Zurück   Trojaner-Board > Malware entfernen > Log-Analyse und Auswertung

Log-Analyse und Auswertung: unknown MBR code, kein Zugriff auf Dokumente und Einstellungen

Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML.

Antwort
Alt 17.03.2013, 10:18   #1
LouCyphre
 
unknown MBR code, kein Zugriff auf Dokumente und Einstellungen - Icon21

unknown MBR code, kein Zugriff auf Dokumente und Einstellungen



Hallo liebe Helfenden,

Ich nutze Windows 7 Home Premium x64 auf meinem Rechner. Zusätzlich ist ein Ubuntu auf einer anderen Partition installiert.
Zuerst ist mir aufgefallen, dass ich keinen Zugriff auf den Ordner Dokumente und Einstellungen habe. Außerdem befindet sich die Datei desktop.ini zwei mal auf meinem Desktop. Habe daraufhin einige Anti-Viren-Scanner laufen lassen aber keine Ergebnisse bekommen.
Ein Scan mit OTL und GMER verzeichnet eine unbekannte MBR. Ich weiß allerdings nicht ob dies mit der gleichzeitigen Installation von Ubuntu zusammenhängen könnte.
OTL gab mir bei Ende des Scans nur das OTL.txt aus, nicht aber die Extras.txt. Während des Scans mit GMER ging Windows in den Blue Screen. Nach einem Neustart konnte ich den Scan jedoch ausführen.
Ich bin mir jedoch nicht sicher, ob der Defogger seine Arbeit richtig verrichtet hat, da er keinen Neustart verlangt hat.

Würde mich über eine schnelle Antwort sehr freuen!
Liebe Grüße
Lou


OTL:
Code:
ATTFilter
OTL logfile created on: 17.03.2013 08:32:17 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\LouCyphre\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16521)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,80 Gb Total Physical Memory | 2,63 Gb Available Physical Memory | 69,06% Memory free
7,60 Gb Paging File | 6,29 Gb Available in Paging File | 82,71% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 97,56 Gb Total Space | 71,72 Gb Free Space | 73,51% Space Free | Partition Type: NTFS
Drive D: | 319,28 Gb Total Space | 135,70 Gb Free Space | 42,50% Space Free | Partition Type: NTFS
 
Computer Name: SHELDON | User Name: LC-Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\LouCyphre\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
PRC - C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe (Safer-Networking Ltd.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\AVG\AVG2013\avgcfgex.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
PRC - C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation)
SRV - (Secunia PSI Agent) -- C:\Program Files (x86)\Secunia\PSI\PSIA.exe (Secunia)
SRV - (Secunia Update Agent) -- C:\Program Files (x86)\Secunia\PSI\sua.exe (Secunia)
SRV - (WDRulesService) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDRulesEngine.exe (Western Digital )
SRV - (WDBackup) -- C:\Program Files (x86)\Western Digital\WD SmartWare\WDBackupEngine.exe (Western Digital )
SRV - (WDDriveService) -- C:\Program Files (x86)\Western Digital\WD Drive Manager\WDDriveService.exe (Western Digital)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (VFPRadioSupportService) -- C:\Programme\CSR\Bluetooth Feature Pack 5.0\VFPRadioSupportService.exe (CSR, plc)
SRV - (PowerSavingUtilityService) -- C:\Programme\Fujitsu\PSUtility\PSUService.exe (FUJITSU LIMITED)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (aswVmm) -- C:\Windows\SysNative\drivers\aswVmm.sys ()
DRV:64bit: - (aswRvrt) -- C:\Windows\SysNative\drivers\aswRvrt.sys ()
DRV:64bit: - (PSI) -- C:\Windows\SysNative\drivers\psi_mf_amd64.sys (Secunia)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek                                            )
DRV:64bit: - (athr) -- C:\Windows\SysNative\drivers\athrx.sys (Atheros Communications, Inc.)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (FUJ02E3) -- C:\Windows\SysNative\drivers\fuj02e3.sys (FUJITSU LIMITED)
DRV:64bit: - (FUJ02B1) -- C:\Windows\SysNative\drivers\fuj02b1.sys (FUJITSU LIMITED)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 4E 88 A0 E0 E7 1A CE 01  [binary data]
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR
IE - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.5: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.10 16:03:00 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.03.10 16:06:14 | 000,000,000 | ---D | M]
 
[2013.03.07 06:02:19 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2013.03.10 16:03:00 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.28 16:42:00 | 000,012,800 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files (x86)\mozilla firefox\plugins\npwachk.dll
[2013.02.27 07:15:10 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013.02.27 07:15:10 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2013.02.27 07:15:10 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2013.02.27 07:15:10 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2013.02.27 07:15:10 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2013.02.27 07:15:10 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2013.03.15 17:07:13 | 000,000,147 | R--- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4:64bit: - HKLM..\Run: [ConMgr] C:\Program Files\CSR\Bluetooth Feature Pack 5.0\ConMgr.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [CSRSkype] C:\Programme\CSR\Bluetooth Feature Pack 5.0\CSRSkype.exe (CSR, plc)
O4:64bit: - HKLM..\Run: [FDM7] C:\Programme\Fujitsu\FDM7\FdmDaemon.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LoadBtnHnd] C:\Programme\Fujitsu\Application Panel\BtnHnd.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [LoadFujitsuQuickTouch] C:\Programme\Fujitsu\Application Panel\QuickTouch.exe (FUJITSU LIMITED)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [PSUTility] C:\Programme\Fujitsu\PSUtility\TrayManager.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [IndicatorUtility] C:\Program Files (x86)\Fujitsu\Fujitsu Hotkey Utility\IndicatorUty.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [LoadFUJ02E3] C:\Program Files (x86)\Fujitsu\FUJ02E3\FUJ02E3.exe (FUJITSU LIMITED)
O4 - HKLM..\Run: [SDTray] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
O4 - HKLM..\Run: [WD Quick View] C:\Program Files (x86)\Western Digital\WD Quick View\WDDMStatus.exe (Western Digital Technologies, Inc.)
O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001..\Run: [Spybot-S&D Cleaning] C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe (Safer-Networking Ltd.)
O4 - HKLM..\RunOnce: [C61C74C1-027C-44FB-8564-7D612365CDC8] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\RunOnce: [WD Smartware Upgrader - Uninstall] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKLM..\RunOnce: [Z1] C:\Windows\SysWow64\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-1001209599-1825881156-2814228711-1001..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - Startup: C:\Users\All Users\Anwendungsdaten [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Application Data [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\AVAST Software [2013.03.10 14:44:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\AVG2013 [2013.03.10 14:50:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\boost_interprocess [2013.03.15 21:40:36 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Common Files [2013.03.10 14:46:29 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\All Users\Desktop [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Documents [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Dokumente [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\F-Secure [2013.03.15 21:40:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Favoriten [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Favorites [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Fujitsu [2013.03.07 12:08:37 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Kaspersky Lab [2013.03.17 07:58:47 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Malwarebytes [2013.03.07 17:42:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\MFAData [2013.03.17 03:54:50 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Microsoft [2013.03.07 12:00:33 | 000,000,000 | --SD | M]
O4 - Startup: C:\Users\All Users\Mozilla [2013.03.10 16:03:03 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\ntuser.dat ()
O4 - Startup: C:\Users\All Users\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\All Users\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285559-8ec9-11e2-a1ca-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285559-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285559-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285564-8ec9-11e2-a1ca-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285564-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\All Users\ntuser.dat{f5285564-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\All Users\Spybot - Search & Destroy [2013.03.07 11:23:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Start Menu [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Startmenü [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Sun [2013.03.08 17:38:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\All Users\Templates [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Vorlagen [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\All Users\Western Digital [2013.03.11 01:49:38 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\Anwendungsdaten [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\AppData [2009.07.14 04:20:08 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\Default\Application Data [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Cookies [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Desktop [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Documents [2013.03.07 03:02:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Downloads [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Druckumgebung [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Eigene Dateien [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Favorites [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Links [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Local Settings [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Lokale Einstellungen [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Music [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\My Documents [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NetHood [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Netzwerkumgebung [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\NTUSER.DAT ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG1 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT.LOG2 ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Default\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Default\Pictures [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\PrintHood [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Recent [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Saved Games [2009.07.14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\Default\SendTo [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Start Menu [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Startmenü [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Templates [2009.07.14 06:08:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Default\Videos [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Default\Vorlagen [2013.03.07 03:02:29 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Anwendungsdaten [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\AppData [2013.03.07 03:45:52 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\LC-Admin\Cookies [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\defogger_reenable ()
O4 - Startup: C:\Users\LC-Admin\Desktop [2013.03.15 03:07:30 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Documents [2013.03.17 07:58:11 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Downloads [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Druckumgebung [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Eigene Dateien [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Favorites [2013.03.07 09:26:14 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Links [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Lokale Einstellungen [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Music [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Netzwerkumgebung [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\ntuser.dat ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{326b11e5-8705-11e2-bcb7-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{326b11e5-8705-11e2-bcb7-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{326b11e5-8705-11e2-bcb7-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4319ddf4-8809-11e2-a922-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4319ddf4-8809-11e2-a922-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4319ddf4-8809-11e2-a922-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4b60cbee-86df-11e2-b080-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4b60cbee-86df-11e2-b080-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{4b60cbee-86df-11e2-b080-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{656fc106-882e-11e2-96c6-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{656fc106-882e-11e2-96c6-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{656fc106-882e-11e2-96c6-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{86ddfe80-8984-11e2-a152-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{86ddfe80-8984-11e2-a152-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{86ddfe80-8984-11e2-a152-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{adc71f8c-89da-11e2-90de-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{adc71f8c-89da-11e2-90de-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{adc71f8c-89da-11e2-90de-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{e171c057-871a-11e2-bcd6-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{e171c057-871a-11e2-bcd6-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\NTUSER.DAT{e171c057-871a-11e2-bcd6-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{e5cb63e1-89d4-11e2-9fd2-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{e5cb63e1-89d4-11e2-9fd2-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.dat{e5cb63e1-89d4-11e2-9fd2-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LC-Admin\ntuser.ini ()
O4 - Startup: C:\Users\LC-Admin\Pictures [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Recent [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Saved Games [2009.07.14 03:34:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Users\LC-Admin\Searches [2013.03.15 03:10:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\SendTo [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Startmenü [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LC-Admin\Videos [2009.07.14 03:34:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LC-Admin\Vorlagen [2013.03.07 03:45:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Anwendungsdaten [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\AppData [2013.03.07 03:02:36 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Users\LouCyphre\Contacts [2013.03.10 23:51:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Cookies [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Desktop [2013.03.17 08:29:25 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Documents [2013.03.11 02:15:32 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Downloads [2013.03.14 22:44:23 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Druckumgebung [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Eigene Dateien [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Favorites [2013.03.10 23:51:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Links [2013.03.10 23:51:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Lokale Einstellungen [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Music [2013.03.10 23:51:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Netzwerkumgebung [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\ntuser.dat ()
O4 - Startup: C:\Users\LouCyphre\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\LouCyphre\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\LouCyphre\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf ()
O4 - Startup: C:\Users\LouCyphre\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LouCyphre\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LouCyphre\ntuser.dat{86ddfe7c-8984-11e2-a152-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\LouCyphre\ntuser.dat{86ddfe7c-8984-11e2-a152-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\LouCyphre\ntuser.dat{86ddfe7c-8984-11e2-a152-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\LouCyphre\ntuser.ini ()
O4 - Startup: C:\Users\LouCyphre\Pictures [2013.03.10 23:51:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Recent [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Saved Games [2013.03.10 23:51:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Searches [2013.03.10 23:51:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\SendTo [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Startmenü [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\LouCyphre\Videos [2013.03.10 23:51:46 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\LouCyphre\Vorlagen [2013.03.07 03:02:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Users\Public\Desktop [2013.03.14 22:35:08 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Documents [2013.03.07 03:02:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Downloads [2009.07.14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Favorites [2009.07.14 03:34:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Libraries [2013.03.07 03:53:23 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Users\Public\Music [2009.07.14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\ntuser.dat ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG1 ()
O4 - Startup: C:\Users\Public\ntuser.dat.LOG2 ()
O4 - Startup: C:\Users\Public\ntuser.dat{f5285560-8ec9-11e2-a1ca-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{f5285560-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{f5285560-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{f528556b-8ec9-11e2-a1ca-4cedde8ad171}.TM.blf ()
O4 - Startup: C:\Users\Public\ntuser.dat{f528556b-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000001.regtrans-ms ()
O4 - Startup: C:\Users\Public\ntuser.dat{f528556b-8ec9-11e2-a1ca-4cedde8ad171}.TMContainer00000000000000000002.regtrans-ms ()
O4 - Startup: C:\Users\Public\Pictures [2009.07.14 05:54:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Recorded TV [2009.07.14 19:18:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Users\Public\Videos [2009.07.14 05:54:24 | 000,000,000 | R--D | M]
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 4
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHelper.dll (Safer-Networking Ltd.)
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6FC1CBF2-4295-4A95-B692-7CE3F6ED2CB6}: DhcpNameServer = 192.168.1.1
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\SDWinLogon: DllName - (SDWinLogon.dll) -  File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.17 07:57:38 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.03.17 07:57:38 | 000,000,000 | -HSD | C] -- \Config.Msi
[2013.03.15 21:40:53 | 000,000,000 | ---D | C] -- C:\ProgramData\F-Secure
[2013.03.15 21:40:36 | 000,000,000 | ---D | C] -- C:\ProgramData\boost_interprocess
[2013.03.15 16:43:30 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\DRVSTORE
[2013.03.15 16:43:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Lab
[2013.03.15 13:47:01 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET
[2013.03.15 03:10:48 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Searches
[2013.03.14 22:48:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.03.14 22:48:24 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.03.14 22:48:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.03.14 13:00:25 | 000,000,000 | ---D | C] -- C:\.Trash-1000
[2013.03.14 13:00:25 | 000,000,000 | ---D | C] -- \.Trash-1000
[2013.03.11 01:49:38 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2013.03.11 01:11:07 | 000,000,000 | ---D | C] -- C:\Program Files\DIFX
[2013.03.11 01:11:06 | 000,000,000 | ---D | C] -- C:\Program Files\WDCSAM
[2013.03.11 00:43:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WD Link
[2013.03.11 00:30:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Western Digital
[2013.03.11 00:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Western Digital
[2013.03.10 16:09:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Secunia
[2013.03.10 16:07:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XnView
[2013.03.10 16:07:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\XnView
[2013.03.10 16:06:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Winamp
[2013.03.10 16:06:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp Detect
[2013.03.10 16:06:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\PX Storage Engine
[2013.03.10 16:06:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Winamp
[2013.03.10 16:04:40 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\FreeTime
[2013.03.10 16:03:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Defraggler
[2013.03.10 16:03:50 | 000,000,000 | ---D | C] -- C:\Program Files\Defraggler
[2013.03.10 16:03:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla
[2013.03.10 16:03:02 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service
[2013.03.10 14:50:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
[2013.03.10 14:49:58 | 000,000,000 | -H-D | C] -- C:\$AVG
[2013.03.10 14:49:58 | 000,000,000 | -H-D | C] -- \$AVG
[2013.03.10 14:49:58 | 000,000,000 | ---D | C] -- C:\ProgramData\AVG2013
[2013.03.10 14:48:43 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG
[2013.03.10 14:46:29 | 000,000,000 | -H-D | C] -- C:\ProgramData\Common Files
[2013.03.10 14:46:29 | 000,000,000 | ---D | C] -- C:\ProgramData\MFAData
[2013.03.08 21:14:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Areca
[2013.03.08 17:38:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Sun
[2013.03.08 17:38:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java
[2013.03.08 17:37:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java
[2013.03.08 17:13:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Western Digital
[2013.03.07 17:42:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.03.07 12:27:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bluetooth Feature Pack 5.0
[2013.03.07 12:26:58 | 000,000,000 | ---D | C] -- C:\Program Files\CSR
[2013.03.07 12:24:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Fujitsu Display Manager
[2013.03.07 12:20:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Power Saving Utility
[2013.03.07 12:19:40 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LifeBook Application Panel
[2013.03.07 12:18:26 | 000,000,000 | ---D | C] -- C:\Program Files\Fujitsu
[2013.03.07 12:17:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Fujitsu
[2013.03.07 12:15:42 | 000,000,000 | ---D | C] -- C:\Program Files\Synaptics
[2013.03.07 12:14:21 | 000,000,000 | -H-D | C] -- C:\Program Files (x86)\InstallShield Installation Information
[2013.03.07 12:14:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Realtek
[2013.03.07 12:12:43 | 000,053,248 | ---- | C] (Windows XP Bundled build C-Centric Single User) -- C:\Windows\SysWow64\CSVer.dll
[2013.03.07 12:08:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Fujitsu
[2013.03.07 10:12:07 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA%
[2013.03.07 09:56:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.0
[2013.03.07 09:55:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\LibreOffice 4.0
[2013.03.07 09:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.03.07 09:46:54 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[2013.03.07 09:45:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
[2013.03.07 09:45:39 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Foxit Software
[2013.03.07 09:30:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavalys
[2013.03.07 09:30:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Lavalys
[2013.03.07 09:25:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
[2013.03.07 09:25:52 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2013.03.07 07:08:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft.NET
[2013.03.07 06:02:16 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox
[2013.03.07 05:42:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Spybot - Search & Destroy
[2013.03.07 05:42:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
[2013.03.07 05:42:05 | 000,017,272 | ---- | C] (Safer Networking Limited) -- C:\Windows\SysNative\sdnclean64.exe
[2013.03.07 05:42:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spybot - Search & Destroy 2
[2013.03.07 05:32:33 | 000,287,840 | ---- | C] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
[2013.03.07 05:31:54 | 000,000,000 | -HSD | C] -- C:\Windows\Installer
[2013.03.07 05:31:30 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2013.03.07 05:29:50 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software
[2013.03.07 04:59:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Intel
[2013.03.07 04:59:11 | 000,000,000 | ---D | C] -- C:\Intel
[2013.03.07 04:59:11 | 000,000,000 | ---D | C] -- \Intel
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Videos
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Pictures
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Music
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Links
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Favorites
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Downloads
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Documents
[2013.03.07 03:45:52 | 000,000,000 | R--D | C] -- C:\Users\LC-Admin\Desktop
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Vorlagen
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Startmenü
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\SendTo
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Recent
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Netzwerkumgebung
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Lokale Einstellungen
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Eigene Dateien
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Druckumgebung
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Cookies
[2013.03.07 03:45:52 | 000,000,000 | -HSD | C] -- C:\Users\LC-Admin\Anwendungsdaten
[2013.03.07 03:45:52 | 000,000,000 | -H-D | C] -- C:\Users\LC-Admin\AppData
[2013.03.07 03:45:52 | 000,000,000 | ---D | C] -- C:\Users\LC-Admin\Saved Games
[2013.03.07 03:37:53 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\SPReview
[2013.03.07 03:08:41 | 000,116,224 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysNative\fms.dll
[2013.03.07 03:08:11 | 000,093,696 | ---- | C] (Windows (R) Codename Longhorn DDK provider) -- C:\Windows\SysWow64\fms.dll
[2013.03.07 03:06:10 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\EventProviders
[2013.03.07 03:02:30 | 000,000,000 | -HSD | C] -- C:\Recovery
[2013.03.07 03:02:30 | 000,000,000 | -HSD | C] -- \Recovery
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Vorlagen
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Startmenü
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Programme
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- \Programme
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Program Files\Gemeinsame Dateien
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Favoriten
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Videos
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Musik
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Users\Public\Documents\Eigene Bilder
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\Dokumente und Einstellungen
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- \Dokumente und Einstellungen
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Dokumente
[2013.03.07 03:02:29 | 000,000,000 | -HSD | C] -- C:\ProgramData\Anwendungsdaten
[2013.03.07 02:50:52 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution
[2013.03.07 02:48:19 | 000,000,000 | ---D | C] -- C:\Windows\Prefetch
[2013.03.07 02:47:51 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2013.03.07 02:47:51 | 000,000,000 | -HSD | C] -- \System Volume Information
[2013.03.07 02:47:10 | 000,000,000 | ---D | C] -- C:\Windows\Panther
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.17 08:30:01 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 08:30:01 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.17 08:28:50 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.17 08:28:50 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.17 08:28:50 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.17 08:28:50 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.17 08:28:50 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.17 08:22:34 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.17 08:22:32 | 3061,227,520 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.17 03:49:40 | 000,322,192 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 17:07:13 | 000,000,147 | R--- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2013.03.15 15:18:26 | 000,000,000 | ---- | M] () -- C:\Users\LC-Admin\defogger_reenable
[2013.03.14 22:36:58 | 000,025,185 | ---- | M] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.14 22:36:53 | 000,025,185 | ---- | M] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.11 00:43:30 | 000,002,082 | ---- | M] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.03.10 16:09:20 | 000,001,116 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.10 14:25:46 | 000,000,000 | ---- | M] () -- C:\Windows\SysWow64\config.nt
[2013.03.07 12:15:46 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.03.07 07:27:30 | 002,504,624 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
[2013.03.07 03:05:34 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.07 02:51:40 | 000,056,735 | ---- | M] () -- C:\Windows\SysWow64\license.rtf
[2013.03.07 02:51:39 | 000,056,735 | ---- | M] () -- C:\Windows\SysNative\license.rtf
[2013.02.28 09:36:34 | 000,177,672 | ---- | M] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.02.28 09:36:33 | 000,065,408 | ---- | M] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.02.28 09:35:43 | 000,287,840 | ---- | M] (AVAST Software) -- C:\Windows\SysNative\aswBoot.exe
 
========== Files Created - No Company Name ==========
 
[2013.03.17 03:49:23 | 000,322,192 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.03.15 15:18:26 | 000,000,000 | ---- | C] () -- C:\Users\LC-Admin\defogger_reenable
[2013.03.14 22:36:58 | 000,025,185 | ---- | C] () -- C:\Windows\SysWow64\ieuinit.inf
[2013.03.14 22:36:53 | 000,025,185 | ---- | C] () -- C:\Windows\SysNative\ieuinit.inf
[2013.03.11 00:43:30 | 000,002,082 | ---- | C] () -- C:\Users\Public\Desktop\WD Link.lnk
[2013.03.10 16:09:20 | 000,001,116 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk
[2013.03.10 16:09:20 | 000,001,079 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Secunia PSI.lnk
[2013.03.07 12:15:46 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_SynTP_01009.Wdf
[2013.03.07 07:19:41 | 002,504,624 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\wubi.exe
[2013.03.07 06:47:22 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2013.03.07 06:43:27 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2013.03.07 06:02:20 | 000,001,169 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
[2013.03.07 05:42:11 | 000,002,195 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
[2013.03.07 05:32:37 | 000,177,672 | ---- | C] () -- C:\Windows\SysNative\drivers\aswVmm.sys
[2013.03.07 05:32:36 | 000,065,408 | ---- | C] () -- C:\Windows\SysNative\drivers\aswRvrt.sys
[2013.03.07 05:32:34 | 000,000,000 | ---- | C] () -- C:\Windows\SysWow64\config.nt
[2013.03.07 03:08:55 | 000,347,904 | ---- | C] () -- C:\Windows\SysNative\systemsf.ebd
[2013.03.07 03:08:41 | 000,001,041 | ---- | C] () -- C:\Windows\SysWow64\tcpbidi.xml
[2013.03.07 03:08:13 | 000,010,429 | ---- | C] () -- C:\Windows\SysNative\ScavengeSpace.xml
[2013.03.07 03:08:12 | 000,105,559 | ---- | C] () -- C:\Windows\SysWow64\RacRules.xml
[2013.03.07 03:08:12 | 000,105,559 | ---- | C] () -- C:\Windows\SysNative\RacRules.xml
[2013.03.07 03:05:34 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_User_WpdFs_01_09_00.Wdf
[2013.03.07 02:51:31 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
[2013.03.07 02:51:29 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
[2013.03.07 02:47:51 | 3061,227,520 | -HS- | C] () -- C:\hiberfil.sys
[2013.03.07 02:47:51 | 3061,227,520 | -HS- | C] () -- \hiberfil.sys
[2012.01.10 22:27:26 | 000,867,020 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2012.01.10 22:27:26 | 000,128,204 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2012.01.10 22:27:26 | 000,105,608 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2012.01.10 21:29:54 | 013,904,384 | ---- | C] () -- C:\Windows\SysWow64\ig4icd32.dll
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== LOP Check ==========
 
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Anwendungsdaten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Application Data
[2013.03.10 14:44:43 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVAST Software
[2013.03.10 14:50:52 | 000,000,000 | ---D | M] -- C:\Users\All Users\AVG2013
[2013.03.15 21:40:36 | 000,000,000 | ---D | M] -- C:\Users\All Users\boost_interprocess
[2013.03.10 14:46:29 | 000,000,000 | -H-D | M] -- C:\Users\All Users\Common Files
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Desktop
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Documents
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Dokumente
[2013.03.15 21:40:53 | 000,000,000 | ---D | M] -- C:\Users\All Users\F-Secure
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favoriten
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Favorites
[2013.03.07 12:08:37 | 000,000,000 | ---D | M] -- C:\Users\All Users\Fujitsu
[2013.03.17 03:54:50 | 000,000,000 | ---D | M] -- C:\Users\All Users\MFAData
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Start Menu
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Templates
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\All Users\Vorlagen
[2013.03.11 01:49:38 | 000,000,000 | ---D | M] -- C:\Users\All Users\Western Digital
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Anwendungsdaten
[2009.07.14 04:20:08 | 000,000,000 | -H-D | M] -- C:\Users\Default\AppData
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Application Data
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Cookies
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Desktop
[2013.03.07 03:02:29 | 000,000,000 | R--D | M] -- C:\Users\Default\Documents
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Downloads
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Druckumgebung
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Eigene Dateien
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Favorites
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Links
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Local Settings
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Lokale Einstellungen
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Music
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\My Documents
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\NetHood
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Netzwerkumgebung
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Pictures
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\PrintHood
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Recent
[2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\Default\Saved Games
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\SendTo
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Start Menu
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Startmenü
[2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Users\Default\Templates
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\Default\Videos
[2013.03.07 03:02:29 | 000,000,000 | -HSD | M] -- C:\Users\Default\Vorlagen
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Anwendungsdaten
[2013.03.07 03:45:52 | 000,000,000 | -H-D | M] -- C:\Users\LC-Admin\AppData
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Cookies
[2013.03.15 03:07:30 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Desktop
[2013.03.17 07:58:11 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Documents
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Downloads
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Druckumgebung
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Eigene Dateien
[2013.03.07 09:26:14 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Favorites
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Links
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Lokale Einstellungen
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Music
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Netzwerkumgebung
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Pictures
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Recent
[2009.07.14 03:34:59 | 000,000,000 | ---D | M] -- C:\Users\LC-Admin\Saved Games
[2013.03.15 03:10:48 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Searches
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\SendTo
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Startmenü
[2009.07.14 03:34:59 | 000,000,000 | R--D | M] -- C:\Users\LC-Admin\Videos
[2013.03.07 03:45:52 | 000,000,000 | -HSD | M] -- C:\Users\LC-Admin\Vorlagen
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Anwendungsdaten
[2013.03.07 03:02:36 | 000,000,000 | -H-D | M] -- C:\Users\LouCyphre\AppData
[2013.03.10 23:51:46 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Contacts
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Cookies
[2013.03.17 08:29:25 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Desktop
[2013.03.11 02:15:32 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Documents
[2013.03.14 22:44:23 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Downloads
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Druckumgebung
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Eigene Dateien
[2013.03.10 23:51:48 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Favorites
[2013.03.10 23:51:55 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Links
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Lokale Einstellungen
[2013.03.10 23:51:48 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Music
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Netzwerkumgebung
[2013.03.10 23:51:46 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Pictures
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Recent
[2013.03.10 23:51:48 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Saved Games
[2013.03.10 23:51:48 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Searches
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\SendTo
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Startmenü
[2013.03.10 23:51:46 | 000,000,000 | R--D | M] -- C:\Users\LouCyphre\Videos
[2013.03.07 03:02:36 | 000,000,000 | -HSD | M] -- C:\Users\LouCyphre\Vorlagen
[2013.03.14 22:35:08 | 000,000,000 | RH-D | M] -- C:\Users\Public\Desktop
[2013.03.07 03:02:29 | 000,000,000 | R--D | M] -- C:\Users\Public\Documents
[2009.07.14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Downloads
[2009.07.14 03:34:59 | 000,000,000 | RH-D | M] -- C:\Users\Public\Favorites
[2013.03.07 03:53:23 | 000,000,000 | RH-D | M] -- C:\Users\Public\Libraries
[2009.07.14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Music
[2009.07.14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Pictures
[2009.07.14 19:18:18 | 000,000,000 | R--D | M] -- C:\Users\Public\Recorded TV
[2009.07.14 05:54:24 | 000,000,000 | R--D | M] -- C:\Users\Public\Videos
 
========== Purity Check ==========
 
 

< End of report >
         
Gmer:
Code:
ATTFilter
GMER 2.1.19155 - hxxp://www.gmer.net
Rootkit scan 2013-03-17 09:36:06
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 ST950032 rev.0001 465,76GB
Running: gmer_2.1.19155.exe; Driver: C:\Users\LC-Admin\AppData\Local\Temp\pwrdypod.sys


---- User code sections - GMER 2.1 ----

.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69   0000000075761465 2 bytes [76, 75]
.text  C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe[1656] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155  00000000757614bb 2 bytes [76, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                      0000000075761465 2 bytes [76, 75]
.text  C:\Program Files (x86)\Secunia\PSI\PSIA.exe[1200] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                     00000000757614bb 2 bytes [76, 75]
.text  ...                                                                                                                            * 2
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69                       0000000075761465 2 bytes [76, 75]
.text  C:\Program Files (x86)\Secunia\PSI\sua.exe[1608] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155                      00000000757614bb 2 bytes [76, 75]
.text  ...                                                                                                                            * 2

---- Registry - GMER 2.1 ----

Reg    HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\4cedde8ad171                                                    
Reg    HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\4cedde8ad171 (not active ControlSet)                                

---- Disk sectors - GMER 2.1 ----

Disk   \Device\Harddisk0\DR0                                                                                                          unknown MBR code

---- EOF - GMER 2.1 ----
         

Antwort

Themen zu unknown MBR code, kein Zugriff auf Dokumente und Einstellungen
application/pdf:, aswrvrt.sys, avast, avg, bho, boost_interprocess, desktop.ini, dokumente und eistellungen, einstellungen, explorer, firefox, format, harddisk, home, hotkey, hängen, installation, kaspersky, logfile, malwarebytes, microsoft, neustart, ordner, plug-in, programme, realtek, registry, safer networking, secunia psi, software, unknown mbr, windows, windows xp, winlogon




Ähnliche Themen: unknown MBR code, kein Zugriff auf Dokumente und Einstellungen


  1. Pc spinnt / Unknown MBR Code... Bootkit?
    Log-Analyse und Auswertung - 27.10.2015 (11)
  2. Win8.1 - unknown MBR Code aber keine Funde - TaskManager zeigte Zugriff Verweigert
    Plagegeister aller Art und deren Bekämpfung - 24.08.2014 (18)
  3. TR/Injector.gi in C:\Dokumente und Einstellungen\Test\Lokale Einstellungen\Temp\qxtndqxofj.pre
    Log-Analyse und Auswertung - 01.06.2013 (3)
  4. TR/Agent.73728.15 in C:\Dokumente und Einstellungen\Alexander\deadorziwaty.exe und \Lokale Einstellungen\Temp\1463906.exe
    Log-Analyse und Auswertung - 21.12.2012 (27)
  5. 'TR/Crypt.ZPACK.Gen' in C:\Dokumente und Einstellungen\HP_Administrator\Lokale Einstellungen\Temporary Internet Files\Content.IE5\4HYRSHM3\
    Plagegeister aller Art und deren Bekämpfung - 04.09.2012 (1)
  6. Trojan horse Dropper.Generic5.TDZ in C:\Dokumente und Einstellungen\Besitzer\Lokale Einstellungen\Te
    Plagegeister aller Art und deren Bekämpfung - 28.02.2012 (31)
  7. C:\Dokumente und Einstellungen\mein name\Lokale Einstellungen\Temp csrss.exe Win32.FakeAlert.tt
    Plagegeister aller Art und deren Bekämpfung - 11.03.2011 (8)
  8. HTML/Malicious.PDF.Gen in C:\Dokumente und Einstellungen\admin\Lokale Einstellungen gefunden.
    Plagegeister aller Art und deren Bekämpfung - 25.08.2010 (1)
  9. TR/Crypt.ZPACK.Gen in C:/Dokumente und Einstellungen/***/Lokale Einstellungen/Temp
    Plagegeister aller Art und deren Bekämpfung - 26.04.2010 (3)
  10. TR/PSW.Kates.CA.7 - C:\Dokumente und Einstellungen\Alle\Lokale Einstellungen\Temp\...
    Log-Analyse und Auswertung - 16.04.2010 (18)
  11. TR/Crypt.ZPACK.Gen in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\
    Plagegeister aller Art und deren Bekämpfung - 10.04.2010 (17)
  12. Trojaner in C:\Dokumente und Einstellungen\Lokale Einstellungen\Temp\Igl.exe
    Plagegeister aller Art und deren Bekämpfung - 24.03.2010 (3)
  13. Exploit.JS.Pdfka.bvg in C:\Dokumente und Einstellungen\xxx\Lokale Einstellungen\temp\
    Plagegeister aller Art und deren Bekämpfung - 19.03.2010 (8)
  14. TR/Agent.vB.jah in C:\Dokumente und Einstellungen\***\yeioz.exe
    Plagegeister aller Art und deren Bekämpfung - 12.02.2010 (1)
  15. C:\Dokumente und Einstellungen\***\22491.exe
    Plagegeister aller Art und deren Bekämpfung - 06.01.2010 (10)
  16. Patched.DY.1 in C:\Dokumente und Einstellungen\***\Lokale Einstellungen\Temp\tmpF.
    Plagegeister aller Art und deren Bekämpfung - 11.03.2009 (5)
  17. Vista & Programme bzw. Dokumente und Einstellungen
    Alles rund um Windows - 05.11.2008 (4)

Zum Thema unknown MBR code, kein Zugriff auf Dokumente und Einstellungen - Hallo liebe Helfenden, Ich nutze Windows 7 Home Premium x64 auf meinem Rechner. Zusätzlich ist ein Ubuntu auf einer anderen Partition installiert. Zuerst ist mir aufgefallen, dass ich keinen Zugriff - unknown MBR code, kein Zugriff auf Dokumente und Einstellungen...
Archiv
Du betrachtest: unknown MBR code, kein Zugriff auf Dokumente und Einstellungen auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.