| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner abgesicherter Modus nicht möglichWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.01.2013, 22:16
| #1 |
 |  GVU Trojaner abgesicherter Modus nicht möglich Hallo, habe mir den GVU Trojaner eingefangen. Komme auch im abgesicherten Modus nicht mehr in mein Hauptbenutzerkonto (Win7), da der Trojaner sofort den PC wieder herunterfährt. Habe es mit OTLPE und einer bootfähigen CD probiert, aber die startet immer die nicht befallende XP-Version. Wer kann mir weiterhelfen? Es grüsst der Infizierte |
|
13.01.2013, 22:41
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GVU Trojaner abgesicherter Modus nicht möglichZitat:
http://www.trojaner-board.de/81857-c...cd-booten.html
__________________ |
|
13.01.2013, 23:20
| #3 |
| | GVU Trojaner abgesicherter Modus nicht möglich Ich habe es tatsächlich geschafft, danke für den Link. Hier die Scandaten:
__________________OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/13/2013 11:02:23 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 64.77 Mb Free Space | 64.77% Space Free | Partition Type: NTFS
Drive D: | 97.66 Gb Total Space | 5.26 Gb Free Space | 5.39% Space Free | Partition Type: NTFS
Drive E: | 78.12 Gb Total Space | 7.39 Gb Free Space | 9.46% Space Free | Partition Type: NTFS
Drive F: | 195.31 Gb Total Space | 17.73 Gb Free Space | 9.08% Space Free | Partition Type: NTFS
Drive G: | 1.88 Gb Total Space | 1.85 Gb Free Space | 98.19% Space Free | Partition Type: NTFS
Drive H: | 45.74 Gb Total Space | 5.88 Gb Free Space | 12.85% Space Free | Partition Type: NTFS
Drive I: | 48.83 Gb Total Space | 20.49 Gb Free Space | 41.97% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - (cmdAgent) -- H:\Program Files\COMODO\COMODO Internet Security\cmdagent.exe (COMODO)
SRV:64bit: - (AMD External Events Utility) -- H:\Windows\System32\atiesrxx.exe (AMD)
SRV:64bit: - (AMD FUEL Service) -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe (Advanced Micro Devices, Inc.)
SRV:64bit: - (LBTServ) -- H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTServ.exe (Logitech, Inc.)
SRV:64bit: - (WinDefend) -- H:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- H:\Windows\System32\appmgmts.dll (Microsoft Corporation)
SRV - (MozillaMaintenance) -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (AdobeARMservice) -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (AVGIDSAgent) -- H:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (vToolbarUpdater13.2.0) -- H:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe ()
SRV - (avgwd) -- H:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (SkypeUpdate) -- H:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (PassThru Service) -- H:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe ()
SRV - (clr_optimization_v4.0.30319_32) -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
========== Driver Services (SafeList) ==========
DRV:64bit: - (Avgmfx64) -- H:\Windows\System32\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (avgtp) -- H:\Windows\System32\drivers\avgtpx64.sys (AVG Technologies)
DRV:64bit: - (atksgt) -- H:\Windows\System32\drivers\atksgt.sys ()
DRV:64bit: - (lirsgt) -- H:\Windows\System32\drivers\lirsgt.sys ()
DRV:64bit: - (AVGIDSDriver) -- H:\Windows\System32\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- H:\Windows\System32\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- H:\Windows\System32\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- H:\Windows\System32\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- H:\Windows\System32\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- H:\Windows\System32\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- H:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dtsoftbus01) -- H:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd)
DRV:64bit: - (AtiPcie) AMD PCI Express (3GIO) -- H:\Windows\System32\drivers\AtiPcie.sys (Advanced Micro Devices Inc.)
DRV:64bit: - (amdkmdag) -- H:\Windows\System32\drivers\atikmdag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (amdkmdap) -- H:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.)
DRV:64bit: - (AODDriver4.1) -- H:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys (Advanced Micro Devices)
DRV:64bit: - (AtiHDAudioService) -- H:\Windows\System32\drivers\AtihdW76.sys (Advanced Micro Devices)
DRV:64bit: - (LUsbFilt) -- H:\Windows\System32\drivers\LUsbFilt.sys (Logitech, Inc.)
DRV:64bit: - (LMouFilt) -- H:\Windows\System32\drivers\LMouFilt.Sys (Logitech, Inc.)
DRV:64bit: - (LHidFilt) -- H:\Windows\System32\drivers\LHidFilt.Sys (Logitech, Inc.)
DRV:64bit: - (AnyDVD) -- H:\Windows\System32\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV:64bit: - (htcnprot) -- H:\Windows\System32\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider)
DRV:64bit: - (TFsExDisk) -- H:\Windows\System32\drivers\TFsExDisk.sys (Teruten Inc)
DRV:64bit: - (ss_bmdm) -- H:\Windows\System32\drivers\ss_bmdm.sys (MCCI Corporation)
DRV:64bit: - (ss_bbus) SAMSUNG USB Mobile Device (WDM) -- H:\Windows\System32\drivers\ss_bbus.sys (MCCI)
DRV:64bit: - (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter) -- H:\Windows\System32\drivers\ss_bmdfl.sys (MCCI Corporation)
DRV:64bit: - (amdiox64) -- H:\Windows\System32\drivers\amdiox64.sys (Advanced Micro Devices)
DRV:64bit: - (HTCAND64) -- H:\Windows\System32\drivers\ANDROIDUSB.sys (HTC, Corporation)
DRV:64bit: - (VIAHdAudAddService) -- H:\Windows\System32\drivers\viahduaa.sys (VIA Technologies, Inc.)
DRV:64bit: - (usb_rndisx) -- H:\Windows\System32\drivers\usb8023x.sys (Microsoft Corporation)
DRV:64bit: - (Ntfs) -- H:\Windows\System32\wbem\ntfs.mof ()
DRV:64bit: - (ebdrv) -- H:\Windows\system32\DRIVERS\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- H:\Windows\system32\DRIVERS\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- H:\Windows\System32\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (RTL8167) -- H:\Windows\System32\drivers\Rt64win7.sys (Realtek Corporation )
DRV:64bit: - (STTub203) -- H:\Windows\System32\drivers\STTub203.sys ()
DRV - (ASCTRM) -- H:\Windows\SysWow64\drivers\asctrm.sys (Windows (R) 2000 DDK provider)
DRV - (AnyDVD) -- H:\Windows\SysWOW64\drivers\AnyDVD.sys (SlySoft, Inc.)
DRV - (TFsExDisk) -- H:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 53 86 E2 B8 20 CD 01 [binary data]
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
IE - HKU\***_ON_H\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
IE - HKU\***_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Network_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKU\Network_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Network_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Network_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = A8 EF 1D 88 72 76 CD 01 [binary data]
IE - HKU\Network_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.order.1: ""
FF - prefs.js..browser.search.selectedEngine: "Web Search"
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "google.de"
FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_5_502_146.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: H:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: H:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: H:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: H:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: H:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: H:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: H:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: H:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: H:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.0.0: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/04/16 09:24:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012/08/24 10:14:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\13.2.0.5 [2012/11/08 09:15:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/10 20:12:25 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 18.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/01/11 17:24:12 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012/12/06 07:00:53 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins
[2012/04/15 13:40:17 | 000,000,000 | ---D | M] (No name found) -- H:\Users\***\AppData\Roaming\Mozilla\Extensions
[2013/01/10 18:28:17 | 000,000,000 | ---D | M] (No name found) -- H:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pqz1g91c.default\extensions
[2013/01/10 18:28:17 | 000,000,000 | ---D | M] (DownloadHelper) -- H:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pqz1g91c.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2012/09/15 10:48:25 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- H:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pqz1g91c.default\extensions\ich@maltegoetz.de
[2013/01/10 20:12:21 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2013/01/10 20:12:25 | 000,262,704 | ---- | M] (Mozilla Foundation) -- H:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/08/24 10:13:59 | 000,129,176 | ---- | M] (RealPlayer) -- H:\Program Files (x86)\mozilla firefox\plugins\nprpplugin.dll
[2012/06/17 16:48:08 | 000,001,392 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/11/08 09:15:04 | 000,003,572 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml
[2012/08/24 10:13:51 | 000,002,349 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/08/29 15:08:40 | 000,002,465 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/17 16:48:08 | 000,001,153 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/17 16:48:08 | 000,006,805 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/17 16:48:08 | 000,001,178 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/17 16:48:08 | 000,001,105 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2012/10/06 06:30:07 | 000,444,411 | R--- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 www.123fporn.info
O1 - Hosts: 15262 more lines...
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - H:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - H:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3:64bit: - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - H:\Program Files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll ()
O4:64bit: - HKLM..\Run: [COMODO Internet Security] H:\Program Files\COMODO\COMODO Internet Security\cfp.exe (COMODO)
O4:64bit: - HKLM..\Run: [EvtMgr6] H:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.)
O4:64bit: - HKLM..\Run: [TaskSchdPS] File not found
O4 - HKLM..\Run: [AMD AVT] H:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\Run: [AVG_UI] H:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [HDAudDeck] H:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA)
O4 - HKLM..\Run: [HTC Sync Loader] H:\Program Files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [NPSStartup] File not found
O4 - HKLM..\Run: [ROC_ROC_NT] H:\Program Files (x86)\AVG Secure Search\ROC_ROC_NT.exe ()
O4 - HKLM..\Run: [StartCCC] H:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKLM..\Run: [TkBellExe] H:\Program Files (x86)\Real\RealPlayer\update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [vProt] H:\Program Files (x86)\AVG Secure Search\vprot.exe ()
O4 - HKU\***_ON_H..\Run: [ASRockIES] File not found
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKU\***_ON_H\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Key error.)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - Reg Error: Key error. File not found
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\guard64.dll) - H:\Windows\System32\guard64.dll (COMODO)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\guard32.dll) - H:\Windows\SysWOW64\guard32.dll (COMODO)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (C:\PROGRA~3\dsgsdgdsgdsgw.bat) - File not found
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\***_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\***_ON_H Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - H:\Users\***\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - H:\Program Files\Common Files\LogiShrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - File not found - -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b8d7f4f1-87cd-11e1-afd8-00252205cc7b}\Shell - "" = AutoRun
O33 - MountPoints2\{b8d7f4f1-87cd-11e1-afd8-00252205cc7b}\Shell\AutoRun\command - "" = M:\Autorun.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/01/13 16:43:43 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\vlc
[2013/01/13 16:10:31 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\IrfanView
[2013/01/13 16:10:17 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\WinRAR
[2013/01/13 15:30:50 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\LSoft Technologies
[2013/01/13 15:30:50 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\InstallShield Installation Information
[2013/01/13 15:30:50 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Active@ ISO Burner
[2013/01/13 15:23:01 | 000,000,000 | ---D | C] -- H:\eeepcfr
[2013/01/13 15:19:46 | 000,000,000 | ---D | C] -- H:\Users\Network\Desktop\OTLPE
[2013/01/13 15:17:57 | 000,000,000 | ---D | C] -- H:\Users\Network\Desktop\OTLPENet
[2013/01/13 15:08:54 | 127,231,689 | ---- | C] (Igor Pavlov) -- H:\Users\Network\Desktop\OTLPENet.exe
[2013/01/13 13:35:22 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- H:\Users\Network\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/13 12:46:41 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- H:\Users\Network\Desktop\HijackThis.exe
[2013/01/11 17:24:05 | 000,000,000 | -HSD | C] -- H:\Config.Msi
[2013/01/10 20:12:20 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Mozilla Firefox
[2013/01/10 10:04:36 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Hewlett-Packard
[2013/01/09 15:38:11 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Local\AVG Secure Search
[2013/01/09 15:38:00 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\AVG2013
[2013/01/09 15:37:58 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Roaming\Real
[2013/01/09 15:37:58 | 000,000,000 | ---D | C] -- H:\Users\Network\AppData\Local\Avg2013
[2013/01/09 10:22:15 | 000,750,592 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\win32spl.dll
[2013/01/09 10:22:15 | 000,492,032 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\win32spl.dll
[2013/01/09 10:22:06 | 000,800,768 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\usp10.dll
[2013/01/09 10:22:06 | 000,307,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ncrypt.dll
[2013/01/09 10:22:06 | 000,220,160 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ncrypt.dll
[2013/01/09 10:22:02 | 002,746,368 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\gameux.dll
[2013/01/09 10:22:02 | 002,576,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\gameux.dll
[2013/01/09 10:22:02 | 000,441,856 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\Wpc.dll
[2013/01/09 10:22:02 | 000,308,736 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\Wpc.dll
[2013/01/09 10:22:02 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\fpb.rs
[2013/01/09 10:22:02 | 000,046,592 | ---- | C] (Microsoft) -- H:\Windows\System32\fpb.rs
[2013/01/09 10:22:02 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\oflc-nz.rs
[2013/01/09 10:22:02 | 000,045,568 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc-nz.rs
[2013/01/09 10:22:02 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegibbfc.rs
[2013/01/09 10:22:02 | 000,044,544 | ---- | C] (Microsoft) -- H:\Windows\System32\pegibbfc.rs
[2013/01/09 10:22:02 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\csrr.rs
[2013/01/09 10:22:02 | 000,043,520 | ---- | C] (Microsoft) -- H:\Windows\System32\csrr.rs
[2013/01/09 10:22:02 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\cob-au.rs
[2013/01/09 10:22:02 | 000,040,960 | ---- | C] (Microsoft) -- H:\Windows\System32\cob-au.rs
[2013/01/09 10:22:02 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\usk.rs
[2013/01/09 10:22:02 | 000,030,720 | ---- | C] (Microsoft) -- H:\Windows\System32\usk.rs
[2013/01/09 10:22:02 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\grb.rs
[2013/01/09 10:22:02 | 000,021,504 | ---- | C] (Microsoft) -- H:\Windows\System32\grb.rs
[2013/01/09 10:22:02 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi-pt.rs
[2013/01/09 10:22:02 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-pt.rs
[2013/01/09 10:22:02 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi.rs
[2013/01/09 10:22:02 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi.rs
[2013/01/09 10:22:02 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\djctq.rs
[2013/01/09 10:22:02 | 000,015,360 | ---- | C] (Microsoft) -- H:\Windows\System32\djctq.rs
[2013/01/09 10:22:01 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\cero.rs
[2013/01/09 10:22:01 | 000,055,296 | ---- | C] (Microsoft) -- H:\Windows\System32\cero.rs
[2013/01/09 10:22:01 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\esrb.rs
[2013/01/09 10:22:01 | 000,051,712 | ---- | C] (Microsoft) -- H:\Windows\System32\esrb.rs
[2013/01/09 10:22:01 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\oflc.rs
[2013/01/09 10:22:01 | 000,023,552 | ---- | C] (Microsoft) -- H:\Windows\System32\oflc.rs
[2013/01/09 10:22:01 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\SysWow64\pegi-fi.rs
[2013/01/09 10:22:01 | 000,020,480 | ---- | C] (Microsoft) -- H:\Windows\System32\pegi-fi.rs
[2013/01/09 10:21:45 | 001,161,216 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\kernel32.dll
[2013/01/09 10:21:45 | 000,424,448 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\KernelBase.dll
[2013/01/09 10:21:44 | 000,362,496 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64win.dll
[2013/01/09 10:21:44 | 000,338,432 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\conhost.exe
[2013/01/09 10:21:44 | 000,243,200 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64.dll
[2013/01/09 10:21:44 | 000,215,040 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\winsrv.dll
[2013/01/09 10:21:44 | 000,016,384 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ntvdm64.dll
[2013/01/09 10:21:44 | 000,014,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ntvdm64.dll
[2013/01/09 10:21:44 | 000,013,312 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\wow64cpu.dll
[2013/01/09 10:21:44 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:21:44 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/01/09 10:21:44 | 000,005,120 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\wow32.dll
[2013/01/09 10:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:21:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:21:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/01/09 10:21:43 | 000,025,600 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\setup16.exe
[2013/01/09 10:21:43 | 000,007,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\instnm.exe
[2013/01/09 10:21:43 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
[2013/01/09 10:21:43 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
[2013/01/09 10:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:21:43 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:21:43 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- H:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/01/09 10:21:43 | 000,002,048 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\user.exe
[2013/01/09 10:21:36 | 000,068,608 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\taskhost.exe
[2012/12/21 08:21:58 | 000,046,080 | ---- | C] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/21 08:21:58 | 000,034,304 | ---- | C] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/21 08:21:57 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/21 08:21:57 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/20 15:51:39 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Virtual Dub
[2012/12/20 08:18:53 | 000,000,000 | ---D | C] -- H:\Users\***\AppData\Local\Programs
[2012/12/20 08:06:45 | 000,265,797 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- H:\Windows\SysWow64\pdvcodec.dll
[2012/12/20 08:06:45 | 000,265,797 | ---- | C] (Matsushita Electric Industrial Co., Ltd.) -- H:\Windows\System32\pdvcodec.dll
[2012/12/15 14:25:23 | 000,000,000 | ---D | C] -- H:\Users\***\AppData\Local\compLexity Demo Player
[2012/12/15 14:25:23 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\compLexity Demo Player
[2012/12/15 08:07:10 | 000,000,000 | ---D | C] -- H:\Users\***\Desktop\Sounds
========== Files - Modified Within 30 Days ==========
[2013/01/13 16:50:51 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/01/13 16:45:00 | 000,001,108 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/01/13 16:05:17 | 000,365,568 | ---- | M] () -- H:\Users\Network\Desktop\gmer-2.0.18444.exe
[2013/01/13 16:04:07 | 000,050,477 | ---- | M] () -- H:\Users\Network\Desktop\Defogger.exe
[2013/01/13 15:56:21 | 000,013,568 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 15:56:21 | 000,013,568 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/01/13 15:49:32 | 000,001,104 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/01/13 15:49:01 | 3220,676,608 | -HS- | M] () -- H:\hiberfil.sys
[2013/01/13 15:12:47 | 000,657,660 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/01/13 15:12:47 | 000,618,936 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/01/13 15:12:47 | 000,131,032 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/01/13 15:12:47 | 000,107,256 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/01/13 15:12:23 | 000,112,430 | ---- | M] () -- H:\Users\Network\Desktop\PeToUSB_V3.0.0.8_GER.zip
[2013/01/13 15:11:49 | 127,231,689 | ---- | M] (Igor Pavlov) -- H:\Users\Network\Desktop\OTLPENet.exe
[2013/01/13 15:11:32 | 000,515,892 | ---- | M] () -- H:\Users\Network\Desktop\eeepcfr.zip
[2013/01/13 13:35:33 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- H:\Users\Network\Desktop\mbam-setup-1.70.0.1100.exe
[2013/01/13 13:00:08 | 000,000,000 | ---- | M] () -- H:\Users\***\AppData\Roaming\skype.ini
[2013/01/13 12:46:47 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- H:\Users\Network\Desktop\HijackThis.exe
[2013/01/12 18:43:33 | 000,109,447 | ---- | M] () -- H:\Users\***\Desktop\c2dd2ed26d.jpg
[2013/01/12 12:34:35 | 000,090,816 | ---- | M] () -- H:\Users\***\Desktop\397770_546829565328080_1532392126_n.jpg
[2013/01/12 07:41:10 | 054,908,318 | ---- | M] () -- H:\Users\***\Desktop\CrossFit_Coaching_Clean&JerkNatalie_HD.mov
[2013/01/11 18:13:44 | 026,573,611 | ---- | M] () -- H:\Users\***\Desktop\Coach Mike Burgener, End First Pull.mp4
[2013/01/11 18:12:19 | 052,563,997 | ---- | M] () -- H:\Users\***\Desktop\Quick squat ankle test.mp4
[2013/01/11 17:24:13 | 000,002,441 | ---- | M] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/11 17:00:06 | 000,222,852 | ---- | M] () -- H:\Users\***\Desktop\cfjissue21_May04.pdf
[2013/01/11 17:00:02 | 000,498,026 | ---- | M] () -- H:\Users\***\Desktop\NuFit.pdf
[2013/01/11 07:48:53 | 000,749,966 | ---- | M] () -- H:\Users\***\Desktop\CFJ_Lengel_Morran_2.pdf
[2013/01/11 07:41:54 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerApp.exe
[2013/01/11 07:41:54 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013/01/10 19:55:32 | 000,059,456 | ---- | M] () -- H:\Users\***\Desktop\1357865323663.jpg
[2013/01/10 18:33:48 | 001,296,648 | ---- | M] () -- H:\Users\***\Desktop\lernunterlage 1112 aktualisiert.pdf
[2013/01/09 11:45:45 | 000,345,080 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/01/09 11:37:21 | 000,002,127 | ---- | M] () -- H:\Users\***\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Thunderbird.lnk
[2013/01/08 18:37:34 | 008,821,873 | ---- | M] () -- H:\Users\***\Desktop\Krewella-Strobelights.mp3
[2013/01/08 17:57:24 | 016,094,959 | ---- | M] () -- H:\Users\***\Desktop\Motivation, Success, Greatness. -Will Smith.mp4
[2013/01/08 09:26:58 | 000,520,556 | ---- | M] () -- H:\Users\***\Desktop\A._Jahresflyer_2013.pdf
[2012/12/22 13:44:17 | 000,009,728 | ---- | M] () -- H:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/12/17 19:13:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
[2012/12/16 12:11:22 | 000,046,080 | ---- | M] (Adobe Systems) -- H:\Windows\System32\atmlib.dll
[2012/12/16 09:45:03 | 000,367,616 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\System32\atmfd.dll
[2012/12/16 09:13:28 | 000,295,424 | ---- | M] (Adobe Systems Incorporated) -- H:\Windows\SysWow64\atmfd.dll
[2012/12/16 09:13:20 | 000,034,304 | ---- | M] (Adobe Systems) -- H:\Windows\SysWow64\atmlib.dll
[2012/12/15 08:08:56 | 014,179,750 | ---- | M] () -- H:\Users\***\Desktop\Serversounds.zip
========== Files Created - No Company Name ==========
[2013/01/13 16:05:17 | 000,365,568 | ---- | C] () -- H:\Users\Network\Desktop\gmer-2.0.18444.exe
[2013/01/13 16:03:46 | 000,050,477 | ---- | C] () -- H:\Users\Network\Desktop\Defogger.exe
[2013/01/13 15:12:23 | 000,112,430 | ---- | C] () -- H:\Users\Network\Desktop\PeToUSB_V3.0.0.8_GER.zip
[2013/01/13 15:11:32 | 000,515,892 | ---- | C] () -- H:\Users\Network\Desktop\eeepcfr.zip
[2013/01/13 11:52:40 | 000,000,000 | ---- | C] () -- H:\Users\***\AppData\Roaming\skype.ini
[2013/01/12 18:43:32 | 000,109,447 | ---- | C] () -- H:\Users\***\Desktop\c2dd2ed26d.jpg
[2013/01/12 12:34:33 | 000,090,816 | ---- | C] () -- H:\Users\***\Desktop\397770_546829565328080_1532392126_n.jpg
[2013/01/12 07:37:47 | 054,908,318 | ---- | C] () -- H:\Users\***\Desktop\CrossFit_Coaching_Clean&JerkNatalie_HD.mov
[2013/01/11 18:00:04 | 026,573,611 | ---- | C] () -- H:\Users\***\Desktop\Coach Mike Burgener, End First Pull.mp4
[2013/01/11 17:49:28 | 052,563,997 | ---- | C] () -- H:\Users\***\Desktop\Quick squat ankle test.mp4
[2013/01/11 17:24:13 | 000,002,441 | ---- | C] () -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk
[2013/01/11 17:00:06 | 000,222,852 | ---- | C] () -- H:\Users\***\Desktop\cfjissue21_May04.pdf
[2013/01/11 17:00:00 | 000,498,026 | ---- | C] () -- H:\Users\***\Desktop\NuFit.pdf
[2013/01/11 07:48:51 | 000,749,966 | ---- | C] () -- H:\Users\***\Desktop\CFJ_Lengel_Morran_2.pdf
[2013/01/10 19:55:31 | 000,059,456 | ---- | C] () -- H:\Users\***\Desktop\1357865323663.jpg
[2013/01/10 18:33:48 | 001,296,648 | ---- | C] () -- H:\Users\***\Desktop\lernunterlage 1112 aktualisiert.pdf
[2013/01/09 11:20:32 | 000,501,760 | ---- | C] () -- H:\Windows\System32\ZSHP1020.EXE
[2013/01/09 11:20:32 | 000,192,512 | ---- | C] () -- H:\Windows\System32\ZLhp1020.DLL
[2013/01/08 18:37:20 | 008,821,873 | ---- | C] () -- H:\Users\***\Desktop\Krewella-Strobelights.mp3
[2013/01/08 17:57:01 | 016,094,959 | ---- | C] () -- H:\Users\***\Desktop\Motivation, Success, Greatness. -Will Smith.mp4
[2013/01/08 09:26:58 | 000,520,556 | ---- | C] () -- H:\Users\***\Desktop\A._Jahresflyer_2013.pdf
[2012/12/20 08:06:45 | 000,001,199 | ---- | C] () -- H:\Windows\SysWow64\panadv.inf
[2012/12/20 08:06:45 | 000,001,199 | ---- | C] () -- H:\Windows\System32\panadv.inf
[2012/12/15 08:08:10 | 014,179,750 | ---- | C] () -- H:\Users\***\Desktop\Serversounds.zip
[2012/11/09 07:52:54 | 000,000,062 | ---- | C] () -- H:\Windows\pcvcdbr.INI
[2012/11/09 07:52:52 | 000,000,000 | ---- | C] () -- H:\Windows\pcvcdvw.INI
[2012/10/14 13:20:36 | 000,004,430 | ---- | C] () -- H:\Users\***\AppData\Local\recently-used.xbel
[2012/07/14 18:43:26 | 000,000,040 | -HS- | C] () -- H:\ProgramData\.zreglib
[2012/07/01 17:51:48 | 000,007,605 | ---- | C] () -- H:\Users\***\AppData\Local\Resmon.ResmonCfg
[2012/05/11 10:53:19 | 000,484,352 | ---- | C] () -- H:\Windows\SysWow64\lame_enc.dll
[2012/04/20 14:51:51 | 000,009,728 | ---- | C] () -- H:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/04/18 18:15:27 | 001,526,060 | ---- | C] () -- H:\Windows\SysWow64\PerfStringBackup.INI
[2012/04/18 12:49:51 | 000,147,456 | ---- | C] () -- H:\Windows\SysWow64\STTubeDevice203.dll
[2012/04/18 12:42:59 | 000,000,028 | ---- | C] () -- H:\Windows\HOTAS.ini
[2012/04/16 15:35:20 | 000,112,640 | ---- | C] () -- H:\Windows\SysWow64\ff_vfw.dll
[2012/04/15 16:36:50 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2012/04/15 13:02:51 | 000,000,000 | ---- | C] () -- H:\Windows\ativpsrm.bin
[2012/04/15 09:21:03 | 000,058,880 | ---- | C] () -- H:\Users\***\AppData\Roaming\skype.dat
[2012/03/08 23:31:26 | 000,204,952 | ---- | C] () -- H:\Windows\SysWow64\ativvsvl.dat
[2012/03/08 23:31:26 | 000,157,144 | ---- | C] () -- H:\Windows\SysWow64\ativvsva.dat
[2012/03/08 18:26:20 | 000,054,784 | ---- | C] () -- H:\Windows\SysWow64\OVDecode.dll
[2012/01/31 00:00:24 | 000,016,896 | ---- | C] () -- H:\Windows\SysWow64\kdbsdk32.dll
[2011/09/12 17:06:16 | 000,003,917 | ---- | C] () -- H:\Windows\SysWow64\atipblag.dat
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
[2007/10/25 10:26:10 | 000,005,632 | ---- | C] () -- H:\Windows\SysWow64\drivers\StarOpen.sys
========== LOP Check ==========
[2012/04/16 09:02:04 | 000,000,000 | ---D | M] -- H:\ProgramData\AMD
[2012/04/15 09:06:42 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/11/08 09:15:14 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG Secure Search
[2012/10/02 16:10:20 | 000,000,000 | ---D | M] -- H:\ProgramData\AVG2013
[2012/05/08 08:54:03 | 000,000,000 | ---D | M] -- H:\ProgramData\Canneverbe Limited
[2012/04/15 13:25:43 | 000,000,000 | -H-D | M] -- H:\ProgramData\Common Files
[2012/04/15 15:59:06 | 000,000,000 | ---D | M] -- H:\ProgramData\CPA_VA
[2012/04/16 15:29:54 | 000,000,000 | ---D | M] -- H:\ProgramData\DAEMON Tools Lite
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2012/04/15 09:06:42 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2012/06/11 13:12:00 | 000,000,000 | ---D | M] -- H:\ProgramData\eBay
[2012/04/15 09:06:42 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2012/04/15 14:44:08 | 000,000,000 | ---D | M] -- H:\ProgramData\firebird
[2013/01/13 12:10:22 | 000,000,000 | ---D | M] -- H:\ProgramData\MFAData
[2012/07/14 09:46:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Samsung
[2012/07/14 18:43:26 | 000,000,000 | ---D | M] -- H:\ProgramData\SlySoft
[2012/12/20 08:03:30 | 000,000,000 | ---D | M] -- H:\ProgramData\Sony
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2012/04/15 09:06:42 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2012/10/28 06:43:08 | 000,000,000 | ---D | M] -- H:\ProgramData\Tages
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2012/04/15 09:06:42 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2012/11/10 05:38:21 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
Extras.txt OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 09.08.2012 23:09:29 - Run 2
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Users\Network\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4,00 Gb Total Physical Memory | 2,44 Gb Available Physical Memory | 60,99% Memory free
8,00 Gb Paging File | 5,79 Gb Available in Paging File | 72,40% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 45,74 Gb Total Space | 11,33 Gb Free Space | 24,78% Space Free | Partition Type: NTFS
Drive D: | 48,83 Gb Total Space | 35,77 Gb Free Space | 73,26% Space Free | Partition Type: NTFS
Drive E: | 97,66 Gb Total Space | 54,50 Gb Free Space | 55,81% Space Free | Partition Type: NTFS
Drive F: | 78,12 Gb Total Space | 7,83 Gb Free Space | 10,02% Space Free | Partition Type: NTFS
Drive G: | 195,31 Gb Total Space | 12,55 Gb Free Space | 6,43% Space Free | Partition Type: NTFS
Computer Name: CRAY-6 | User Name: Network | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BF72E6-0061-450A-B98C-D202709E5FB5}" = rport=137 | protocol=17 | dir=out | app=system |
"{01ABDCBB-6C23-4102-9D60-2C2B1BDD70A7}" = lport=137 | protocol=17 | dir=in | app=system |
"{14CB055D-E42A-4508-8E3D-00AC5A03BE21}" = rport=10243 | protocol=6 | dir=out | app=system |
"{14DF7C8E-FA9C-4A79-A6C7-48B173D854B4}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{15A7470C-968B-43E1-B2C6-3EA8BBC0D595}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{1F3729A4-1236-4CD9-A232-A2EA7B2B60DA}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{2810F6F3-82C1-45DA-B82D-AC97DFF6BF2D}" = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
"{4BB2290D-EF09-4161-AFC8-D74D3E8FD9F2}" = lport=139 | protocol=6 | dir=in | app=system |
"{4CCEF8FD-216E-4096-ABA2-A83B0D986FC4}" = rport=138 | protocol=17 | dir=out | app=system |
"{5CB79C3A-2CF5-41BA-9BA8-5A9FB64CAD45}" = rport=445 | protocol=6 | dir=out | app=system |
"{6CAD708F-3722-4824-B011-919632B6C422}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7179AA44-199B-4562-A5DF-22A7764AAFBA}" = lport=2869 | protocol=6 | dir=in | app=system |
"{778793BB-C12F-4046-BC59-1CC7DAAFD6E3}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{79EA582A-DFA6-4A86-A974-D23E5B0F974E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7CE573B8-D644-46D8-9852-FF9CD776175F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7D6552A2-7AAF-4603-8850-AFFA017BB622}" = rport=139 | protocol=6 | dir=out | app=system |
"{9BFE71B8-3AB8-40B1-B8EC-BA1A2E6B50A8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BEB5E234-37E4-44BE-94E3-5A519A7EC234}" = lport=445 | protocol=6 | dir=in | app=system |
"{CC9EF6C0-3DDD-4D0A-8C10-F5D56FA548EF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{DA51A95C-F5B5-42C4-AC64-4C9E37245CE5}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F47CAF3A-635F-4236-BBBF-C1AC378B89A7}" = lport=138 | protocol=17 | dir=in | app=system |
"{FC6C47FF-2B22-45E6-964B-0BD0E307FFB6}" = lport=10243 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{06C3C1BA-FBFA-4A0C-9066-445683CBC574}" = protocol=6 | dir=out | app=system |
"{0821FAB9-347C-4967-A796-2FC85E0501AA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{0B13A8EF-3432-4068-BA58-6DB1B51972A8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{0E9CA357-F96C-4FBE-B11F-E4D4920931B7}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1674A57F-D24D-4AF9-9A35-8E8F43B63623}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{1B29D7C5-95D2-4E97-8245-811F4010D50A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E233942-08F8-4BF5-9D34-A9894DA9EFDF}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{21DFBB8C-2A60-483B-A521-C7A716CBA8F7}" = protocol=17 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{27D10590-5677-4179-9BDA-710435B8E32A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{37A67C97-4C2D-427E-A055-DE33338469AB}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4BF92D91-19D6-4668-8B09-4921B4C8DC8B}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{50317726-37EB-46B5-96C4-B3CFB198D784}" = protocol=6 | dir=in | app=d:\steam\steamapps\sheldongreenwald\counter-strike\hl.exe |
"{6D29D054-52A9-4A28-A7D0-54BDC40AD176}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{7C123957-3507-44A9-9083-DD5ACABEDCE8}" = protocol=17 | dir=in | app=d:\steam\steamapps\sheldongreenwald\counter-strike\hl.exe |
"{7CD4DBD5-19AC-4F95-8E73-9C4256123710}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{7EAA0AB9-76FE-4362-AB57-3D472BBB088F}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsvsvr.exe |
"{7EE41EA0-F940-4C51-9192-0E3B95C5C78E}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{8732EA5D-E27E-451C-8B62-03D2F54ADFDF}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{8C617076-4468-4A20-8154-DFCD95F80054}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
"{9CD5BB23-99EF-41B7-9AA6-D04BB1416518}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9E0B815C-69D2-4924-949F-3CF69FEE4D5E}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B94FE790-8FB6-4360-8A9D-4583819C64ED}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{B9F5F778-BA84-477F-AECC-95DF042F9046}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{C497EF1B-18B6-4B10-8A3C-5DEDC9A2E093}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C7BD9285-C84A-46DB-BF1F-0D3E6358E25F}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2012\avgmfapx.exe |
"{C80F672E-7814-4AD8-9472-8B13D4ED6BF5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C9E09F82-85D8-47DF-9F62-21B6CD743C6C}" = protocol=6 | dir=in | app=d:\steam\steamapps\sheldongreenwald\counter-strike\hl.exe |
"{D80C011C-8A1C-4CBF-AFF2-F444257D34A8}" = protocol=6 | dir=in | app=c:\program files (x86)\samsung\samsung new pc studio\npsasvr.exe |
"{DA13BD8F-AEE2-439C-8960-8CFDB1D2D69E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E7CB673D-3067-4DDC-B448-58301ABFDB01}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{F34A5507-215B-4CA1-B289-75505058B51C}" = dir=in | app=c:\program files (x86)\skype\phone\skype.exe |
"{F3A88BCD-104D-43A0-A0F7-D9FE8B9BC72C}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2012\avgdiagex.exe |
"{F96C6E30-D132-4910-A185-670AA90AA6AE}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{FBF6D860-351C-4B7E-B795-6723C60BCB5A}" = protocol=17 | dir=in | app=d:\steam\steamapps\sheldongreenwald\counter-strike\hl.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06DB2C4C-DC29-DA42-3B00-5581CBF545BB}" = AMD Drag and Drop Transcoding
"{071c9b48-7c32-4621-a0ac-3f809523288f}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13815D81-44B6-7ADA-2A41-FFFC64DD6FAB}" = ccc-utility64
"{23170F69-40C1-2702-0920-000001000000}" = 7-Zip 9.20 (x64 edition)
"{3987279A-3504-2916-D063-741B910F0747}" = AMD Accelerated Video Transcoding
"{3C8159DD-1890-4625-A5B2-E3D8D78D4486}" = AVG 2012
"{3D33F6F0-4D90-484D-A1D9-09AE791CCBD9}" = Eraser 6.0.9.2343
"{503F672D-6C84-448A-8F8F-4BC35AC83441}" = AMD APP SDK Runtime
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{7C5CAFD6-F51C-0011-410B-001EF3E342A7}" = AMD Media Foundation Decoders
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{9005CF63-F082-65AD-7431-7EBF31642279}" = AMD Fuel
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{90CB2C55-426D-0752-968D-9B0F1110202A}" = AMD Catalyst Install Manager
"{A108BD40-0A8C-4385-8874-74C4B6086CC3}" = AVG 2012
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{D6AB1F5B-FED6-49A9-9747-327BD28FB3C7}" = COMODO Internet Security
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX 64-bit
"AVG" = AVG 2012
"GIMP-2_is1" = GIMP 2.8.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"sp6" = Logitech SetPoint 6.32
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"WinRAR archiver" = WinRAR 4.11 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{03534DA5-2F88-4B8E-A978-849B979E1B8F}" = TuxGuitar
"{0A590981-75A9-B968-4A29-718E5A8E1416}" = CCC Help Dutch
"{0E6B8EA7-4FDF-F730-8F28-05720874BE71}" = CCC Help Chinese Traditional
"{1003E625-BE5B-390B-7B60-D483D0B75A26}" = CCC Help Russian
"{166B4302-7EE0-11D5-AAD9-00047625E378}" = Foxy HOTAS Cougar Edition v4.0
"{1690611F-D4EA-A00D-DAAD-91D216869679}" = CCC Help Polish
"{196467F1-C11F-4F76-858B-5812ADC83B94}" = MSXML 4.0 SP3 Parser
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{20D4A895-748C-4D88-871C-FDB1695B0169}" = Platform
"{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31
"{26EED5E6-EC40-35A9-602A-C3CF03A9C1E6}" = CCC Help Portuguese
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2C33E65D-9187-8F2E-40D8-BD9E24E341FB}" = CCC Help Italian
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{31A559C1-9E4D-423B-9DD3-34A6C5398752}" = HTC BMP USB Driver
"{36B6FF8B-38E3-E64C-F840-75F6AAEBE3EA}" = Catalyst Control Center Graphics Previews Common
"{38F6C932-2274-4897-479D-03AA6BA5B567}" = CCC Help Turkish
"{3AB00888-CA03-0BFD-3F3C-C877767192B0}" = CCC Help Swedish
"{3ACA2563-E786-BDD4-C87B-09909BB3F61C}" = CCC Help Thai
"{3BC2C64B-0DA0-974B-6311-AED4F3711DCE}" = CCC Help Danish
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{47FA2C44-D148-4DBC-AF60-B91934AA4842}" = Adobe AIR
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5BAC4DE5-4062-EE34-3337-5F92FE5D5032}" = CCC Help Spanish
"{6D6664A9-3342-4948-9B7E-034EFE366F0F}" = HTC Driver Installer
"{7ADCABE0-E651-6EA5-5128-26E203DAA5E1}" = CCC Help Korean
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8F80DAA3-8A1D-09E9-57E6-DB0223CF2CE4}" = CCC Help French
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.SingleImage_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.SingleImage_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB77DFDE-9949-4AEF-B180-BE322C3E65D0}" = HTC Sync
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AFC71277-DE19-6505-8CBC-71D29163F44A}" = CCC Help German
"{B0F2127F-BCF3-42F1-808A-1DFB41D6C400}" = Thrustmaster Hotas Cougar Drivers
"{B3406262-5701-E9CC-D6B3-BA38C34125A9}" = CCC Help English
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{BBC2068D-CE9C-48F5-A6EA-4B44B9DB14A5}" = Catalyst Control Center - Branding
"{C0FFF484-B2C2-48C5-81F3-5500F196BEE7}" = Guitar and Drum Trainer v4
"{C5B6078F-5D37-A122-2E6E-EDC623E8C787}" = CCC Help Czech
"{C7068E1F-22C6-9408-7B24-584F32F66D70}" = CCC Help Finnish
"{C87B855D-DD8F-E419-C640-34936E813EA9}" = CCC Help Greek
"{CC2BAF9A-926F-791D-772C-F582CD8A47B0}" = Catalyst Control Center InstallProxy
"{CE1CA06F-0AD8-CA2A-3A3A-872E8191C198}" = CCC Help Norwegian
"{CECECCED-B7F3-B1A3-3241-0C5D775F8E70}" = CCC Help Chinese Standard
"{D3CEF909-78DC-9D3D-37BD-52F5324C01DA}" = CCC Help Hungarian
"{DF7DBA84-0A55-11D6-A0A6-6A7573736972}" = Polar ProTrainer
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.9
"{F1EA61A2-B88F-44AD-3143-419ECB6C7E9A}" = CCC Help Japanese
"{F6567C5A-C3EA-2E05-E89E-C8C52E33150D}" = AMD VISION Engine Control Center
"{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49}" = Visual Studio 2008 x64 Redistributables
"{FE54AF33-9364-7053-670F-A15AD658214C}" = Catalyst Control Center Localization All
"5513-1208-7298-9440" = JDownloader 0.9
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AnyDVD" = AnyDVD
"ASRock IES_is1" = ASRock IES v2.0.84
"Balkans" = Balkans
"BalkansTheater" = BalkansTheater
"DAEMON Tools Lite" = DAEMON Tools Lite
"DivX Setup" = DivX-Setup
"Falcon BMS 4.32" = Falcon BMS 4.32
"ffdshow_is1" = ffdshow v1.1.3572 [2010-09-13]
"foobar2000" = foobar2000 v1.1.11
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 2.2
"FreeFalcon6" = FreeFalcon6
"InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169}" = VIA Plattform-Geräte-Manager
"IrfanView" = IrfanView (remove only)
"ITO2" = ITO2
"MailStore Home_universal1" = MailStore Home 5.0.1.6919
"MozBackup" = MozBackup 1.5.1
"Mozilla Firefox 14.0.1 (x86 de)" = Mozilla Firefox 14.0.1 (x86 de)
"Mozilla Thunderbird 14.0 (x86 de)" = Mozilla Thunderbird 14.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.SingleImage" = Microsoft Office Professional 2010
"StreamTorrent 1.0" = StreamTorrent 1.0
"VLC media player" = VLC media player 2.0.0
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
< End of report >
|
|
13.01.2013, 23:24
| #4 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglichZitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
13.01.2013, 23:28
| #5 |
| | GVU Trojaner abgesicherter Modus nicht möglich Es ist eine über die Uni bezogene Lizenz. |
|
13.01.2013, 23:46
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglich Mach einen OTL-Fix über OTLPE, starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Hinweis: Falls Du Deinen Benutzernamen unkenntlich gemacht hast, musst Du das Ausgesternte in Deinen richtigen Benutzernamen wieder verwandeln, sonst funktioniert das Script nicht!! Code:
ATTFilter :OTL
O20 - HKU\***_ON_H Winlogon: Shell - (C:\Users\***\AppData\Roaming\skype.dat) - H:\Users\***\AppData\Roaming\skype.dat ()
:Files
H:\Users\***\AppData\Roaming\skype.dat
:Commands
[purity]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann! Danach sollte Windows wieder normal starten - stell uns bitte den Quarantäneordner von OTL zur Verfügung. Dabei bitte so vorgehen: 1.) GANZ WICHTIG!! Virenscanner deaktivieren, der darf das Packen nicht beeinträchtigen! 2.) Ordner movedfiles in C:\_OTL in eine Datei zippen 3.) Die erstellte ZIP-Datei hier hochladen => http://www.trojaner-board.de/54791-a...ner-board.html Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! 4.) Wenns erfolgreich war Bescheid sagen 5.) Erst dann wieder den Virenscanner einschalten
__________________ --> GVU Trojaner abgesicherter Modus nicht möglich |
|
14.01.2013, 00:34
| #7 |
| | GVU Trojaner abgesicherter Modus nicht möglich War irgendwie blöd und habe einen Eintrag vergessen zu ersetzen. Habe deshalb 2 mal gefixt und 2 Logfiles. Windows 7 fährt auch wieder normal hoch. Bin ich jetzt den Trojaner los, oder muss ich noch etwas tun. Vielen Dank schonmal! Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\***_ON_H\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\skype.dat deleted successfully.
File H:\Users\***\AppData\Roaming\skype.dat not found.
========== FILES ==========
H:\Users\***\AppData\Roaming\skype.dat moved successfully.
========== COMMANDS ==========
H:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 01142013_000240
Code:
ATTFilter ========== OTL ==========
Registry value HKEY_USERS\***_ON_H\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\***\AppData\Roaming\skype.dat deleted successfully.
File H:\Users\***\AppData\Roaming\skype.dat not found.
========== FILES ==========
File\Folder H:\Users\***\AppData\Roaming\skype.dat not found.
========== COMMANDS ==========
H:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTLPE by OldTimer - Version 3.1.48.0 log created on 01142013_000403
|
|
14.01.2013, 08:44
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglich Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Malwarebytes Anti-Rootkit  Downloade dir bitte Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 16:45
| #9 |
| | GVU Trojaner abgesicherter Modus nicht möglich Malware Anti-Rootkit gibt mir eine Warnung. Soll ich nun Ja oder Nein klicken? |
|
14.01.2013, 21:34
| #10 |
| | GVU Trojaner abgesicherter Modus nicht möglich Ich habe mich einfach an die Anweisung des Programmes gehalten. Hier die Logfiles: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: *** [administrator]
14.01.2013 21:15:09
mbar-log-2013-01-14 (21-15-09).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29366
Time elapsed: 7 minute(s), 24 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 1
HKCU\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\WINLOGON|shell (Trojan.Agent.RNS) -> Data: explorer.exe,C:\Users\***\AppData\Roaming\skype.dat -> Delete on reboot.
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 1
c:\Users\***\AppData\Roaming\hellomoto (Trojan.Ransom.FGen) -> Delete on reboot.
Files Detected: 3
c:\Users\***\AppData\Local\Temp\vgunv9d24jrq155kwx78dl.exe (Trojan.Winlock) -> Delete on reboot.
c:\Users\***\AppData\Roaming\hellomoto\TujP.dat (Trojan.Ransom.FGen) -> Delete on reboot.
c:\Users\***\AppData\Roaming\hellomoto\BukF.dat (Trojan.Ransom.FGen) -> Delete on reboot.
(end)
Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1016
www.malwarebytes.org
Database version: v2013.01.14.09
Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
*** :: **** [administrator]
14.01.2013 21:28:02
mbar-log-2013-01-14 (21-28-02).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29362
Time elapsed: 8 minute(s), 34 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
14.01.2013, 22:24
| #11 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglich Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 22:44
| #12 |
| | GVU Trojaner abgesicherter Modus nicht möglich Hier das Log von ComboFix: Code:
ATTFilter ComboFix 13-01-14.01 - *** 14.01.2013 22:31:23.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.4095.2448 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: COMODO Firewall *Enabled* {7DB03214-694B-060B-1600-BD4715C36DBB}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{9639A19D-40C2-4DAA-B263-32EE1A3B58EA}.xps
c:\users\***\AppData\Roaming\skype.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-14 bis 2013-01-14 ))))))))))))))))))))))))))))))
.
.
2013-01-14 21:36 . 2013-01-14 21:36 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-14 21:36 . 2013-01-14 21:36 -------- d-----w- c:\users\Network\AppData\Local\temp
2013-01-14 05:02 . 2013-01-14 05:02 -------- d-----w- C:\_OTL
2013-01-13 21:43 . 2013-01-14 20:05 -------- d-----w- c:\users\Network\AppData\Roaming\vlc
2013-01-13 21:10 . 2013-01-13 21:10 -------- d-----w- c:\users\Network\AppData\Roaming\IrfanView
2013-01-13 20:30 . 2013-01-13 20:30 -------- d-----w- c:\users\Network\AppData\Roaming\LSoft Technologies
2013-01-13 20:30 . 2013-01-13 20:30 -------- d-----w- c:\users\Network\AppData\Roaming\InstallShield Installation Information
2013-01-10 15:04 . 2013-01-10 15:04 -------- d-----w- c:\program files (x86)\Hewlett-Packard
2013-01-09 20:38 . 2013-01-09 20:38 -------- d-----w- c:\users\Network\AppData\Local\AVG Secure Search
2013-01-09 20:38 . 2013-01-09 20:38 -------- d-----w- c:\users\Network\AppData\Roaming\AVG2013
2013-01-09 20:37 . 2013-01-13 17:19 -------- d-----w- c:\users\Network\AppData\Local\Avg2013
2013-01-09 16:20 . 2012-09-18 14:27 65024 ----a-w- c:\windows\system32\Spool\prtprocs\x64\PPhp1020.DLL
2013-01-09 16:20 . 2012-09-18 14:27 192512 ----a-w- c:\windows\system32\ZLhp1020.DLL
2013-01-09 16:20 . 2012-09-18 14:27 501760 ----a-w- c:\windows\system32\ZSHP1020.EXE
2013-01-09 15:21 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-12-21 13:21 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:21 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-21 13:21 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:21 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-20 20:51 . 2012-12-20 21:06 -------- d-----w- c:\program files (x86)\Virtual Dub
2012-12-20 13:18 . 2012-12-20 13:18 -------- d-----w- c:\users\***\AppData\Local\Programs
2012-12-20 13:06 . 1999-11-19 14:49 265797 ----a-w- c:\windows\SysWow64\pdvcodec.dll
2012-12-20 13:06 . 1999-11-19 14:49 265797 ----a-w- c:\windows\system32\pdvcodec.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-11 12:41 . 2012-04-15 18:13 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-11 12:41 . 2012-04-15 18:13 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 16:19 . 2012-04-15 14:32 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-13 21:58 . 2012-04-16 20:35 112640 ----a-w- c:\windows\SysWow64\ff_vfw.dll
2012-12-09 23:59 . 2012-12-09 23:59 231376 ----a-w- c:\windows\system32\drivers\truecrypt.sys
2012-12-04 09:12 . 2012-12-04 09:12 247296 ----a-w- c:\windows\system32\zshp1020s.dll
2012-11-30 04:45 . 2013-01-09 15:21 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-15 22:33 . 2012-11-15 22:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-14 07:06 . 2012-12-12 21:20 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-11-14 06:32 . 2012-12-12 21:20 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-11-14 06:11 . 2012-12-12 21:20 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-11-14 06:04 . 2012-12-12 21:20 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-11-14 06:04 . 2012-12-12 21:20 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-11-14 06:02 . 2012-12-12 21:20 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-11-14 06:02 . 2012-12-12 21:20 237056 ----a-w- c:\windows\system32\url.dll
2012-11-14 05:59 . 2012-12-12 21:20 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-11-14 05:58 . 2012-12-12 21:20 816640 ----a-w- c:\windows\system32\jscript.dll
2012-11-14 05:57 . 2012-12-12 21:20 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-11-14 05:57 . 2012-12-12 21:20 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-11-14 05:55 . 2012-12-12 21:20 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-11-14 05:55 . 2012-12-12 21:20 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-11-14 05:53 . 2012-12-12 21:20 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-11-14 05:52 . 2012-12-12 21:20 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-14 05:46 . 2012-12-12 21:20 248320 ----a-w- c:\windows\system32\ieui.dll
2012-11-14 02:09 . 2012-12-12 21:20 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-11-14 01:58 . 2012-12-12 21:20 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-11-14 01:57 . 2012-12-12 21:20 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-11-14 01:49 . 2012-12-12 21:20 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-11-14 01:48 . 2012-12-12 21:20 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-11-14 01:44 . 2012-12-12 21:20 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-12 19:23 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-12 19:23 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-11-08 14:14 . 2012-09-25 15:41 30568 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-11-07 23:38 . 2012-02-03 17:27 94288 ----a-w- c:\windows\system32\drivers\inspect.sys
2012-11-07 23:38 . 2012-03-11 19:13 38144 ----a-w- c:\windows\system32\drivers\cmdhlp.sys
2012-11-07 23:37 . 2012-03-11 19:13 584056 ----a-w- c:\windows\system32\drivers\cmdGuard.sys
2012-11-07 23:37 . 2012-03-11 19:13 22736 ----a-w- c:\windows\system32\drivers\cmderd.sys
2012-11-07 23:37 . 2012-03-11 19:13 41240 ----a-w- c:\windows\system32\cmdcsr.dll
2012-11-07 23:37 . 2012-03-11 19:13 301264 ----a-w- c:\windows\SysWow64\guard32.dll
2012-11-07 23:37 . 2012-03-11 19:13 390392 ----a-w- c:\windows\system32\guard64.dll
2012-11-02 05:59 . 2012-12-12 19:23 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-11-02 05:11 . 2012-12-12 19:23 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-10-27 19:45 . 2012-10-27 19:45 43680 ----a-w- c:\windows\system32\drivers\lirsgt.sys
2012-10-27 19:45 . 2012-10-27 19:45 314016 ----a-w- c:\windows\system32\drivers\atksgt.sys
2012-10-22 12:02 . 2012-10-22 12:02 154464 ----a-w- c:\windows\system32\drivers\avgidsdrivera.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}]
2012-11-08 14:14 1796552 ----a-w- c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{95B7759C-8C7F-4BF1-B163-73684A933233}"= "c:\program files (x86)\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll" [2012-11-08 1796552]
.
[HKEY_CLASSES_ROOT\clsid\{95b7759c-8c7f-4bf1-b163-73684a933233}]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj.1]
[HKEY_CLASSES_ROOT\AVG Secure Search.PugiObj]
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AMD AVT"="start AMD Accelerated Video Transcoding device initialization" [X]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-03-09 636032]
"HDAudDeck"="c:\program files (x86)\VIA\VIAudioi\VDeck\VDeck.exe" [2009-09-21 2583040]
"HTC Sync Loader"="c:\program files (x86)\HTC\HTC Sync 3.0\htcUPCTLoader.exe" [2012-04-17 651264]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"TkBellExe"="c:\program files (x86)\Real\RealPlayer\update\realsched.exe" [2012-08-24 296096]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2012-11-08 997320]
"ROC_ROC_NT"="c:\program files (x86)\AVG Secure Search\ROC_ROC_NT.exe" [2012-09-25 856160]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
"Z1"="c:\users\***\Desktop\mbar\mbar.exe" [2013-01-09 1356360]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
IES.lnk - c:\program files (x86)\ASRock Utility\IES\AsrIes.exe [2012-4-15 7989768]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)
"PromptOnSecureDesktop"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Shell"="Explorer.exe,c:\progra~3\dsgsdgdsgdsgw.bat"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\guard32.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2010-06-25 36928]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 STTub203;Thrustmaster HOTAS USB Bulk In;c:\windows\system32\Drivers\STTub203.sys [2007-05-02 33280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 w32n5223;w32n5223 Protocol Driver;c:\progra~2\T-COM\T-COMW~1\INSTAL~1\WINXP\w32n5223.SYS [x]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2012-11-08 30568]
S1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\DRIVERS\cmdguard.sys [2012-11-07 584056]
S1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\DRIVERS\cmdhlp.sys [2012-11-07 38144]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-04-16 283200]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-03-09 235520]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-03-08 361984]
S2 AODDriver4.1;AODDriver4.1;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-01-03 55936]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-03-23 87040]
S2 vToolbarUpdater13.2.0;vToolbarUpdater13.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe [2012-11-08 711112]
S3 amdiox64;AMD IO Driver;c:\windows\system32\DRIVERS\amdiox64.sys [2010-02-18 46136]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2011-12-05 95248]
S3 IesDrv;IesDrv;c:\windows\SysWOW64\Drivers\IesDrv.sys [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2009-09-17 1250816]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - IESDRV
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 13:30]
.
2013-01-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-04-18 13:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2012-06-30 04:19 97792 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt64.14.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2012-11-07 9577680]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2011-10-07 1744152]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\guard64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: Interfaces\{312C9827-FE6E-41FF-A1A6-E76B91DADFBE}: NameServer = 192.168.2.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pqz1g91c.default\
FF - prefs.js: browser.search.selectedEngine - Web Search
FF - prefs.js: browser.startup.homepage - google.de
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q=
FF - user.js: extensions.BabylonToolbar_i.babTrack - affID=111304&tt=3412_3
FF - user.js: extensions.BabylonToolbar_i.babExt -
FF - user.js: extensions.BabylonToolbar_i.srcExt - ss
FF - user.js: extensions.BabylonToolbar.tlbrSrchUrl - hxxp://www.google.com/search?babsrc=TB_ggl&q=
FF - user.js: extensions.BabylonToolbar.id - f8bb17ad00000000000000252205cc7b
FF - user.js: extensions.BabylonToolbar.instlDay - 15576
FF - user.js: extensions.BabylonToolbar.vrsn - 1.6.4.6
FF - user.js: extensions.BabylonToolbar.vrsni - 1.6.4.6
FF - user.js: extensions.BabylonToolbar_i.vrsnTs - 1.6.4.617:13
FF - user.js: extensions.BabylonToolbar.prtnrId - babylon
FF - user.js: extensions.BabylonToolbar.prdct - BabylonToolbar
FF - user.js: extensions.BabylonToolbar.aflt - babsst
FF - user.js: extensions.BabylonToolbar_i.smplGrp - none
FF - user.js: extensions.BabylonToolbar.tlbrId - base
FF - user.js: extensions.BabylonToolbar.instlRef - sst
FF - user.js: extensions.BabylonToolbar.dfltLng - en
FF - user.js: extensions.BabylonToolbar.excTlbr - false
FF - user.js: extensions.BabylonToolbar.admin - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKCU-Run-ASRockIES - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
HKLM-Run-TaskSchdPS - (no file)
AddRemove-Falcon BMS 4.32 - f:\falcon bms 4.32 setup\Setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_235_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_235.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-14 22:39:48
ComboFix-quarantined-files.txt 2013-01-14 21:39
.
Vor Suchlauf: 6.348.980.224 Bytes frei
Nach Suchlauf: 7.266.414.592 Bytes frei
.
- - End Of File - - FC6AC95EAFF11C7DAAFF818F5C488C14
|
|
14.01.2013, 23:16
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglich adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
14.01.2013, 23:22
| #14 |
| | GVU Trojaner abgesicherter Modus nicht möglich Ich bin ja erstaunt wie viele Tools es gibt. Das Log des AdwCleaners: Code:
ATTFilter # AdwCleaner v2.105 - Datei am 14/01/2013 um 23:18:15 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : *** - ****
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\avg-secure-search.xml
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gefunden : C:\Program Files (x86)\AVG Secure Search
Ordner Gefunden : C:\Program Files (x86)\Common Files\AVG Secure Search
Ordner Gefunden : C:\ProgramData\AVG Secure Search
Ordner Gefunden : C:\Users\***\AppData\Local\AVG Secure Search
Ordner Gefunden : C:\Users\***\AppData\LocalLow\AVG Secure Search
Ordner Gefunden : C:\Users\***\AppData\LocalLow\boost_interprocess
Ordner Gefunden : C:\Users\***\AppData\Roaming\OpenCandy
Ordner Gefunden : C:\Users\***\AppData\Roaming\pdfforge
Ordner Gefunden : C:\Users\Network\AppData\Local\AVG Secure Search
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AVG Secure Search
Schlüssel Gefunden : HKCU\Software\Conduit
Schlüssel Gefunden : HKCU\Software\Microsoft\Babylon
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\Software\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{1FDFF5A2-7BB1-48E1-8081-7236812B12B2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{35C1605E-438B-4D64-AAB1-8885F097A9B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BB711CB0-C70B-482E-9852-EC05EBD71DBB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ScriptHelper.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\ViProtocol.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.BrowserWndAPI.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AVG Secure Search.PugiObj.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\b
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\viprotocol
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ScriptHelper.ScriptHelperApi.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{74FB6AFD-DD77-4CEB-83BD-AB2B63E63C93}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{9C049BA6-EA47-4AC3-AED6-A66D8DC9E1D8}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\ViProtocol.ViProtocolOLE.1
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASAPI32
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\MyBabylontb_RASMANCS
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{C6FDD0C3-266A-4DC3-B459-28C697C44CDC}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{B658800C-F66E-4EF3-AB85-6C0C227862A9}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F25AF245-4A81-40DC-92F9-E9021F207706}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\AVG Secure Search
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{AE07101B-46D4-4A98-AF68-0333EA26E113}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{03E2A1F3-4402-4121-8B35-733216D61217}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{4E92DB5F-AAD9-49D3-8EAB-B40CBE5B1FF7}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{9E3B11F6-4179-4603-A71B-A55F4BCB0BEC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
Schlüssel Gefunden : HKU\S-1-5-21-4124624644-3864909749-2785496332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-4124624644-3864909749-2785496332-1000\Software\Microsoft\Internet Explorer\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\Extensions [Avg@toolbar]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{95B7759C-8C7F-4BF1-B163-73684A933233}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{AE07101B-46D4-4A98-AF68-0333EA26E113}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=DE&userid=c845488d-7f60-4aee-be0e-a724cb80decc&searchtype=ds&q={searchTerms}
-\\ Mozilla Firefox v18.0 (de)
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\pqz1g91c.default\prefs.js
Gefunden : user_pref("browser.search.defaultenginename", "AVG Secure Search");
Gefunden : user_pref("browser.search.selectedEngine", "Web Search");
Gefunden : user_pref("extensions.BabylonToolbar.admin", false);
Gefunden : user_pref("extensions.BabylonToolbar.aflt", "babsst");
Gefunden : user_pref("extensions.BabylonToolbar.dfltLng", "en");
Gefunden : user_pref("extensions.BabylonToolbar.excTlbr", false);
Gefunden : user_pref("extensions.BabylonToolbar.id", "f8bb17ad00000000000000252205cc7b");
Gefunden : user_pref("extensions.BabylonToolbar.instlDay", "15576");
Gefunden : user_pref("extensions.BabylonToolbar.instlRef", "sst");
Gefunden : user_pref("extensions.BabylonToolbar.prdct", "BabylonToolbar");
Gefunden : user_pref("extensions.BabylonToolbar.prtnrId", "babylon");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrId", "base");
Gefunden : user_pref("extensions.BabylonToolbar.tlbrSrchUrl", "hxxp://www.google.com/search?babsrc=TB_ggl&q=");
Gefunden : user_pref("extensions.BabylonToolbar.vrsn", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar.vrsni", "1.6.4.6");
Gefunden : user_pref("extensions.BabylonToolbar_i.babExt", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.babTrack", "affID=111304&tt=3412_3");
Gefunden : user_pref("extensions.BabylonToolbar_i.newTab", true);
Gefunden : user_pref("extensions.BabylonToolbar_i.newTabUrl", "");
Gefunden : user_pref("extensions.BabylonToolbar_i.smplGrp", "none");
Gefunden : user_pref("extensions.BabylonToolbar_i.srcExt", "ss");
Gefunden : user_pref("extensions.BabylonToolbar_i.vrsnTs", "1.6.4.617:13:55");
Gefunden : user_pref("extensions.helperbar.SmartbarDisabled", true);
Gefunden : user_pref("extensions.helperbar.SmartbarStateMinimaized", false);
Gefunden : user_pref("keyword.URL", "hxxp://feed.snap.do/?publisher=SnapdoIMonetizer&dpid=SnapdoIMonetizer&co=D[...]
*************************
AdwCleaner[R1].txt - [10015 octets] - [14/01/2013 23:18:15]
########## EOF - C:\AdwCleaner[R1].txt - [10076 octets] ##########
|
|
15.01.2013, 09:30
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GVU Trojaner abgesicherter Modus nicht möglich adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GVU Trojaner abgesicherter Modus nicht möglich |
| abgesicherte, abgesicherten, abgesicherten modus, abgesicherter, abgesicherter modus, abgesicherter modus nicht möglich, benutzerkonto, bootfähige, grüss, gvu trojaner, gvu trojaner abgesicherter modus, gvu trojaner abgesicherter modus nicht möglich, infiziert, infizierte, modus, nicht mehr, nicht möglich, otlpe, probiert, sofort, starte, startet, troja, trojaner, weiterhelfen, win, win7 |
Linear-Darstellung
