Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart

runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart


Plagegeister aller Art und deren Bekämpfung: runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 03.02.2013, 18:41   #1
juatandi
 
runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart - Standard

runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart


Hi,

ich habe mir gestern den im Betreff beschriebenen Virus gefangen; zunächst angezeigt im G-Data Virenscanner und trotz Quarantänebefehls eingenistet.

Ich habe ihn nach Einlesen über das Läppie meiner Frau im Autostart deaktivieren können, möchte ihn jedoch ganz eliminieren.

Zunächst die Logs:

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 17:14 on 03/02/2013 (Geschäft)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-

Code:
ATTFilter
OTL logfile created on: 03.02.2013 17:14:48 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Geschäft\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
8,00 Gb Total Physical Memory | 5,50 Gb Available Physical Memory | 68,72% Memory free
15,99 Gb Paging File | 13,33 Gb Available in Paging File | 83,36% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 429,81 Gb Free Space | 46,15% Space Free | Partition Type: NTFS
 
Computer Name: ANDI | User Name: Geschäft | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.03 12:57:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Geschäft\Desktop\OTL.exe
PRC - [2013.01.26 21:30:44 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe
PRC - [2013.01.09 13:01:22 | 001,035,216 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe
PRC - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.29 05:20:10 | 001,475,096 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
PRC - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe
PRC - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe
PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
PRC - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe
PRC - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe
PRC - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
PRC - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\SysWOW64\PSIService.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2010.04.06 15:30:38 | 000,031,272 | ---- | M] () [On_Demand | Stopped] -- C:\Windows\SysNative\AppleChargerSrv.exe -- (AppleChargerSrv)
SRV - [2013.01.26 23:14:25 | 000,251,400 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.11.29 05:14:21 | 002,377,736 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFwSvcx64.exe -- (GDFwSvc)
SRV - [2012.11.29 05:08:54 | 002,012,592 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKWCtlX64.exe -- (AVKWCtl)
SRV - [2012.11.29 04:49:49 | 001,548,312 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\G Data\AVKProxy\AVKProxy.exe -- (AVKProxy)
SRV - [2012.11.29 04:47:08 | 000,469,016 | ---- | M] (G Data Software AG) [Auto | Running] -- C:\Program Files (x86)\G Data\InternetSecurity\AVK\AVKService.exe -- (AVKService)
SRV - [2012.10.10 21:23:42 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012.08.02 12:42:04 | 008,786,848 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_Tablet.exe -- (TabletServiceWacom)
SRV - [2012.08.02 12:42:04 | 000,565,152 | ---- | M] (Wacom Technology, Corp.) [Auto | Running] -- C:\Programme\Tablet\Wacom\Wacom_TouchService.exe -- (TouchServiceWacom)
SRV - [2012.06.11 15:22:16 | 000,240,208 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.06.11 15:22:16 | 000,193,616 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe -- (BBSvc)
SRV - [2012.03.29 03:42:27 | 000,470,008 | ---- | M] (G Data Software AG) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\G Data\GDScan\GDScan.exe -- (GDScan)
SRV - [2011.03.28 20:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.02.19 12:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009.08.24 13:38:06 | 000,068,136 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.11.09 21:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files (x86)\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007.06.05 12:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\SysWOW64\PSIService.exe -- (ProtexisLicensing)
SRV - [2007.05.31 16:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007.05.31 16:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.29 14:56:00 | 000,062,368 | ---- | M] (G Data Software AG) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PktIcpt.sys -- (GDPkIcpt)
DRV:64bit: - [2013.01.28 18:47:24 | 000,064,416 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\HookCentre.sys -- (HookCentre)
DRV:64bit: - [2013.01.28 18:47:00 | 000,126,880 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\MiniIcpt.sys -- (GDMnIcpt)
DRV:64bit: - [2013.01.28 18:47:00 | 000,065,008 | ---- | M] (G Data Software AG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\gdwfpcd64.sys -- (gdwfpcd)
DRV:64bit: - [2013.01.28 18:47:00 | 000,054,176 | ---- | M] (G Data Software AG) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\GDBehave.sys -- (GDBehave)
DRV:64bit: - [2012.06.21 14:12:00 | 000,068,512 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wachidrouter.sys -- (WacHidRouter)
DRV:64bit: - [2012.06.21 14:12:00 | 000,013,728 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hidkmdf.sys -- (hidkmdf)
DRV:64bit: - [2012.06.09 19:23:16 | 000,106,648 | ---- | M] (G Data Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\GRD.sys -- (GRD)
DRV:64bit: - [2012.05.22 13:07:18 | 000,015,736 | ---- | M] (Wacom Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wacomrouterfilter.sys -- (wacomrouterfilter)
DRV:64bit: - [2012.04.18 18:08:03 | 000,188,736 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.07 10:22:00 | 000,065,280 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronXHCI.sys -- (EtronXHCI)
DRV:64bit: - [2011.03.07 10:22:00 | 000,040,832 | ---- | M] (Etron Technology Inc) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\EtronHub3.sys -- (EtronHub3)
DRV:64bit: - [2011.01.13 12:58:30 | 000,413,800 | ---- | M] (Realtek                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011.01.10 17:16:08 | 000,021,104 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\AppleCharger.sys -- (AppleCharger)
DRV:64bit: - [2010.12.24 10:43:40 | 000,029,288 | -H-- | M] (Wondershare) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Apowersoft_AudioDevice.sys -- (Apowersoft_AudioDevice)
DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2009.12.22 01:26:36 | 000,038,456 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\usbfilter.sys -- (usbfilter)
DRV:64bit: - [2009.12.17 16:49:02 | 000,045,600 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\npusbio_x64.sys -- (npusbio)
DRV:64bit: - [2009.10.07 11:13:34 | 000,070,200 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2009.10.07 11:13:34 | 000,028,728 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2007.07.02 08:26:04 | 000,176,128 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SaiH0BAC.sys -- (SaiH0BAC)
DRV:64bit: - [2007.05.09 20:50:48 | 000,050,208 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LVUSBS64.sys -- (LVUSBS64)
DRV:64bit: - [2007.05.09 20:46:48 | 001,127,328 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LV302V64.SYS -- (PID_PEPI)
DRV:64bit: - [2007.05.09 20:46:36 | 000,016,032 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\lv302a64.sys -- (lvpepf64)
DRV - [2013.02.03 11:54:40 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.06.10 11:16:42 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.windowslive.de/startseite.aspx
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.afterwork-wellness.info [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.babybauchfoto.com/http [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.afterwork-wellness.info/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B1 20 1D EF 77 46 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {19FE483C-A4C3-414A-B536-BDBB61A3078C}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{19FE483C-A4C3-414A-B536-BDBB61A3078C}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7ADRA_deDE488
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <-loopback>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8888;https=127.0.0.1:8888
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF:64bit: - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll (Adobe Systems)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll ()
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files (x86)\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@wacom.com/wtPlugin,version=2.1.0.2: C:\Program Files (x86)\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\adobe.com/AdobeAAMDetect: C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll (Adobe Systems)
FF - HKCU\Software\MozillaPlugins\@unity3d.com/UnityPlayer,version=1.0: C:\Users\Geschäft\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll (Unity Technologies ApS)
FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.)
FF - HKCU\Software\MozillaPlugins\wacom.com/WacomTabletPlugin: C:\Program Files\TabletPlugins\npWacomTabletPlugin.dll (Wacom)
 
 
[2012.08.02 16:09:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (G Data BankGuard) - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files (x86)\Common Files\G DATA\AVKProxy\BanksafeBHO.dll (G Data Software AG)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Softonic Helper Object) - {E87806B5-E908-45FD-AF5E-957D83E58E68} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\bh\Softonic.dll (Softonic.com)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Softonic Toolbar) - {5018CFD2-804D-4C99-9F81-25EAEA2769DE} - C:\Program Files (x86)\Softonic\Softonic\1.6.4.3\SoftonicTlbr.dll (Softonic.com)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~2\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4:64bit: - HKLM..\Run: [Corel Photo Downloader] "C:\Program Files (x86)\Corel\Corel MediaOne\Corel Photo Downloader.exe" -startup File not found
O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS6ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [G Data AntiVirus Tray Application] C:\Program Files (x86)\G Data\InternetSecurity\AVKTray\AVKTray.exe (G Data Software AG)
O4 - HKLM..\Run: [GDFirewallTray] C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe (G Data Software AG)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKCU..\Run: [AdobeBridge]  File not found
O4 - HKCU..\Run: [RESTART_STICKY_NOTES] C:\Windows\System32\StikyNot.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~4\Office12\EXCEL.EXE/3000 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~4\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~4\Office12\REFIEBAR.DLL (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A1FB878-21AE-4F1A-A2D8-7F87680368AE}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.03 14:23:02 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\Desktop\Kim Lars
[2013.02.03 12:57:00 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Geschäft\Desktop\OTL.exe
[2013.02.03 12:28:08 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\StartEd Pro
[2013.02.03 12:28:07 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\StartEd
[2013.02.03 10:52:27 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{0A5A1C98-7C19-4431-B37D-47FD8BCA6E93}
[2013.02.02 23:44:16 | 000,000,000 | ---D | C] -- C:\Windows\pss
[2013.02.02 22:29:19 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\Desktop\schon rueber
[2013.02.02 19:05:54 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype
[2013.02.02 19:05:54 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
[2013.02.02 19:05:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype
[2013.02.02 09:54:46 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{FADACF9A-79EE-48EF-A897-A92923FF3825}
[2013.02.01 14:44:01 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{4144D4F2-EB83-4F0F-B041-87B6B9160A7E}
[2013.01.31 17:14:28 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{82B2F28E-30E5-4122-A95B-0FE311A0A662}
[2013.01.30 17:09:50 | 000,016,504 | ---- | C] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.30 15:15:28 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{4E10F33D-91C6-4737-BE9D-2B1A5DEAED63}
[2013.01.29 14:59:09 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{4A475983-D59C-44F6-AB23-0E986EFFCBA1}
[2013.01.28 15:26:38 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{2FDF62D3-2A54-4526-83F7-049A5F5585D7}
[2013.01.27 11:05:00 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{BB3F8CAE-3BC5-45BC-A701-A684C552E12B}
[2013.01.26 21:31:49 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{5A8EBA0F-9E99-45D7-9BBD-00641D0C831E}
[2013.01.06 07:35:49 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{85B57DD1-A8F9-487A-AEEF-F822866F5959}
[2013.01.05 11:44:47 | 000,000,000 | ---D | C] -- C:\Users\Geschäft\AppData\Local\{74DAB6E9-769E-4511-8299-B8CFA099B482}
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.03 17:14:02 | 000,000,000 | ---- | M] () -- C:\Users\Geschäft\defogger_reenable
[2013.02.03 17:14:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.03 17:09:03 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.02.03 14:22:13 | 000,065,973 | ---- | M] () -- C:\Users\Geschäft\Desktop\Vorschau3.png
[2013.02.03 14:20:22 | 000,078,213 | ---- | M] () -- C:\Users\Geschäft\Desktop\Vorschau2.png
[2013.02.03 14:17:30 | 000,070,909 | ---- | M] () -- C:\Users\Geschäft\Desktop\Vorschau.png
[2013.02.03 13:03:48 | 000,969,322 | ---- | M] () -- C:\Windows\SysWow64\sig.bin
[2013.02.03 13:03:48 | 000,051,749 | ---- | M] () -- C:\Windows\SysWow64\nmp.map
[2013.02.03 12:58:39 | 000,365,568 | ---- | M] () -- C:\Users\Geschäft\Desktop\gmer_2.0.18454.exe
[2013.02.03 12:57:00 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Geschäft\Desktop\OTL.exe
[2013.02.03 12:55:46 | 000,050,477 | ---- | M] () -- C:\Users\Geschäft\Desktop\Defogger.exe
[2013.02.03 12:28:09 | 000,000,991 | ---- | M] () -- C:\Users\Geschäft\Desktop\StartEd Pro.lnk
[2013.02.03 12:02:03 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 12:02:03 | 000,014,928 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.03 11:59:33 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.03 11:59:33 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.03 11:59:33 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.03 11:59:33 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.03 11:59:33 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.03 11:54:56 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.02.03 11:54:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.03 11:54:24 | 2145,300,479 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.30 17:09:50 | 000,016,504 | ---- | M] (G Data Software) -- C:\Windows\SysNative\drivers\GdPhyMem.sys
[2013.01.29 14:56:00 | 000,062,368 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\PktIcpt.sys
[2013.01.28 18:47:24 | 000,064,416 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\HookCentre.sys
[2013.01.28 18:47:00 | 000,126,880 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\MiniIcpt.sys
[2013.01.28 18:47:00 | 000,065,008 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\gdwfpcd64.sys
[2013.01.28 18:47:00 | 000,054,176 | ---- | M] (G Data Software AG) -- C:\Windows\SysNative\drivers\GDBehave.sys
[2013.01.27 10:44:05 | 005,160,848 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.01.10 14:35:41 | 000,011,240 | ---- | M] (G Data Software AG) -- C:\Windows\SysWow64\GdScrSv.de.dll
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.02.03 17:14:02 | 000,000,000 | ---- | C] () -- C:\Users\Geschäft\defogger_reenable
[2013.02.03 14:22:11 | 000,065,973 | ---- | C] () -- C:\Users\Geschäft\Desktop\Vorschau3.png
[2013.02.03 14:20:19 | 000,078,213 | ---- | C] () -- C:\Users\Geschäft\Desktop\Vorschau2.png
[2013.02.03 14:17:27 | 000,070,909 | ---- | C] () -- C:\Users\Geschäft\Desktop\Vorschau.png
[2013.02.03 12:58:39 | 000,365,568 | ---- | C] () -- C:\Users\Geschäft\Desktop\gmer_2.0.18454.exe
[2013.02.03 12:55:46 | 000,050,477 | ---- | C] () -- C:\Users\Geschäft\Desktop\Defogger.exe
[2013.02.03 12:28:09 | 000,000,991 | ---- | C] () -- C:\Users\Geschäft\Desktop\StartEd Pro.lnk
[2012.08.04 08:52:39 | 000,009,728 | ---- | C] () -- C:\Users\Geschäft\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.07.02 17:45:30 | 001,456,640 | ---- | C] () -- C:\Program Files (x86)\Common Files\Falk Navi-Manager.msi
[2012.06.10 13:15:09 | 000,001,316 | -HS- | C] () -- C:\Windows\SysWow64\KGyGaAvL.sys
[2012.06.10 11:57:56 | 000,969,322 | ---- | C] () -- C:\Windows\SysWow64\sig.bin
[2012.06.09 22:18:08 | 000,028,672 | ---- | C] () -- C:\Windows\SysWow64\nnr.dll
[2012.06.09 20:57:55 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.06.09 20:34:55 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2012.09.19 19:40:30 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Amazon
[2012.07.31 09:06:35 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Apowersoft
[2012.11.20 20:39:07 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\c-software
[2012.06.09 22:50:12 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Canon
[2012.09.26 14:44:11 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\com.adobe.downloadassistant.AdobeDownloadAssistant
[2012.11.01 13:02:03 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Elephant Games
[2012.11.11 14:44:45 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\FileZilla
[2012.11.19 20:52:09 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\GOA
[2012.12.30 15:33:34 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\HyperCam
[2012.06.10 13:20:12 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\RawShellExtender
[2013.02.01 17:50:45 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\SKAT
[2012.08.04 08:52:39 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Solveig Multimedia
[2012.09.26 15:15:44 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2012.11.01 00:30:42 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\UClick
[2012.06.10 12:42:16 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Ulead Systems
[2012.06.12 22:39:08 | 000,000,000 | ---D | M] -- C:\Users\Geschäft\AppData\Roaming\Windows Live Writer
 
========== Purity Check ==========
 
 
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 167 bytes -> C:\ProgramData\TEMP:5E73E1C2

< End of report >


Code:
ATTFilter
GMER 2.0.18454 - hxxp://www.gmer.net
Rootkit scan 2013-02-03 18:23:30
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\0000005d ST1000DM rev.1AJ1 931,51GB
Running: gmer_2.0.18454.exe; Driver: C:\Users\GESCHF~1\AppData\Local\Temp\pxldrpod.sys


---- User code sections - GMER 2.0 ----

.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                           00000000750b1401 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                             00000000750b1419 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                           00000000750b1431 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                           00000000750b144a 2 bytes [0B, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                              00000000750b14dd 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                       00000000750b14f5 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                              00000000750b150d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                       00000000750b1525 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                             00000000750b153d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                  00000000750b1555 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                           00000000750b156d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                             00000000750b1585 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                00000000750b159d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                             00000000750b15b5 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                           00000000750b15cd 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                       00000000750b16b2 2 bytes [0B, 75]
.text  C:\Program Files (x86)\G Data\InternetSecurity\Firewall\GDFirewallTray.exe[3832] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                       00000000750b16bd 2 bytes [0B, 75]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4432] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007feff354ed0 9 bytes [68, 78, 03, 7A, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4432] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefc2f5c54 7 bytes [68, 08, 03, 7A, 02, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4432] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefc2f5c64 9 bytes [68, 40, 03, 7A, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4432] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007feff6117a0 9 bytes [68, B0, 03, 7A, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A                                                                                           000000007744f548 7 bytes JMP 0000000102a40570
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W                                                                                           000000007745b0ac 7 bytes JMP 0000000102a405a8
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\kernel32.dll!CreateThread                                                                                                0000000076d66580 9 bytes JMP 0000000102a404c8
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\ole32.dll!OleLoadFromStream                                                                                              000007fefef675f0 7 bytes [68, E0, 05, A4, 02, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\OLEAUT32.dll!VariantClear                                                                                                000007feff2f1180 10 bytes [68, C0, 06, A4, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\OLEAUT32.dll!SysFreeString                                                                                               000007feff2f1320 7 bytes [68, 50, 06, A4, 02, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen                                                                                       000007feff2f4450 6 bytes [68, 18, 06, A4, 02, C3]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\OLEAUT32.dll!VariantChangeType                                                                                           000007feff2f6720 10 bytes [68, 88, 06, A4, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect                                                                              000007feff354ed0 9 bytes [68, 78, 03, A4, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW  000007fefc2f5c54 7 bytes [68, 08, 03, A4, 02, C3, CC]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet   000007fefc2f5c64 9 bytes [68, 40, 03, A4, 02, C3, CC, ...]
.text  C:\Program Files\Internet Explorer\iexplore.exe[4716] C:\Windows\system32\comdlg32.dll!PageSetupDlgW                                                                                               000007feff6117a0 9 bytes [68, B0, 03, A4, 02, C3, CC, ...]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17                                                                00000000750b1401 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17                                                                  00000000750b1419 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17                                                                00000000750b1431 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42                                                                00000000750b144a 2 bytes [0B, 75]
.text  ...                                                                                                                                                                                                * 9
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17                                                                   00000000750b14dd 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17                                                            00000000750b14f5 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17                                                                   00000000750b150d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17                                                            00000000750b1525 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17                                                                  00000000750b153d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17                                                                       00000000750b1555 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17                                                                00000000750b156d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17                                                                  00000000750b1585 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17                                                                     00000000750b159d 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17                                                                  00000000750b15b5 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17                                                                00000000750b15cd 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20                                                            00000000750b16b2 2 bytes [0B, 75]
.text  C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4856] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31                                                            00000000750b16bd 2 bytes [0B, 75]

---- EOF - GMER 2.0 ----

Mich interessiert nun die Datensicherheit meines PC - alle Passwörter muss ich neu eingeben - sind diese Zugänge sicher, wenn ich mich wieder einlogge ( gemeint sind Internetzugänge bei Webangeboten/Facebook/Reiseanbieter/weitere...)

Wie kann ich den runctf aus dem Autostart löschen?

Ist Internetbanking relativ sicher?

Ich habe derzeit alle Daten auf externe Festplatten gesichert. Dazu habe ich ein Systemabbild (Systemabbild auf externer Festplatte mittels Win 7 ) vor 6 Monaten gemacht - kann ich dieses im Fall der Fälle gefahrlos nutzen, falls eine Neueinrichtung unabänderlich ist? Ich möchte es jedoch vermeiden, da ich massive Probleme habe, die Treiber für Drucker und Scanner bei Win 7 / 64 erneut einzurichten ( die ja an sich im Systemabbild vorhanden sein müßten ).

Für die Unterstützung vielen Dank...

justme...

 

Themen zu runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart
adobe, antivirus, autorun, bho, bingbar, festplatte, firefox, flash player, format, google, helper, home, iexplore.exe, logfile, ntdll.dll, nvidia update, object, plug-in, realtek, registry, scan, security, senden, server, sicherheit, software, systemsicherheit, tablet, temp, virus, windows


« Avast findet Trojaner "JS:Iframe-ZU" | BKA-Trojaner: wirklich clean? »


Ähnliche Themen: runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart


  1. NSA veröffentlicht Automatisierungstool zur Systemsicherheit
    Nachrichten - 15.07.2015 (0)
  2. Trojaner? Nach Anmeldung weißer Bildschirm und Webcam an!
    Plagegeister aller Art und deren Bekämpfung - 25.04.2013 (7)
  3. GVU Virus - runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll
    Plagegeister aller Art und deren Bekämpfung - 24.02.2013 (4)
  4. GVU Trojaner mit Sperrung im abgesicherten Modus, runctf im Autostart
    Log-Analyse und Auswertung - 08.02.2013 (11)
  5. runctf.reg Datei im Autostart
    Plagegeister aller Art und deren Bekämpfung - 03.02.2013 (39)
  6. jetzt auch ich, aber keine Problem mit dem System... runctf im Autostart/ wgsdgsdgdsgsd.dll,H1N1
    Log-Analyse und Auswertung - 21.01.2013 (25)
  7. GVU-Trojaner - unbekannte Datei runctf in Autostart/PC gesperrt
    Log-Analyse und Auswertung - 14.01.2013 (10)
  8. GVU Virus - runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll (Exploit.Drop.GS), dsgsdgdsgdsgw.pad (Exploit.Drop.GSA) und dsgsdgdsgdsgw.js
    Plagegeister aller Art und deren Bekämpfung - 02.01.2013 (3)
  9. GVU Trojaner, runctf.lnk (im Autostart), wgsdgsdgdsgsd.dll, dsgsdgdsgdsgw.pad und dsgsdgdsgdsgw.js
    Plagegeister aller Art und deren Bekämpfung - 01.01.2013 (11)
  10. wgsdgsdgdsgsd.dll,H1N1 & runctf.reg (BAfS Trojaner + Webcam Aktivierung)
    Log-Analyse und Auswertung - 20.12.2012 (2)
  11. Systemsicherheit für Windows Pc´s
    Antiviren-, Firewall- und andere Schutzprogramme - 11.11.2012 (2)
  12. PWS.Zbot... Beurteilung der Systemsicherheit nach Neuinstallation
    Plagegeister aller Art und deren Bekämpfung - 26.07.2012 (8)
  13. Nach einstecken eines fremden USB - Sticks > autostart wollte etwas ausführen
    Log-Analyse und Auswertung - 12.04.2011 (1)
  14. Literatur zu Systemsicherheit?
    Diskussionsforum - 25.08.2010 (9)
  15. TR/FraudPack.aeje -- Systemsicherheit wieder herstellbar?
    Plagegeister aller Art und deren Bekämpfung - 28.05.2010 (9)
  16. Explorer Autostart nach Neustart... +HijackThis
    Log-Analyse und Auswertung - 22.08.2004 (6)
  17. Problem nach Deaktivierung von Diensten unter XP(Internet-einwahl erst nach 2 Minuten
    Alles rund um Windows - 13.11.2003 (4)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart - Hi, ich habe mir gestern den im Betreff beschriebenen Virus gefangen; zunächst angezeigt im G-Data Virenscanner und trotz Quarantänebefehls eingenistet. Ich habe ihn nach Einlesen über das Läppie meiner Frau - runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart...
Archiv
Du betrachtest: runctf mit Webcam - verbliebene Systemsicherheit nach Deaktivierung im Autostart auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131