Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar

Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar


Plagegeister aller Art und deren Bekämpfung: Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

 
Vorheriger Beitrag Vorheriger Beitrag   Nächster Beitrag Nächster Beitrag
Alt 21.02.2013, 15:24   #1
Master Stix
 
Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar - Standard

Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar


Hallo liebe Community, habe seit ca. 2-3 Monaten(weiss leider nicht mehr genau) folgendes Problem:

Prozessor fährt im Idle oder unter Last(am bestem im Idle nachvollziehbar) nach etwa 3 Minuten hoch auf ca. 26% Auslastung laut TaskManager und 23% RAM(RAM-Auslastung bleibt gleich,egal ob Fehlerfall oder nicht). Dazu läuft der Grafikkartenlüfter auf ca. 40%, wobei die Temp. der Graka auf etwa 87 Grad hoch geht. Nach dieser Zeit ist bei mir noch kein Bildschirmschoner aktiv. Ich habe kein einziges Programm geöffnet! Der Fehlerfall tritt aber auch ein wenn ich ein Programm ausführe und einfach für die 3 minuten nichts mit der Maus oder Tastatur mache. Wenn ich also nach der zeit bis der "Fehler" auftritt die Maus bewege, fährt alles wieder in den Normalzustand zurück, d.h. etwa 1%Prozessor Last und der Grafikkartenlüfter drosselt sich wieder auf normale Geschwindigkeit herunter. Die Grafikkartentemp. sinkt sofort wieder auf die im Idle bei mir normalen 50%. Anschliessend werden meine beiden Monitore für kurze Zeit Schwarz, nach etwa 1 sekunde ist das Bild wieder da und ich bekomme die Fehlermeldung: ""Der Anzeigetreiber wurde nach einem Fehler Wiederhergestellt" "Der Anzeigetreiber "NVIDIA Windows Kernel Mode Driver, Version 314.07 reagiert nicht mehr und wurde wiederhergestellt."
Dieses "Spielchen" kann ich beliebig oft wiederholen und ist zu 90% vorhanden nach Neustart.

Ich habe dann etwa 1 Woche lang über google versucht das Problem "Der Anzeigetreiber..." zu beheben, ohne Erfolg. Da meiner Meinung nach diese Fehlermeldung nichts mit meinem eigentlichen Problem zu tun hat. Ich habe viele verschiedene Treiber getestet, habe meine Monitore an der Internen Grafikkarte angeschlossen, in der Registry TDR Keys umgeschrieben, Programme deinstalliert und aus dem Systemstart rausgetan, alles ohne Erfolg.

Eines Tages bemerkte ich dann unter "msconfig" "Systemstart", das ich ein bestimmtes Systemstartelement nicht deaktivieren kann. Also ich konnte es deaktivieren aber beim nächsten Neustart war der Haken wieder drin.
Hierbei handelt es sich um folgendes:
Systemstartelement Hersteller Befehl
GuardHostComputer BigDefenseIndustries C:\Users\...\AppData....

unter folgendem Ort: HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run

Nun versuchte ich den Ordner aus der Registry zu löschen, jedoch nach einiger zeit bzw. nach einen Neustart war selbiges wieder vorhanden.

Ich glaube das mein Problem mit dem Bildschirmausfall und Anzeigetreiberfehlermeldung mit diesem "Programm/Trojaner" zusammenhängt.

Wo ich mir diesen eingefangen habe glaube ich zu wissen, möchte dies aber nicht hier posten.

Meine Sicherheitssoftware hat auch schon Viren festgestellt und in Quarantäne verschoben, leider habe ich diese anschliessend entfernen lassen
Diese hier hab ich noch im Verlauf von Microsoft Security Essentials drinstehen:
Trojan:Win32/Zeeborot.A
Exploit:Java/CVE-2012-1723
Exploit:Java/CVE-2013-0422
TrojanDropper:Win32/Alureon.V
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 21.02.2013 14:06:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Grusch\Software gegen Trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 77,71% Memory free
15,78 Gb Paging File | 13,97 Gb Available in Paging File | 88,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 125,78 Gb Free Space | 64,43% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 122,00 Gb Free Space | 40,93% Space Free | Partition Type: NTFS
Drive G: | 736,20 Gb Total Space | 307,85 Gb Free Space | 41,82% Space Free | Partition Type: NTFS
 
Computer Name: BATMAN-PC | User Name: Batman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.02.21 13:50:26 | 000,602,112 | ---- | M] (OldTimer Tools) -- G:\Grusch\Software gegen Trojaner\OTL.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2012.08.22 14:46:00 | 000,004,096 | ---- | M] () -- C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 02:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.02.19 18:40:23 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013.02.09 18:43:48 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2013.01.27 11:34:32 | 000,379,360 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2013.01.27 11:34:32 | 000,022,056 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013.01.19 03:50:09 | 002,070,304 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012.12.18 15:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.12.14 02:42:10 | 000,277,616 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe -- (cphs)
SRV - [2012.09.06 10:50:24 | 000,248,248 | R--- | M] (Western Digital) [Disabled | Stopped] -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe -- (WDDriveService)
SRV - [2012.09.01 18:07:22 | 000,014,904 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2012.08.09 19:25:50 | 000,207,872 | ---- | M] () [Disabled | Stopped] -- C:\Programme\Serviio\bin\ServiioService.exe -- (Serviio)
SRV - [2011.12.15 11:40:08 | 001,977,224 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDFME.exe -- (WDFMEService)
SRV - [2011.12.15 11:40:08 | 001,338,264 | R--- | M] (Western Digital ) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDRulesEngine.exe -- (WDRulesService)
SRV - [2011.12.15 11:40:06 | 000,319,384 | R--- | M] (WDC) [Disabled | Stopped] -- C:\Programme\Western Digital\WD SmartWare\WDDMService.exe -- (WDDMService)
SRV - [2011.09.27 20:04:08 | 000,359,192 | ---- | M] (Logitech, Inc.) [Disabled | Stopped] -- C:\Programme\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2011.08.30 15:55:54 | 000,160,256 | ---- | M] (Intel Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe -- (ICCS)
SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2013.01.20 15:59:04 | 000,130,008 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\NisDrvWFP.sys -- (NisDrv)
DRV:64bit: - [2012.12.19 06:41:52 | 000,194,488 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA)
DRV:64bit: - [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector)
DRV:64bit: - [2012.12.14 02:42:22 | 005,353,888 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2012.09.01 17:01:56 | 000,647,736 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorA.sys -- (iaStorA)
DRV:64bit: - [2012.09.01 17:01:56 | 000,028,216 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStorF.sys -- (iaStorF)
DRV:64bit: - [2012.08.23 15:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2012.08.23 15:08:26 | 000,030,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2012.08.23 15:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV:64bit: - [2012.07.17 18:12:08 | 000,062,784 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64)
DRV:64bit: - [2012.03.27 01:13:20 | 000,789,272 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3xhc.sys -- (iusb3xhc)
DRV:64bit: - [2012.03.27 01:13:20 | 000,356,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\iusb3hub.sys -- (iusb3hub)
DRV:64bit: - [2012.03.27 01:13:18 | 000,019,224 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iusb3hcs.sys -- (iusb3hcs)
DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2012.01.20 05:39:16 | 000,205,312 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ViaHub3.sys -- (VUSB3HUB)
DRV:64bit: - [2012.01.20 05:39:04 | 000,254,464 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\xhcdrv.sys -- (xhcdrv)
DRV:64bit: - [2011.12.16 13:18:56 | 000,014,464 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wdcsam64.sys -- (WDC_SAM)
DRV:64bit: - [2011.09.02 07:30:36 | 000,060,696 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LMouFilt.Sys -- (LMouFilt)
DRV:64bit: - [2011.09.02 07:30:24 | 000,066,840 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\LHidFilt.Sys -- (LHidFilt)
DRV:64bit: - [2011.08.11 23:54:16 | 000,104,560 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C)
DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2010.11.21 04:23:48 | 000,071,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\dmvsc.sys -- (dmvsc)
DRV:64bit: - [2010.11.21 04:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV - [2013.01.28 18:57:06 | 000,030,528 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\GVTDrv64.sys -- (GVTDrv64)
DRV - [2013.01.28 18:56:51 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\gdrv.sys -- (gdrv)
DRV - [2012.10.30 13:52:05 | 000,025,640 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\etdrv.sys -- (etdrv)
DRV - [2010.02.04 09:09:00 | 000,014,376 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files (x86)\GIGABYTE\GIGABYTE OC_GURU II\GPCIDrv64.sys -- (GPCIDrv)
DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default Download Directory = G:\Grusch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = AC 58 A3 0E 14 8D CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {72349996-FB7D-4E70-8B3D-22F59F3829FA}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{72349996-FB7D-4E70-8B3D-22F59F3829FA}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}&rlz=1I7MERD_deDE502
IE - HKCU\..\SearchScopes\{A85AB85A-F7FA-491E-AFEE-4C62B7659F3F}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=&apn_dtid=OSJ000&apn_uid=08E77021-1286-4C48-A64F-DB57B8D40B82&apn_sauid=599D2609-1A26-44A2-B105-970B22074A69
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.11.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\bin\plugin2\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll File not found
FF - HKLM\Software\MozillaPlugins\@intel-webapi.intel.com/Intel WebAPI updater: C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll File not found
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Batman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Batman\AppData\Local\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
 
 
 
========== Chrome  ==========
 
CHR - homepage: hxxp://de.yahoo.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://de.yahoo.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\gcswf32.dll
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Batman\AppData\Local\Google\Chrome\Application\24.0.1312.56\pdf.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Google Update (Enabled) = C:\Users\Batman\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll
 
O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\bin\ssv.dll (Oracle Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4:64bit: - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [{A40125CC-3BBD-5CE4-5FBD-93EE0B0FAD45}] C:\Users\Batman\AppData\Roaming\Buofy\wazu.exe (Big Defense Industrial)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {3234EB1E-733E-4E6A-A8AB-EBB6287E5A7E} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel64_4.5.11.0.cab (SysInfo Class)
O16 - DPF: {0067DBFC-A752-458C-AE6E-B9C7E63D4824} hxxp://www.logitech.com/devicedetector/bin/LogitechDeviceDetection32.cab (Geräteerkennung)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3DE69099-F348-441B-8233-A69E06C19BAF}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\Programme\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.02.21 13:39:40 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Roaming\Malwarebytes
[2013.02.21 13:39:31 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.21 13:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.21 13:39:27 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.21 13:39:27 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.19 20:53:13 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SopCast
[2013.02.19 20:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SopCast
[2013.02.19 20:53:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SopCast
[2013.02.19 11:11:02 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Roaming\elsterformular
[2013.02.19 11:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ElsterFormular
[2013.02.19 11:08:51 | 000,000,000 | ---D | C] -- C:\ProgramData\elsterformular
[2013.02.19 11:08:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ElsterFormular
[2013.02.12 07:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV
[2013.02.12 07:40:41 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV
[2013.01.28 18:51:47 | 000,000,000 | ---D | C] -- C:\Users\Batman\AppData\Local\NVIDIA
[2013.01.28 18:30:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AMD
 
========== Files - Modified Within 30 Days ==========
 
[2013.02.21 14:03:39 | 000,000,000 | ---- | M] () -- C:\Users\Batman\defogger_reenable
[2013.02.21 13:56:07 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000UA.job
[2013.02.21 13:38:15 | 000,034,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 13:38:15 | 000,034,816 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.02.21 13:37:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.02.21 13:34:56 | 001,502,164 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.02.21 13:34:56 | 000,655,188 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.02.21 13:34:56 | 000,617,070 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.02.21 13:34:56 | 000,130,558 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.02.21 13:34:56 | 000,106,948 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.02.21 13:30:17 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.02.21 13:30:12 | 2060,599,295 | -HS- | M] () -- C:\hiberfil.sys
[2013.02.21 13:00:47 | 000,000,110 | ---- | M] () -- C:\.dir
[2013.02.21 10:56:00 | 000,001,072 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2525669722-3757799730-524398789-1000Core.job
[2013.02.19 20:53:13 | 000,000,991 | ---- | M] () -- C:\Users\Batman\Desktop\SopCast.lnk
[2013.02.19 18:17:59 | 000,001,912 | ---- | M] () -- C:\Windows\epplauncher.mif
[2013.02.19 11:08:52 | 000,001,229 | ---- | M] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.02.14 07:42:17 | 000,416,968 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.12 08:19:31 | 000,000,445 | ---- | M] () -- C:\Users\Batman\Desktop\Yahoo!.website
[2013.02.10 04:25:27 | 000,017,738 | ---- | M] () -- C:\Windows\SysNative\nvinfo.pb
[2013.02.09 14:25:36 | 003,035,306 | ---- | M] () -- C:\Windows\SysNative\nvcoproc.bin
[2013.02.07 17:53:39 | 000,002,370 | ---- | M] () -- C:\Users\Batman\Desktop\Google Chrome.lnk
[2013.01.28 18:57:06 | 000,030,528 | ---- | M] () -- C:\Windows\GVTDrv64.sys
[2013.01.28 18:51:39 | 000,001,347 | ---- | M] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.28 18:30:51 | 000,002,012 | ---- | M] () -- C:\Users\Public\Desktop\ET6.lnk
[2013.01.28 18:29:11 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.28 18:07:28 | 000,001,635 | ---- | M] () -- C:\Users\Batman\Desktop\Everest (2).lnk
[2013.01.28 18:07:05 | 000,001,635 | ---- | M] () -- C:\Users\Batman\Desktop\Everest.lnk
 
========== Files Created - No Company Name ==========
 
[2013.02.21 14:03:39 | 000,000,000 | ---- | C] () -- C:\Users\Batman\defogger_reenable
[2013.02.20 17:56:47 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.02.20 17:40:49 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.02.19 20:53:13 | 000,000,991 | ---- | C] () -- C:\Users\Batman\Desktop\SopCast.lnk
[2013.02.19 11:08:52 | 000,001,229 | ---- | C] () -- C:\Users\Public\Desktop\ElsterFormular.lnk
[2013.01.28 18:51:39 | 000,001,347 | ---- | C] () -- C:\Users\Public\Desktop\GeForce Experience.lnk
[2013.01.28 18:30:51 | 000,002,012 | ---- | C] () -- C:\Users\Public\Desktop\ET6.lnk
[2013.01.28 18:29:11 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_iusb3hcs_01009.Wdf
[2013.01.28 18:07:28 | 000,001,635 | ---- | C] () -- C:\Users\Batman\Desktop\Everest (2).lnk
[2013.01.28 18:07:05 | 000,001,635 | ---- | C] () -- C:\Users\Batman\Desktop\Everest.lnk
[2013.01.21 17:22:45 | 000,000,451 | ---- | C] () -- C:\Program Files (x86)\release
[2013.01.21 17:22:41 | 000,003,409 | ---- | C] () -- C:\Program Files (x86)\COPYRIGHT
[2013.01.21 17:22:41 | 000,000,983 | ---- | C] () -- C:\Program Files (x86)\Welcome.html
[2013.01.21 17:22:41 | 000,000,041 | ---- | C] () -- C:\Program Files (x86)\LICENSE
[2012.12.14 02:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll
[2012.12.14 02:42:24 | 000,754,652 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng700.bin
[2012.12.14 02:42:24 | 000,598,384 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng700.bin
[2012.09.27 06:06:24 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad
[2012.09.15 11:50:06 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys
[2012.09.07 18:21:47 | 000,007,597 | ---- | C] () -- C:\Users\Batman\AppData\Local\resmon.resmoncfg
[2012.09.07 17:47:58 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2012.04.20 12:59:44 | 000,001,536 | ---- | C] () -- C:\Windows\SysWow64\IusEventLog.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.01.14 17:55:30 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Buofy
[2012.09.07 17:14:53 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\DAEMON Tools Lite
[2013.02.12 08:22:22 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Ecte
[2013.02.19 11:11:04 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\elsterformular
[2012.10.23 17:56:06 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\GetRightToGo
[2013.01.17 08:55:14 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Ifoz
[2012.09.07 20:12:35 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Leadertech
[2012.10.11 18:35:05 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Samsung
[2013.02.11 17:59:07 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\TS3Client
[2013.01.14 18:32:48 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\UltraMixer
[2013.02.21 13:02:53 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\UseNeXT
[2013.01.05 18:52:21 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\WinISO Computing
[2013.01.19 19:49:08 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\XMedia Recode
[2013.01.14 19:51:59 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Xudolo
[2013.01.17 08:55:47 | 000,000,000 | ---D | M] -- C:\Users\Batman\AppData\Roaming\Zoeh
 
========== Purity Check ==========
 
 

< End of report >
--- --- ---


OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 21.02.2013 14:06:24 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = G:\Grusch\Software gegen Trojaner
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
7,89 Gb Total Physical Memory | 6,13 Gb Available Physical Memory | 77,71% Memory free
15,78 Gb Paging File | 13,97 Gb Available in Paging File | 88,49% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 195,21 Gb Total Space | 125,78 Gb Free Space | 64,43% Space Free | Partition Type: NTFS
Drive D: | 298,09 Gb Total Space | 122,00 Gb Free Space | 40,93% Space Free | Partition Type: NTFS
Drive G: | 736,20 Gb Total Space | 307,85 Gb Free Space | 41,82% Space Free | Partition Type: NTFS
 
Computer Name: BATMAN-PC | User Name: Batman | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
"DoNotAllowExceptions" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{007C08B4-1FB7-41C9-B45F-6F0CDA9F4FCD}" = rport=138 | protocol=17 | dir=out | app=system | 
"{1A1C6F3A-8B95-42A6-9C5C-E3D5A7536624}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{288DD8DA-E361-4C78-B091-EFDC706536F3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{288EC36E-8682-4E2C-BCAD-8B1E8A3D0FC4}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{2E89FD0B-BDA8-4D07-8FE6-3D624009CE99}" = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{3059EFEC-79E2-4354-9B1A-4CE8FD5C58D5}" = lport=139 | protocol=6 | dir=in | app=system | 
"{30BF6F63-01BC-4D3B-A289-DA99D9B95765}" = lport=137 | protocol=17 | dir=in | app=system | 
"{3701ACEC-12C7-4712-A147-118379A01AD8}" = rport=139 | protocol=6 | dir=out | app=system | 
"{3A719920-1620-40F1-9FB4-2BEE52A6BB54}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{3D2F0433-11D0-4888-B1AD-E267DB7CD89C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{4A8A84A8-D7D5-49EE-8812-877FC199481B}" = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{51DFB9D9-7F32-43C5-880A-8D60A13BC061}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{521F2BE8-1847-466A-A322-AAAD93CD8DF5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{52CE1070-AB95-4394-8974-D3C41A7A6E26}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{55B0E640-3DBA-4BE0-9B09-00046BBBFFD7}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6F9E10A5-6E45-4820-A7B3-FD74A05BE67E}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{75D7E9E5-FE32-445E-8270-083FA50CA2B9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{765C6ABD-FEDE-4F11-962E-0F19DF33953C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{7927A278-4664-41CD-9CA3-533DC5171867}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{7DF631B9-AC2F-4E8D-9F1A-C02E11CF716F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{830CD9FC-B8D9-45DF-935A-82AEA0B10F2C}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{952F73D2-C253-4FC2-B37C-37ABACA1460A}" = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe | 
"{9B6687C1-DE5C-4643-94ED-74ABD274DBAC}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{9EFC1B6A-20CA-462E-963F-8EC1A71AA77A}" = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe | 
"{B11DEEB4-0561-4614-9BA6-CA68C442E6DA}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{CCD1E8D2-650C-4780-9A78-2C9999C6805A}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{CDE1A126-730F-458B-B019-4BAE1D25E017}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DFABD753-9AF7-472A-818B-DA8BEBB41CC3}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{E6B64889-4E4D-4A2B-B3D8-1FCC299EE8DB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{EC054133-15DE-4546-8E48-3F79339D0455}" = rport=137 | protocol=17 | dir=out | app=system | 
"{EFE43F76-CF86-4B9D-9CF2-200F74E97F0E}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07460A1F-DC06-4A25-A8F8-F9F48F888F58}" = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{0786838A-64AC-4554-A901-2F372AE0E990}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshare.exe | 
"{0FB81636-7031-4E8A-A637-1CBA33E20516}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{1389A610-6845-4B3C-9196-C235E5944135}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{16BB9BD2-3DAF-408F-9B97-B2ACD868EC37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{186C93E7-C722-427C-955B-CD8C8195EC6B}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{27AA9FA9-9264-41FF-9CCC-A53FAAC7EDC2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{2D90EC49-676D-4270-802F-CC0CBF584280}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | 
"{434A7D4F-277E-4C5E-A514-2631E4290348}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{4A630E42-5705-4E1F-B304-0EFDBDD3373E}" = protocol=17 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{4AB5C89D-29A2-424E-9095-162F8B569020}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{5290AB23-459B-471B-9592-627D3F197A9D}" = dir=in | app=c:\program files (x86)\itunes\itunes.exe | 
"{57FE506C-E5A1-44BA-B080-7B35528D2F5E}" = protocol=17 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{7E242F12-0851-42A3-813D-F6E4DE299DB9}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{80B4A846-DB5C-4DE6-958C-17E37958BE33}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{85ABE5E4-BD9A-4EA7-8419-42CBCC9D2661}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{87674EBE-E4E9-47E1-B6F3-3B197F05D1D3}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8A079AD1-90BB-4451-A7B2-732E417ADFB1}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{8DFB6317-6C92-4523-A766-682D214329D7}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{98622B6E-D7CD-46F6-947A-EEDBBEE9B215}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{9A503EF0-15FD-45AA-82F3-6332469D567C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{9EFB00BF-C7E3-4801-B115-6213842B1ED2}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{A84809B5-7D37-419D-8044-79809D711BD8}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{AD4220F6-472D-411B-A555-8886C166C9E9}" = protocol=6 | dir=out | app=system | 
"{AF41363E-E358-436F-873E-8FD72592FFB8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C614E08E-78E0-409D-90E7-DA3C654D00C1}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{CF965A79-4613-47CF-B099-EB8A7BF08640}" = dir=in | app=c:\program files (x86)\common files\apple\apple application support\webkit2webprocess.exe | 
"{CFFAF3E9-7D68-4FDD-BBE0-1F2A4FF39214}" = protocol=6 | dir=in | app=c:\program files (x86)\bonjour\mdnsresponder.exe | 
"{D1EAD7C3-3A4C-4C15-86A9-FA6BC83A7A6E}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioconsole.exe | 
"{D273E3A1-3724-4716-AE8C-3E2688B63A9F}" = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe | 
"{DE53B62F-CD33-4DA9-AE35-7995CBFF402D}" = dir=in | app=c:\program files (x86)\samsung\allshare\allshareagent.exe | 
"{E3E60118-EBE9-4353-9E06-F4E53EA21B37}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E4F1FEA9-AD00-48A6-8B05-BB31152FC056}" = protocol=6 | dir=in | app=c:\program files\serviio\bin\serviioservice.exe | 
"{FF4ED90A-5E8E-42B6-94D7-60CF29EF91E6}" = dir=in | app=c:\program files (x86)\samsung\allshare\allsharedms\allsharedms.exe | 
"TCP Query User{2820D502-EBB6-4E14-8DE2-6DC2669C431C}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{69E38D47-624E-4248-B24B-5B4015089C2A}C:\users\batman\appdata\roaming\zoeh\piar.exe" = protocol=6 | dir=in | app=c:\users\batman\appdata\roaming\zoeh\piar.exe | 
"TCP Query User{8F0489F9-B9A0-49A6-B71D-43D6E1177877}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"TCP Query User{900F0861-A2FD-4E60-ADFB-6F6B6B37BF25}C:\program files (x86)\gigabyte\et6\updexe.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\updexe.exe | 
"TCP Query User{9C26E59B-B6CB-478A-81E5-898ED1B94FE2}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=6 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"TCP Query User{A57BEFA3-433E-4BBD-9748-6BDA8CACA227}G:\games\guild wars 2\gw2.exe" = protocol=6 | dir=in | app=g:\games\guild wars 2\gw2.exe | 
"TCP Query User{C2D2B001-D819-4FDB-9DCB-3C4A9E04F5B9}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | 
"TCP Query User{D6816564-B29F-4D4B-889F-F6E5EC7CE070}C:\users\batman\appdata\local\temp\gw2.exe" = protocol=6 | dir=in | app=c:\users\batman\appdata\local\temp\gw2.exe | 
"UDP Query User{07C638B6-E3D0-43B2-A671-42E6EFF58206}C:\program files (x86)\sopcast\adv\sopadver.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\adv\sopadver.exe | 
"UDP Query User{07E2CFDE-A6C3-4341-AE33-AFCBFEA3F02A}G:\games\guild wars 2\gw2.exe" = protocol=17 | dir=in | app=g:\games\guild wars 2\gw2.exe | 
"UDP Query User{0F9A0491-6986-4D0E-816A-D7AE0FD6BA9C}C:\program files (x86)\gigabyte\et6\updexe.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\updexe.exe | 
"UDP Query User{3BD745EF-4136-4925-BACB-C879EF04FECF}C:\users\batman\appdata\local\temp\gw2.exe" = protocol=17 | dir=in | app=c:\users\batman\appdata\local\temp\gw2.exe | 
"UDP Query User{69A63EA8-D446-4EA9-B0C9-A5F13BED4C01}C:\windows\microsoft.net\framework\v2.0.50727\vbc.exe" = protocol=17 | dir=in | app=c:\windows\microsoft.net\framework\v2.0.50727\vbc.exe | 
"UDP Query User{756C3B5B-50F1-4B5C-80FC-B49B4192CC01}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{D28FA7C4-0233-43FC-BB57-F6967F9128EA}C:\users\batman\appdata\roaming\zoeh\piar.exe" = protocol=17 | dir=in | app=c:\users\batman\appdata\roaming\zoeh\piar.exe | 
"UDP Query User{DFD3663C-9A6A-420A-9436-EAFADE0A9B01}C:\program files (x86)\gigabyte\et6\gbtupd.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gigabyte\et6\gbtupd.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{0E5D76AD-A3FB-48D5-8400-8903B10317D3}" = iTunes
"{1D8E6291-B0D5-35EC-8441-6616F567A0F7}" = Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
"{26A24AE4-039D-4CA4-87B4-2F86417011FF}" = Java 7 Update 11 (64-bit)
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{6AEC3114-709D-4CFF-9296-ECE23ED19F97}" = System Requirements Lab for Intel (64-bit)
"{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}" = Bonjour
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{89BDAE1A-7B8E-4A0E-A169-02F7F366451D}" = iCloud
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-002A-0000-1000-0000000FF1CE}" = Microsoft Office Office 64-bit Components 2010
"{90140000-002A-0407-1000-0000000FF1CE}" = Microsoft Office Shared 64-bit MUI (German) 2010
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience" = NVIDIA GeForce Experience 1.0.1 (BETA)
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 314.07
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.1031
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 2.47.62
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.23.1
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D70884EA-E2CE-4539-91DB-4766CC1E5F5F}" = Apple Mobile Device Support
"{D954C6C2-544B-4091-A47F-11E77162883E}" = Microsoft Security Client
"{EC39CC32-E144-42E4-9A59-53C20B408BDE}" = WD SmartWare
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"Serviio" = Serviio
"sp6" = Logitech SetPoint 6.32
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1" = Geeks3D.com FurMark 1.10.2
"{240C3DDD-C5E9-4029-9DF7-95650D040CF2}" = Intel(R) USB 3.0 eXtensible Host Controller Driver
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}" = eReg
"{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0801.1
"{5588D686-D23B-4C9D-BDFA-2A7875CD3722}" = GIGABYTE OC_GURU II
"{6B1F9121-5599-47F9-9F82-9FEA0F03C47F}" = 3DPower B12.0619.1
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{72E40002-8CEC-47C1-A099-83AC8E173BF0}" = WD Drive Utilities
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{83270912-15C7-4336-822E-E8F1B1BBCA60}" = WD Security
"{8B922CF8-8A6C-41CE-A858-F1755D7F5D29}" = NVIDIA PhysX
"{90140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.PROPLUS_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.PROPLUS_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.PROPLUS_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.PROPLUS_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{594128C9-2CDF-43CE-8103-DC100CF013B6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.PROPLUS_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.PROPLUS_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-0000-0000000FF1CE}_Office14.PROPLUS_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.5) - Deutsch
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{B2DC3F08-2EB2-49A5-AA24-15DFC8B1CB83}" = @BIOS
"{CCE825DB-347A-4004-A186-5F4A6FDD8547}" = Apple Application Support
"{DDA3C325-47B2-4730-9672-BF3771C08799}_is1" = XMedia Recode Version 3.1.4.1
"{E8CE0E34-8308-4146-BDB9-B5A9FB5536F1}_is1" = Sniper Elite V2 Version v1.0
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"CrystalDiskInfo_is1" = CrystalDiskInfo 5.0.0
"ElsterFormular" = ElsterFormular
"Guild Wars" = GUILD WARS
"Guild Wars 2" = Guild Wars 2
"Hdd Speed Test Tool_is1" = Hdd Speed Test Tool v. 1.0.14 (RC 1)
"InstallShield_{457D7505-D665-4F95-91C3-ECB8C56E9ACA}" = Easy Tune 6 B12.0801.1
"IsoBuster_is1" = IsoBuster 3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"SopCast" = SopCast 3.0.3
"TeamSpeak 3 Client" = TeamSpeak 3 Client
"UseNeXT_is1" = UseNeXT
"Virtual DJ - Atomix Productions" = Virtual DJ - Atomix Productions
"VLC media player" = VLC media player 0.9.9
"WinISO" = WinISO
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 19.02.2013 15:53:04 | Computer Name = Batman-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ns475E.tmp, Version: 0.0.0.0, Zeitstempel:
 0x43d67499  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7efde000  ID des fehlerhaften Prozesses:
 0xc18  Startzeit der fehlerhaften Anwendung: 0x01ce0edaba4c7e62  Pfad der fehlerhaften
 Anwendung: C:\Users\Batman\AppData\Local\Temp\nsb11BC.tmp\ns475E.tmp  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: f90ed2bc-7acd-11e2-908c-902b3432f49d
 
Error - 19.02.2013 15:53:11 | Computer Name = Batman-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ns677C.tmp, Version: 0.0.0.0, Zeitstempel:
 0x43d67499  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7efde000  ID des fehlerhaften Prozesses:
 0xd4c  Startzeit der fehlerhaften Anwendung: 0x01ce0edabf340f04  Pfad der fehlerhaften
 Anwendung: C:\Users\Batman\AppData\Local\Temp\nsb11BC.tmp\ns677C.tmp  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: fce3b6d9-7acd-11e2-908c-902b3432f49d
 
Error - 19.02.2013 15:53:12 | Computer Name = Batman-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ns6D08.tmp, Version: 0.0.0.0, Zeitstempel:
 0x43d67499  Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
 0x00000000  Ausnahmecode: 0xc0000005  Fehleroffset: 0x7efde000  ID des fehlerhaften Prozesses:
 0x112c  Startzeit der fehlerhaften Anwendung: 0x01ce0edac00aea29  Pfad der fehlerhaften
 Anwendung: C:\Users\Batman\AppData\Local\Temp\nsb11BC.tmp\ns6D08.tmp  Pfad des fehlerhaften
 Moduls: unknown  Berichtskennung: fdba91fe-7acd-11e2-908c-902b3432f49d
 
Error - 20.02.2013 03:50:31 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 05:06:31 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 08:11:47 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 08:28:31 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 12:43:41 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 12:51:29 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 12:59:41 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 20.02.2013 13:13:25 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 03:01:25 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 08:05:31 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 08:26:48 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
Error - 21.02.2013 08:32:06 | Computer Name = Batman-PC | Source = WinMgmt | ID = 10
Description = 
 
[ System Events ]
Error - 12.02.2013 03:20:47 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:47 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:49 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:49 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:49 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:49 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:20:49 | Computer Name = Batman-PC | Source = nvlddmkm | ID = 11141134
Description = 
 
Error - 12.02.2013 03:21:25 | Computer Name = Batman-PC | Source = DCOM | ID = 10010
Description = 
 
Error - 19.02.2013 13:10:13 | Computer Name = Batman-PC | Source = volmgr | ID = 262190
Description = Die Initialisierung des Speicherabbildes ist fehlgeschlagen.
 
Error - 21.02.2013 08:03:54 | Computer Name = Batman-PC | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Server" wurde mit folgendem Fehler beendet:   %%14
 
 
< End of report >
--- --- ---

Betriebssystem und Hardware, falls dies erforderlich ist:
Windows 7 Professional SP1 64bit
Intel i5-3470 3.20 GHz 3.60 GHz
2x 4GB Kingston HyperX Genesis DDR3
Nvidia Geforce GTX 470 OC von Gigabyte
Mainboard Gigabyte GA-Z77X-D3H
2x WD Elements Green 500GB in Raid 0
1x WD Elements 320GB als Backup

Ich hoffe das ich bis hierher alles richtig gemacht habe und würde mich über Hilfestellung zur Beseitigung meines Problems freuen.

Danke im vorraus, MfG Master Stix
Geändert von Master Stix (21.02.2013 um 15:51 Uhr)

 

Themen zu Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar
auslastung, beseitigung, bonjour, browser, computer, crystaldiskinfo, drossel, entfernen, error, firefox, flash player, genesis, google, homepage, install.exe, logfile, maus, nvidia update, plug-in, problem, programm, scan, security, server, software, svchost.exe, taskmanager, teamspeak, trojaner, viren, windows


« Möchte meinen PC Trojaner frei bekommen (auch Trojaner Downloader) | Missbrauch E-mail-Adressen »


Ähnliche Themen: Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar


  1. Malware in Hkcu/Microsoft/Windows/CurrentVersion/Run/BackgroundContainer
    Plagegeister aller Art und deren Bekämpfung - 14.12.2013 (18)
  2. 2 Trojaner gefunden HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|Ytnaopy
    Log-Analyse und Auswertung - 24.05.2013 (56)
  3. Trojaner Trojan.Agent.Gen in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Run¦1
    Log-Analyse und Auswertung - 02.02.2013 (24)
  4. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|dll (Trojan.Agent) -> Daten: C:\Users\Papa\AppData\Roaming\dll\svchost.exe -> Keine Aktio
    Log-Analyse und Auswertung - 13.01.2013 (10)
  5. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 27.10.2012 (31)
  6. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run|12843 (Trojan.Agent) lässt sich nicht entfernen :(
    Plagegeister aller Art und deren Bekämpfung - 16.10.2012 (9)
  7. HKML\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run/14328 (Trojan.Agent) läßt sich nicht entfernen!
    Log-Analyse und Auswertung - 11.10.2012 (27)
  8. (Trojan.ZbotR.Gen) in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{F94BBF9C-6512-2F70-5CF8-03CA54A5F682}
    Log-Analyse und Auswertung - 28.09.2012 (45)
  9. Trojan.Ransom Registry Value HKCU\SOFTWARE\Microsoft\Windows\NT\CurrentVersion\Windows|Load
    Plagegeister aller Art und deren Bekämpfung - 26.08.2012 (10)
  10. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom)
    Plagegeister aller Art und deren Bekämpfung - 20.07.2012 (10)
  11. R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
    Log-Analyse und Auswertung - 22.04.2012 (3)
  12. Gleiches Problem wie Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Sh
    Plagegeister aller Art und deren Bekämpfung - 06.03.2012 (12)
  13. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{975670D0-7EFB-.....
    Plagegeister aller Art und deren Bekämpfung - 29.02.2012 (26)
  14. Backdoor.Agent in HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon|Shell
    Plagegeister aller Art und deren Bekämpfung - 28.01.2012 (13)
  15. Trojaner: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\
    Plagegeister aller Art und deren Bekämpfung - 25.10.2010 (20)
  16. Virus/Rootki Problem:R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyS
    Plagegeister aller Art und deren Bekämpfung - 20.10.2010 (21)
  17. O7 - HKCU\Software\Microsoft\Windows\CurrentVersion\Pol icies\System, DisableRegedit=1
    Mülltonne - 02.12.2008 (0)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar - Hallo liebe Community, habe seit ca. 2-3 Monaten(weiss leider nicht mehr genau) folgendes Problem: Prozessor fährt im Idle oder unter Last(am bestem im Idle nachvollziehbar) nach etwa 3 Minuten hoch - Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar...
Archiv
Du betrachtest: Trojaner in HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run nicht dauerhaft löschbar auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19