC Driver;c:\windows\system32\DRIVERS\rtl8192Ce.sys [2012-09-13 879760]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2013\TuneUpUtilitiesDriver64.sys [2012-08-28 11880]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 89067630
*Deregistered* - 89067630
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-09 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-04 21:02]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 14:59]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-04 14:59]
.
2013-01-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000Core.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20 15:51]
.
2013-01-09 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3780310404-1495567817-1753761354-1000UA.job
- c:\users\Uli\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-20 15:51]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MsmqIntCert"="mqrt.dll" [2010-11-21 247808]
"UpdatePRCShortCut"="c:\program files\Lenovo\OneKey App\Lenovo Rescue System\MUITransfer\MUIStartMenu.exe" [2009-05-13 222504]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-03-28 11786344]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = <local>;*.local
IE: An OneNote s&enden - c:\progra~1\MICROS~2\Office15\ONBttnIE.dll/105
IE: An vorhandenes PDF anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~2\Office15\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Verknüpfungsziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Uli\AppData\Roaming\Mozilla\Firefox\Profiles\mt51ewtl.default\
FF - prefs.js: browser.search.selectedEngine - Search the web (Babylon)
FF - prefs.js: browser.startup.homepage - hxxps://www.facebook.com/
FF - prefs.js: keyword.URL - hxxp://search.babylon.com/?affID=109989&tt=050412_30b&babsrc=KW_ss&mntrId=0860bd63000000000000ac8112b43d50&q=
FF - ExtSQL: 2012-12-28 22:29; leethax@leethax.net; c:\users\Uli\AppData\Roaming\Mozilla\Firefox\Profiles\mt51ewtl.default\extensions\leethax@leethax.net.xpi
FF - ExtSQL: 2013-01-02 06:24; jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack; c:\users\Uli\AppData\Roaming\Mozilla\Firefox\Profiles\mt51ewtl.default\extensions\jid0-nEKQbsVUhSe9FRuGEdAV8hAphDI@jetpack.xpi
FF - ExtSQL: !HIDDEN! 2012-04-10 16:04; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=109989&tt=050412_30b
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar_i.id - 0860bd63000000000000ac8112b43d50
FF - user.js: extensions.BabylonToolbar_i.hardId - 0860bd63000000000000ac8112b43d50
FF - user.js: extensions.BabylonToolbar_i.instlDay - 15436
FF - user.js: extensions.BabylonToolbar_i.vrsn - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsni - 1.5.3.17
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.5.3.1715:39
FF - user.js: extensions.BabylonToolbar_i.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar_i.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar_i.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar_i.tlbrId - tb9
FF - user.js: extensions.BabylonToolbar_i.instlRef - sst
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
.
------- Dateityp-Verknüpfung -------
.
.txt=
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
WebBrowser-{DFEFCDEE-CF1A-4FC8-88AD-129872198372} - (no file)
AddRemove-HijackThis - l:\bootcd\wintools\HijackThis.exe
AddRemove-{3966711E-1F98-4C9F-AE0B-6AD28137FE64} - c:\programdata\{802DB52C-80D7-4701-8846-73B3AEA244E6}\Mir4Installer.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (LocalSystem)
"{47833539-D0C5-4125-9FA8-0819E2EAAC93}"=hex:51,66,7a,6c,4c,1d,38,12,57,36,90,
43,f7,9e,4b,04,e0,be,4b,59,e7,b4,e8,87
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"=hex:51,66,7a,6c,4c,1d,38,12,80,ce,fc,
db,28,81,a6,0a,f7,bb,51,d8,77,47,c7,66
"{2318C2B1-4965-11D4-9B18-009027A5CD4F}"=hex:51,66,7a,6c,4c,1d,38,12,df,c1,0b,
27,57,07,ba,54,e4,0e,43,d0,22,fb,89,5b
"{0347C33E-8762-4905-BF09-768834316C61}"=hex:51,66,7a,6c,4c,1d,38,12,50,c0,54,
07,50,c9,6b,0c,c0,1f,35,c8,31,6f,28,75
"{18DF081C-E8AD-4283-A596-FA578C2EBDC3}"=hex:51,66,7a,6c,4c,1d,38,12,72,0b,cc,
1c,9f,a6,ed,07,da,80,b9,17,89,70,f9,d7
"{326E768D-4182-46FD-9C16-1449A49795F4}"=hex:51,66,7a,6c,4c,1d,38,12,e3,75,7d,
36,b0,0f,93,03,e3,00,57,09,a1,c9,d1,e0
"{72853161-30C5-4D22-B7F9-0BBC1D38A37E}"=hex:51,66,7a,6c,4c,1d,38,12,0f,32,96,
76,f7,7e,4c,08,c8,ef,48,fc,18,66,e7,6a
"{9030D464-4C02-4ABF-8ECC-5164760863C6}"=hex:51,66,7a,6c,4c,1d,38,12,0a,d7,23,
94,30,02,d1,0f,f1,da,12,24,73,56,27,d2
"{AA58ED58-01DD-4D91-8333-CF10577473F7}"=hex:51,66,7a,6c,4c,1d,38,12,36,ee,4b,
ae,ef,4f,ff,08,fc,25,8c,50,52,2a,37,e3
"{AE7CD045-E861-484F-8273-0445EE161910}"=hex:51,66,7a,6c,4c,1d,38,12,2b,d3,6f,
aa,53,a6,21,0d,fd,65,47,05,eb,48,5d,04
"{F4971EE7-DAA0-4053-9964-665D8EE6A077}"=hex:51,66,7a,6c,4c,1d,38,12,89,1d,84,
f0,92,94,3d,05,e6,72,25,1d,8b,b8,e4,63
"{FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856}"=hex:51,66,7a,6c,4c,1d,38,12,91,fc,ec,
fb,7c,81,45,0a,c2,d4,4d,32,e4,48,ec,42
"{2A541AE1-5BF6-4665-A8A3-CFA9672E4291}"=hex:51,66,7a,6c,4c,1d,38,12,8f,19,47,
2e,c4,15,0b,03,d7,b5,8c,e9,62,70,06,85
"{555D4D79-4BD2-4094-A395-CFC534424A05}"=hex:51,66,7a,6c,4c,1d,38,12,17,4e,4e,
51,e0,05,fa,05,dc,83,8c,85,31,1c,0e,11
"{FF059E31-CC5A-4E2E-BF3B-96E929D65503}"=hex:51,66,7a,6c,4c,1d,38,12,5f,9d,16,
fb,68,82,40,0b,c0,2d,d5,a9,2c,88,11,17
"{BDEADE7F-C265-11D0-BCED-00A0C90AB50F}"=hex:51,66,7a,6c,4c,1d,38,12,11,dd,f9,
b9,57,8c,be,54,c3,fb,43,e0,cc,54,f1,1b
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (LocalSystem)
"Timestamp"=hex:1d,2d,61,05,5f,d2,cd,01
.
[HKEY_USERS\.Default\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (LocalSystem)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,b5,ff,7f,44,0b,d2,4b,a1,e9,4c,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,48,b5,ff,7f,44,0b,d2,4b,a1,e9,4c,\
.
[HKEY_USERS\S-1-5-21-3780310404-1495567817-1753761354-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (S-1-5-21-3780310404-1495567817-1753761354-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.eml.14"
.
[HKEY_USERS\S-1-5-21-3780310404-1495567817-1753761354-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (S-1-5-21-3780310404-1495567817-1753761354-1000)
@Denied: (2) (LocalSystem)
"Progid"="Outlook.File.vcf"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10b.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10b.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{0BE09CC1-42E0-11DD-AE16-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10b.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}]
@Denied: (A 2) (Everyone)
@="IFlashBroker2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{DDF4CE26-4BDA-42BC-B0F0-0E75243AD285}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-09 18:03:09
ComboFix-quarantined-files.txt 2013-01-09 17:03
.
Vor Suchlauf: 1.208.143.872 Bytes frei
Nach Suchlauf: 778.375.168 Bytes frei
.
- - End Of File - - BEBD39D62402DE4BE2F4C98DA1A1460D
Danke euch. Kurze Frage. Der Rechner läuft wieder. War es das jetzt oder kommt da noch was ? Ihr habt sicherlich viel zu tun und euer Service ist echt klasse. Danke euch vielmals. |
|
09.01.2013, 19:03
| #10 |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 21:03
| #11 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert So, hier ist dann das Ergebniss. PHP-Code: mpdreiforyou |
|
09.01.2013, 21:05
| #12 |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hi, lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
09.01.2013, 21:54
| #13 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Hier die Liste. PHP-Code: |
|
10.01.2013, 00:35
| #14 |
| /// Malware-holic | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. deinstaliere: Driver*Genius* Easy*GIF* G*DATA* Google*Toolbar* Hauppauge*: alle HijackThis* iFunbox* Image* ImgBurn**** iPhoneBrowser**** IrfanView* Java*: beide downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: LEGO* MAGIX* Ontrack* PantsOff* Paragon* PhotoScape******** PS3* Shop* ThemeWallpaper**** TuneUp*: verzichte auf solchen Unsinn, viele Funktionen bringen nichts, andere können dem System schaden. du musst dein System nur sauber halten, wenig im autostart, unnützes deinstalieren. Ulead* Unlocker* Win7codecs****: braucht man eig auch nicht unbedingt, vlc spielt ja alles ab Windows*Live*: alle die, die du nicht nutzt. Öffne CCleaner, analysieren, starten, pc neustarten. Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 06:08
| #15 |
| | GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert Dient das ganze jetzt nur noch, um das system geringer zu halten oder wie man sagt sauber. Werde mich nach der Arbeit mal dran setzen. Ist denn der Trojaner jetzt runter ? |
|
| Themen zu GVU auf dem Rechner, abgesicherter Modus geht, jedoch kein Wiederherstellungspunkt, da deaktiviert |
| 64bit, abgesicherte, abgesicherten, abgesicherter, aufrufe, deaktiviert, guv virus, herunterfahren, heute, hintergrund, kleine, kleinen, konnte, leute, modus, nutze, nutzen, programm, rechner, sperrung, systeme, taskmanager, trick, unterschiedliche, virus, wiederherstellung, windows, windows 7 |
Linear-Darstellung
