| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner (Rechner läuft aber noch)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.06.2013, 16:32
| #16 |
 |  GVU Trojaner (Rechner läuft aber noch) Hi, hier kommen die Einträge als pdf. Ich muss zugeben, dass ich bei vielen nicht weiß, wofür sie taugen. Die meisten sind bei den automatischen Updates dabei, aber ob sie aktuell noch gebraucht werden...??? |
|
18.06.2013, 15:05
| #17 |
| /// Malware-holic   | GVU Trojaner (Rechner läuft aber noch) bitte nicht als pdf, sondern im originalformat txt
__________________
__________________ |
|
18.06.2013, 18:59
| #18 |
| | GVU Trojaner (Rechner läuft aber noch) Ok, dann hier als Text:
__________________Adobe AIR Adobe Systems Incorporated 01.06.2013 3.7.0.1860 unbekannt Adobe Community Help Adobe Systems Incorporated 01.06.2013 3.2.1.650 unbekannt Adobe Digital Editions 2.0 Adobe Systems Incorporated 08.11.2012 15,3MB 2.0 unbekannt Adobe Flash Player 10 ActiveX 64-bit Adobe Systems Incorporated 11.06.2011 6,00MB 10.3.162.28 unbekannt Adobe Flash Player 10 Plugin 64-bit Adobe Systems Incorporated 24.06.2011 6,00MB 10.3.162.28 unbekannt Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 11.06.2013 6,00MB 11.7.700.224 unbekannt Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.06.2013 6,00MB 11.7.700.224 unbekannt Adobe Photoshop Elements 9 Adobe Systems Incorporated 01.06.2013 2,60GB 9.0.3.0 notwendig Adobe Reader XI (11.0.03) – Deutsch Adobe Systems Incorporated 17.05.2013 133MB 11.0.03 notwendig Adobe Shockwave Player 11.6 Adobe Systems, Inc. 24.06.2012 11.6.5.635 notwendig Advanced Audio FX Engine Creative Technology Ltd 16.03.2011 1.12.05 unbekannt Apple Application Support Apple Inc. 21.05.2013 64,7MB 2.3.4 unbekannt Apple Mobile Device Support Apple Inc. 09.03.2013 25,2MB 6.1.0.13 unbekannt Apple Software Update Apple Inc. 17.05.2012 2,38MB 2.1.3.127 notwendig Art Effects for Magix NewBlue 20.04.2012 1.4 notwendig Avira Free Antivirus Avira 07.05.2013 126MB 13.0.0.3640 notwendig Bonjour Apple Inc. 16.10.2011 2,04MB 3.0.0.10 unbekannt CCleaner Piriform 24.05.2013 4.02 unbekannt Dell DataSafe Local Backup Dell 15.03.2011 9.4.47 unbekannt Dell DataSafe Local Backup - Support Dell 15.03.2011 unbekannt Dell DataSafe Online Dell 15.03.2011 6,46MB 2.1.19634 unbekannt Dell Driver Download Manager Dell Inc. 25.06.2011 2.1.0.0 notwendig Dell Getting Started Guide Dell Inc. 15.03.2011 1.00.0000 unbekannt Dell Mobile Broadband Manager Dell 15.03.2011 6.1.24.2 notwendig Dell MusicStage Fingertapps 15.03.2011 1.4.162.0 unbekannt Dell PhotoStage ArcSoft 15.03.2011 101MB 1.5.0.130 unbekannt Dell Product Registration Dell Inc. 15.03.2011 1.0.6 unbekannt Dell Stage Fingertapps 15.03.2011 1.4.173.0 unbekannt Dell VideoStage CyberLink Corp. 15.03.2011 1.1.1.1303 unbekannt Dell Wireless HSPA Mini-Card Drivers Dell 25.06.2011 6.3.3.6 notwendig Digital Line Detect BVRP Software, Inc 25.06.2011 1.21 unbekannt Distortion Control Data Nikon 11.06.2013 40,0KB 1.00.0000 notwendig eBay eBay Inc. 15.03.2011 1.4.0 unnötig EPSON-Drucker-Software SEIKO EPSON Corporation 30.05.2011 unnötig Firebird SQL Server - MAGIX Edition MAGIX AG 20.04.2012 11,5MB 2.1.31.0 notwendig Google Earth Google 14.03.2013 173MB 7.0.3.8542 notwendig Haufe iDesk-Browser Haufe-Lexware 20.03.2011 26,7MB 10.10.14.0000 unbekannt Haufe iDesk-Service Haufe 20.03.2011 136MB 10.10.25.7810 unbekannt Intel(R) Management Engine Components Intel Corporation 23.01.2013 7.0.0.1144 notwendig Intel(R) Processor Graphics Intel Corporation 03.02.2013 9.17.10.2932 notwendig Intel(R) PROSet/Wireless for Bluetooth(R) + High Speed Intel Corporation 04.05.2013 5,32MB 15.2.0.0284 notwendig Intel(R) Rapid Storage Technology Intel Corporation 04.05.2013 10.1.2.1004 notwendig Intel(R) Wireless Display Intel Corporation 25.06.2011 119MB 2.0.27.0 notwendig Intel® PROSet/Wireless WiFi-Software Intel Corporation 04.05.2013 193MB 15.02.0000.1258 notwendig Intel® PROSet/Wireless WiMAX Software Intel Corporation 25.06.2011 14,7MB 6.01.0000 notwendig iTunes Apple Inc. 21.05.2013 187MB 11.0.3.42 notwendig Java(TM) 6 Update 23 (64-bit) Oracle 15.03.2011 90,8MB 6.0.230 unbekannt Java(TM) 6 Update 31 Oracle 04.03.2012 95,1MB 6.0.310 unbekannt Java(TM) 7 Update 5 Oracle 13.06.2012 99,3MB 7.0.50 unbekannt JavaFX 2.1.1 Oracle Corporation 13.06.2012 20,8MB 2.1.1 unbekannt JMicron Flash Media Controller Driver JMicron Technology Corp. 25.06.2011 1.0.55.0 unbekannt Konz 2012 USM 20.01.2012 273KB 1.00.0000 notwendig Konz 2013 USM 01.01.2013 273KB 1.00.0000 notwendig Kyodai Mahjongg 2006 v1.42 Rene-Gilles Deberdt 20.03.2011 notwendig Lexware Info Service Haufe-Lexware 20.03.2011 12,4MB 2.70.00.0081 notwendig MAGIX Foto Designer 7 MAGIX AG 24.04.2012 7.0.1.1 notwendig MAGIX Foto Manager 10 MAGIX AG 20.04.2012 8.0.2.184 notwendig MAGIX Fotos auf DVD MX Deluxe Sonderedition MAGIX AG 20.04.2012 11.0.4.86 notwendig MAGIX Online Druck Service myphotobook GmbH 02.05.2012 1.4.1 notwendig MAGIX Screenshare MAGIX AG 20.04.2012 4.3.6.1987 notwendig MAGIX Speed burnR (MSI) MAGIX AG 20.04.2012 7.0.2.6 notwendig Malwarebytes Anti-Malware Version 1.75.0.1300 Malwarebytes Corporation 16.06.2013 19,2MB 1.75.0.1300 unbekannt Microsoft .NET Framework 4 Client Profile Microsoft Corporation 19.03.2011 38,8MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 19.03.2011 2,93MB 4.0.30319 unbekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 08.03.2012 51,9MB 4.0.30319 unbekannt Microsoft Office Enterprise 2007 Microsoft Corporation 11.11.2011 12.0.6612.1000 unbekannt Microsoft Office File Validation Add-In Microsoft Corporation 14.09.2011 7,95MB 14.0.5130.5003 unbekannt Microsoft Office Live Add-in 1.5 Microsoft Corporation 18.04.2012 508KB 2.0.4024.1 unbekannt Microsoft Silverlight Microsoft Corporation 14.03.2013 149MB 5.1.20125.0 unbekannt Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 15.03.2011 1,69MB 3.1.0000 unbekannt Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 19.03.2011 252KB 8.0.50727.4053 unbekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 16.06.2011 300KB 8.0.59193 unbekannt Microsoft Visual C++ 2005 Redistributable (x64) Microsoft Corporation 16.11.2012 838KB 8.0.61000 unbekannt Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Corporation 11.05.2011 198KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 11.05.2011 598KB 9.0.30729.5570 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 25.06.2011 788KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 26.06.2011 788KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Corporation 11.05.2013 1,41MB 9.0.21022 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Corporation 10.05.2011 608KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 17.05.2011 230KB 9.0.30729 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.01.2012 222KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 20.03.2012 13,8MB 10.0.40219 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 09.10.2011 16,5MB 10.0.40219 unbekannt Modem Diagnostic Tool Dell 25.06.2011 1,22MB 1.0.28.0 unbekannt MSXML 4.0 SP2 (KB954430) Microsoft Corporation 19.03.2011 1,27MB 4.20.9870.0 unbekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 19.03.2011 1,33MB 4.20.9876.0 unbekannt MSXML 4.0 SP3 Parser Microsoft Corporation 20.04.2012 1,47MB 4.30.2100.0 unbekannt MSXML 4.0 SP3 Parser (KB2721691) Microsoft Corporation 11.07.2012 1,53MB 4.30.2114.0 unbekannt MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 10.01.2013 1,54MB 4.30.2117.0 unbekannt MSXML 4.0 SP3 Parser (KB973685) Microsoft Corporation 20.04.2012 1,53MB 4.30.2107.0 unbekannt My Dell PC-Doctor, Inc. 24.05.2013 128MB 3.3.6261.27 notwendig MyTomTom 3.2.0.1116 TomTom 07.06.2013 3.2.0.1116 notwendig Netwaiting BVRP Software, Inc 25.06.2011 2.5.59 unbekannt Nightly 19.0a1 (x64 en-US) Mozilla 16.10.2012 50,0MB 19.0a1 notwendig Nikon Message Center 2 Nikon 19.03.2012 9,42MB 2.1.0 notwendig Nikon Movie Editor Nikon 16.04.2012 30,1MB 2.3.1 notwendig Nokia Connectivity Cable Driver Nokia 20.07.2012 3,95MB 7.1.78.0 notwendig Nokia PC Suite Nokia 24.08.2012 7.1.180.94 notwendig Nokia Software Updater Nokia Corporation 05.05.2013 50,7MB 3.0.655 notwendig Nokia Suite Nokia 24.08.2012 3.5.34.0 notwendig NVIDIA Grafiktreiber 320.18 NVIDIA Corporation 23.05.2013 320.18 notwendig NVIDIA PhysX-Systemsoftware 9.12.0213 NVIDIA Corporation 13.06.2012 9.12.0213 notwendig NVIDIA Update 1.10.8 NVIDIA Corporation 14.10.2012 1.10.8 notwendig PC Connectivity Solution Nokia 24.08.2012 21,2MB 12.0.32.0 notwendig Picture Control Utility Nikon 17.05.2011 19,6MB 1.2.2 notwendig Picture Control Utility x64 Nikon 16.04.2012 38,2MB 1.4.3 notwendig Quickset64 Dell Inc. 15.03.2011 11.0.10 notwendig QuickTime Apple Inc. 25.05.2013 74,6MB 7.74.80.86 notwendig Realtek Ethernet Controller Driver Realtek 25.06.2011 7.41.216.2011 unbekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 04.05.2013 6.0.1.6312 unbekannt Renesas Electronics USB 3.0 Host Controller Driver Renesas Electronics Corporation 25.06.2011 1,01MB 2.0.34.0 unbekannt Roxio Burn Roxio 19.03.2011 58,5MB 1.8.57.4 notwendig Roxio Creator Starter Roxio 16.03.2011 1,45GB 12.1.40.0 notwendig Shape Collage Shape Collage Inc. 08.10.2012 unbekannt SilverFast 8.0.1r26 (32bit) LaserSoft Imaging AG 15.06.2013 620MB 8.0.1r26 notwendig Spyware Terminator 2012 Crawler.com 14.06.2013 19,7MB 3.0.0.82 unbekannt Steuer 2010 Haufe-Lexware GmbH & Co.KG 08.07.2011 462MB 17.05.00.0003 notwendig Steuer 2011 Buhl Data Service GmbH 20.01.2012 19.00.7304 notwendig Steuer 2012 Buhl Data Service GmbH 01.01.2013 20.00.8137 notwendig Steuer-Hilfesammlung 2010 Haufe-Lexware GmbH & Co. KG 20.03.2011 442MB 17.10.0.0 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 16.03.2011 46,4MB 15.2.6.0 notwendig System Requirements Lab for Intel (64-bit) Husdawg, LLC 24.06.2012 935KB 4.5.5.0 unbekannt ViewNX 2 Nikon 16.04.2012 65,8MB 2.3.1 notwendig Visual Studio C++ 10.0 Runtime TomTom International B.V. 23.01.2013 8,00KB 10.0.0 unbekannt Windows Live Essentials Microsoft Corporation 15.03.2011 15.4.3508.1109 unbekannt Windows Live Mesh ActiveX control for remote connections Microsoft Corporation 15.03.2011 5,57MB 15.4.5722.2 unbekannt Windows Mobile-Gerätecenter Microsoft Corporation 05.09.2012 27,4MB 6.1.6965.0 unbekannt Windows-Treiberpaket - Nokia Modem (02/25/2011 4.7) Nokia 24.08.2012 02/25/2011 4.7 unbekannt Windows-Treiberpaket - Nokia Modem (02/25/2011 7.01.0.9) Nokia 24.08.2012 02/25/2011 7.01.0.9 unbekannt Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) Nokia 24.08.2012 05/31/2012 7.1.2.0 unbekannt XSManager XSManager 16.11.2012 3.2 notwendig |
|
18.06.2013, 19:44
| #19 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. Sicherheit (erweitert) Erweiterte Sicherheit anhaken und alle Dateien auswählen. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: eBay Java: alle downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Malwarebytes Spyware Terminator Öffne CCleaner, analysieren, starten, PC neustarten Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 20:21
| #20 |
| | GVU Trojaner (Rechner läuft aber noch) Hi Markus, Danke schon mal wieder bis hierhin. Hier kommt das Ergebnis vom adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.303 - Datei am 18/06/2013 um 21:14:59 erstellt
# Aktualisiert am 08/06/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : *** - ***-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16611
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v [Version kann nicht ermittelt werden]
Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\aumr8uax.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6369 octets] - [14/06/2013 13:37:49]
AdwCleaner[R2].txt - [998 octets] - [18/06/2013 21:14:10]
AdwCleaner[S1].txt - [6370 octets] - [14/06/2013 13:40:08]
AdwCleaner[S2].txt - [932 octets] - [18/06/2013 21:14:59]
########## EOF - C:\AdwCleaner[S2].txt - [991 octets] ##########
|
|
18.06.2013, 20:46
| #21 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) Hi, HitmanPro - Download - Filepony Bitte mal Hitmanpro laden, doppelklicken, Scan klicken. Nichts löschen, auf weiter klicken. Log speichern und posten, bzw als XML exportieren, packen und anhängen.
__________________ --> GVU Trojaner (Rechner läuft aber noch) |
|
18.06.2013, 21:00
| #22 |
| | GVU Trojaner (Rechner läuft aber noch) Auch das hab ich gemacht: Code:
ATTFilter HitmanPro 3.7.6.201
www.hitmanpro.com
Computer name . . . . : ***-PC
Windows . . . . . . . : 6.1.1.7601.X64/8
User name . . . . . . : ***-PC\***
UAC . . . . . . . . . : Enabled
License . . . . . . . : Free
Scan date . . . . . . : 2013-06-18 21:49:44
Scan mode . . . . . . : Normal
Scan duration . . . . : 8m 7s
Disk access mode . . : Direct disk access (SRB)
Cloud . . . . . . . . : Internet
Reboot . . . . . . . : No
Threats . . . . . . . : 0
Traces . . . . . . . : 350
Objects scanned . . . : 1.978.469
Files scanned . . . . : 52.314
Remnants scanned . . : 542.858 files / 1.383.297 keys
Potential Unwanted Programs _________________________________________________
HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF\ (AskBar)
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}\ (AskBar)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{82E1477C-B154-48D3-9891-33D83C26BCD3}\ (Delta Search)
HKU\S-1-5-21-1076415451-527864440-302771368-1000\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{C1AF5FA5-852C-4C90-812E-A7F75E011D87}\ (Delta Search)
HKU\S-1-5-21-1076415451-527864440-302771368-1002\Software\Microsoft\Internet Explorer\Approved Extensions\{4D2D3B0F-69BE-477A-90F5-FDDB05357975} (Claro)
|
|
18.06.2013, 21:02
| #23 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) ok, sieht doch gar nich so schlecht aus. Browser schließen, Hitmanpro alles gefundene löschen lassen, PC neustarten abschließenes OTL Log: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.06.2013, 23:19
| #24 |
| | GVU Trojaner (Rechner läuft aber noch) Was hab ich denn jetzt falsch gemacht? Ich finde nur ein OTL.TXT Log. Wo ist denn das Extras.TXT geblieben?OTL Logfile: Code:
ATTFilter OTL logfile created on: 18.06.2013 22:23:16 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16614) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,90 Gb Total Physical Memory | 2,33 Gb Available Physical Memory | 59,83% Memory free 7,79 Gb Paging File | 6,13 Gb Available in Paging File | 78,63% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 451,01 Gb Total Space | 256,92 Gb Free Space | 56,97% Space Free | Partition Type: NTFS Drive D: | 528,43 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Google\Update\1.3.21.145\GoogleCrashHandler.exe (Google Inc.) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\XSManager\WTGService.exe () PRC - C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll () ========== Services (SafeList) ========== SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (AntiVirWebService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (cphs) -- C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Intel Corporation) SRV - (ServiceLayer) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Nokia) SRV - (ZeroConfigService) -- C:\Programme\Intel\WiFi\bin\ZeroConfigService.exe (Intel® Corporation) SRV - (MyWiFiDHCPDNS) -- C:\Programme\Intel\WiFi\bin\PanDhcpDns.exe () SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation) SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation) SRV - (BTHSSecurityMgr) -- C:\Programme\Intel\BluetoothHS\BTHSSecurityMgr.exe (Intel(R) Corporation) SRV - (WTGService) -- C:\Program Files (x86)\XSManager\WTGService.exe () SRV - (AMPPALR3) -- C:\Programme\Intel\BluetoothHS\BTHSAmpPalService.exe (Intel Corporation) SRV - (Fabs) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Program Files (x86)\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (WMCoreService) -- C:\Program Files (x86)\Dell\Dell WWAN\WMCore\mini_WMCore.exe (Ericsson AB) SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (DMAgent) -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe (Red Bend Ltd.) SRV - (WiMAXAppSrv) -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe (Intel(R) Corporation) SRV - (AdobeActiveFileMonitor9.0) -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe (Adobe Systems Incorporated) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (RoxWatch12) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatch12OEM.exe (Sonic Solutions) SRV - (RoxMediaDB12OEM) -- C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxMediaDB12OEM.exe (Sonic Solutions) SRV - (NOBU) -- C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuAgent.exe (Dell, Inc.) SRV - (SftService) -- C:\Program Files (x86)\Dell DataSafe Local Backup\sftservice.EXE (SoftThinks SAS) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (AERTFilters) -- C:\Programme\Realtek\Audio\HDA\AERTSr64.exe (Andrea Electronics Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (cmnuusbser) -- C:\Windows\SysNative\drivers\cmnuusbser.sys (Wireless Device) DRV:64bit: - (cmntnet) -- C:\Windows\SysNative\drivers\cmntnet.sys (Wireless Data Device) DRV:64bit: - (nvkflt) -- C:\Windows\SysNative\drivers\nvkflt.sys (NVIDIA Corporation) DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation) DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (NVHDA) -- C:\Windows\SysNative\drivers\nvhda64v.sys (NVIDIA Corporation) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation) DRV:64bit: - (SmbDrvI) -- C:\Windows\SysNative\drivers\Smb_driver_Intel.sys (Synaptics Incorporated) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek ) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (pccsmcfd) -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys (Nokia) DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation) DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\Netwsw00.sys (Intel Corporation) DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB) DRV:64bit: - (AMPPALP) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (AMPPAL) -- C:\Windows\SysNative\drivers\AmpPal.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (nmwcdnsux64) -- C:\Windows\SysNative\drivers\nmwcdnsux64.sys (Nokia) DRV:64bit: - (nmwcd) -- C:\Windows\SysNative\drivers\ccdcmbx64.sys (Nokia) DRV:64bit: - (nmwcdnsucx64) -- C:\Windows\SysNative\drivers\nmwcdnsucx64.sys (Nokia) DRV:64bit: - (UsbserFilt) -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys (Nokia) DRV:64bit: - (upperdev) -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys (Nokia) DRV:64bit: - (nmwcdc) -- C:\Windows\SysNative\drivers\ccdcmbox64.sys (Nokia) DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation) DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation) DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation) DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation) DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated) DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation) DRV:64bit: - (NvStUSB) -- C:\Windows\SysNative\drivers\nvstusb.sys () DRV:64bit: - (d554gps) -- C:\Windows\SysNative\drivers\d554gps64.sys (Ericsson AB) DRV:64bit: - (wdkmd) -- C:\Windows\SysNative\drivers\WDKMD.sys (Intel Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (d554scard) -- C:\Windows\SysNative\drivers\d554scard.sys (Ericsson AB) DRV:64bit: - (bpenum) -- C:\Windows\SysNative\drivers\bpenum.sys (Intel Corporation) DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.) DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.) DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.) DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.) DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.) DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.) DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.) DRV:64bit: - (cfwids) -- C:\Windows\SysNative\drivers\cfwids.sys (McAfee, Inc.) DRV:64bit: - (qicflt) -- C:\Windows\SysNative\drivers\qicflt.sys (Quanta Computer) DRV:64bit: - (TFsExDisk) -- C:\Windows\SysNative\drivers\TFsExDisk.sys (Teruten Inc) DRV:64bit: - (PxHlpa64) -- C:\Windows\SysNative\drivers\PxHlpa64.sys (Sonic Solutions) DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB) DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB) DRV:64bit: - (Impcd) -- C:\Windows\SysNative\drivers\Impcd.sys (Intel Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (WimFltr) -- C:\Windows\SysNative\drivers\WimFltr.sys (Microsoft Corporation) DRV - (TFsExDisk) -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys (Teruten Inc) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{C7A9FA1A-647B-465A-AB18-22CABDF822E9}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=DLCDF8&pc=MDDC&src=IE-SearchBox IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\..\SearchScopes,DefaultScope = {00E96D5B-F401-46A8-9E2A-8AAC70D74E13} IE - HKCU\..\SearchScopes\{00E96D5B-F401-46A8-9E2A-8AAC70D74E13}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&r=784 IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKCU\..\SearchScopes\{0E57A08F-892D-4C7A-B2FB-2781E80F4857}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKCU\..\SearchScopes\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1207fde-90d1-4a55-a1ed-38d8a9c5e0ea&apn_sauid=C8E5CBB4-05A4-4F88-A3E2-84A30A3FA07C IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.suggest.enabled: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0a1 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( ) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Components: C:\PROGRAM FILES\NIGHTLY\COMPONENTS [2012.10.16 17:23:29 | 000,000,000 | ---D | M] 64bit-FF - HKEY_LOCAL_MACHINE\software\mozilla\Nightly 19.0a1\extensions\\Plugins: C:\PROGRAM FILES\NIGHTLY\PLUGINS [2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.03.27 16:05:22 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2011.03.21 20:35:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de [2013.06.18 21:04:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\aumr8uax.default\extensions [2011.03.18 23:20:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\foz4gsfv.default\extensions [2011.03.18 23:26:01 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2011.03.19 20:01:22 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.03.03 20:06:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.03.03 20:06:04 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011.03.03 20:06:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2011.03.03 20:06:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2011.03.03 20:06:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [Windows Mobile Device Center] C:\Windows\WindowsMobile\wmdc.exe (Microsoft Corporation) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [NSU_agent] C:\Program Files (x86)\Nokia\Nokia Software Updater\nsu3ui_agent.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 10.25.2) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} https://support.dell.com/systemprofiler/SysProExe.CAB (WMI Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.5.1) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BE23362A-FE7B-462D-B778-E68A8955D32B}: DhcpNameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E94A5AC7-BB78-4D58-B170-23C310ADAA07}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\haufereader - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\Windows\SysWOW64\nvinit.dll) - c:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [1998.11.26 17:49:16 | 000,420,864 | R--- | M] () - D:\autorun.exe -- [ CDFS ] O32 - AutoRun File - [1998.10.22 16:16:54 | 000,000,766 | R--- | M] () - D:\autorun.ico -- [ CDFS ] O32 - AutoRun File - [1997.10.24 12:08:06 | 000,000,049 | R--- | M] () - D:\autorun.inf -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Digital Line Detect.lnk - C:\PROGRA~2\DIGITA~1\DLG.exe - (Avanquest Software ) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: Dell DataSafe Online - hkey= - key= - C:\Program Files (x86)\Dell\Dell Datasafe Online\NOBuClient.exe (Dell, Inc.) MsConfig:64bit - StartUpReg: Dell Registration - hkey= - key= - C:\Program Files (x86)\System Registration\prodreg.exe (Dell, Inc.) MsConfig:64bit - StartUpReg: Dell Webcam Central - hkey= - key= - File not found MsConfig:64bit - StartUpReg: DellStage - hkey= - key= - C:\Program Files (x86)\Dell Stage\Dell Stage\stage_primary.exe () MsConfig:64bit - StartUpReg: Desktop Disc Tool - hkey= - key= - C:\Program Files (x86)\Roxio\oem\Roxio Burn\RoxioBurnLauncher.exe () MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: IAStorIcon - hkey= - key= - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) MsConfig:64bit - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files (x86)\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig:64bit - StartUpReg: LexwareInfoService - hkey= - key= - C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG) MsConfig:64bit - StartUpReg: Nikon Message Center 2 - hkey= - key= - C:\Program Files (x86)\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) MsConfig:64bit - StartUpReg: NokiaMServer - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaOviSuite2 - hkey= - key= - File not found MsConfig:64bit - StartUpReg: NokiaSuite.exe - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia) MsConfig:64bit - StartUpReg: NUSB3MON - hkey= - key= - C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) MsConfig:64bit - StartUpReg: PC Suite Tray - hkey= - key= - C:\Program Files (x86)\Nokia\Nokia PC Suite 7\PCSuite.exe (Nokia) MsConfig:64bit - StartUpReg: QuickSet - hkey= - key= - c:\Programme\Dell\QuickSet\quickset.exe (Dell Inc.) MsConfig:64bit - StartUpReg: QuickTime Task - hkey= - key= - C:\Program Files (x86)\QuickTime\QTTask.exe (Apple Inc.) MsConfig:64bit - StartUpReg: RoxWatchTray - hkey= - key= - C:\Program Files (x86)\Common Files\Roxio Shared\OEM\12.0\SharedCOM\RoxWatchTray12OEM.exe (Sonic Solutions) MsConfig:64bit - StartUpReg: RtHDVBg - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: RTHDVCPL - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Programme\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig:64bit - State: "startup" - Reg Error: Key error. MsConfig:64bit - State: "services" - Reg Error: Key error. CREATERESTOREPOINT System Restore Service not available. ========== Files/Folders - Created Within 30 Days ========== [2013.06.18 21:48:43 | 009,833,328 | ---- | C] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe [2013.06.17 21:00:05 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\CyberViewX [2013.06.17 16:50:31 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2013.06.16 23:00:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2013.06.16 23:00:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.06.16 23:00:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.06.16 23:00:12 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Programs [2013.06.15 21:45:44 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.06.15 21:20:45 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.06.15 21:06:42 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.06.15 21:06:42 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.06.15 21:06:42 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.06.15 21:06:32 | 000,000,000 | ---D | C] -- C:\ComboFix [2013.06.15 21:06:28 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.06.15 21:06:00 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.06.15 20:53:29 | 005,080,151 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.14 21:17:12 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.06.14 17:21:27 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 13:55:03 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.14 13:55:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013.06.12 00:02:17 | 000,000,000 | ---D | C] -- C:\ProgramData\HitmanPro [2013.06.11 23:09:30 | 000,000,000 | ---D | C] -- C:\ProgramData\imkn [2013.06.01 22:03:55 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2013.06.01 21:54:50 | 000,000,000 | ---D | C] -- C:\ProgramData\regid.1986-12.com.adobe [2013.05.28 08:37:46 | 005,268,992 | ---- | C] (PIE) -- C:\Windows\SysWow64\MF5000_x64.dll [2013.05.28 08:37:46 | 005,268,992 | ---- | C] (PIE) -- C:\Windows\SysNative\MF5000_x64.dll [2013.05.28 08:36:48 | 003,817,472 | ---- | C] (PIE) -- C:\Windows\SysWow64\MF5000.dll [2013.05.28 08:36:48 | 003,817,472 | ---- | C] (PIE) -- C:\Windows\SysNative\MF5000.dll [2013.05.25 19:27:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime [2013.05.25 19:27:05 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\QuickTime [2013.05.24 23:28:01 | 000,000,000 | ---D | C] -- C:\Program Files\My Dell [2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysWow64\NV [2013.05.23 21:55:23 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\NV [2013.05.21 21:16:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2013.05.21 21:15:26 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2013.05.20 14:10:41 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LaserSoft Imaging [2013.05.20 14:10:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\SilverFast Application [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.06.18 22:20:06 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.06.18 22:19:36 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.06.18 22:19:15 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.06.18 22:19:06 | 3137,994,752 | -HS- | M] () -- C:\hiberfil.sys [2013.06.18 21:52:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.18 21:49:06 | 009,833,328 | ---- | M] (SurfRight B.V.) -- C:\Users\***\Desktop\HitmanPro_x64.exe [2013.06.18 21:24:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 21:24:47 | 000,014,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.06.18 21:13:35 | 000,648,201 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 08:17:43 | 000,001,324 | ---- | M] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk [2013.06.18 08:16:01 | 001,622,076 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.06.18 08:16:01 | 000,700,608 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.06.18 08:16:01 | 000,655,280 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.06.18 08:16:01 | 000,149,372 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.06.18 08:16:01 | 000,122,152 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.06.17 20:59:50 | 000,002,577 | ---- | M] () -- C:\Users\Public\Desktop\CyberViewX.lnk [2013.06.17 16:50:35 | 000,000,824 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.15 20:54:20 | 005,080,151 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.06.14 21:17:13 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.06.14 17:21:27 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.06.14 13:55:03 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013.06.11 21:37:46 | 001,599,970 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.06.02 14:49:51 | 000,541,912 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.06.01 22:26:48 | 000,001,080 | ---- | M] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk [2013.05.28 08:37:46 | 005,268,992 | ---- | M] (PIE) -- C:\Windows\SysWow64\MF5000_x64.dll [2013.05.28 08:37:46 | 005,268,992 | ---- | M] (PIE) -- C:\Windows\SysNative\MF5000_x64.dll [2013.05.28 08:36:48 | 003,817,472 | ---- | M] (PIE) -- C:\Windows\SysWow64\MF5000.dll [2013.05.28 08:36:48 | 003,817,472 | ---- | M] (PIE) -- C:\Windows\SysNative\MF5000.dll [2013.05.23 22:08:44 | 000,000,608 | ---- | M] () -- C:\Windows\wiso.ini [2013.05.21 21:16:09 | 000,001,785 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.05.20 14:32:55 | 000,000,128 | -H-- | M] () -- C:\ProgramData\V93GE [2013.05.20 14:30:48 | 000,000,001 | -H-- | M] () -- C:\ProgramData\T23J7 [2 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] [2 C:\Program Files (x86)\*.tmp files -> C:\Program Files (x86)\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.06.18 21:13:35 | 000,648,201 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.06.18 20:53:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.06.17 20:59:50 | 000,002,589 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberViewX.lnk [2013.06.17 20:59:50 | 000,002,577 | ---- | C] () -- C:\Users\Public\Desktop\CyberViewX.lnk [2013.06.17 16:50:35 | 000,000,824 | ---- | C] () -- C:\Users\Public\Desktop\CCleaner.lnk [2013.06.15 21:06:42 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.06.15 21:06:42 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.06.15 21:06:42 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.06.15 21:06:42 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.06.15 21:06:42 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.06.01 22:26:48 | 000,001,080 | ---- | C] () -- C:\Users\***\Desktop\Kyodai Mahjongg 2006.lnk [2013.06.01 21:49:55 | 000,001,521 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ExtendScript Toolkit CS5.lnk [2013.06.01 21:49:45 | 000,000,999 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help.lnk [2013.06.01 21:46:11 | 000,001,892 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 9.lnk [2013.05.20 14:30:48 | 000,000,001 | -H-- | C] () -- C:\ProgramData\T23J7 [2013.05.20 14:10:41 | 000,001,324 | ---- | C] () -- C:\Users\***\Desktop\SilverFast (32bit).lnk [2013.05.12 00:00:27 | 000,000,128 | -H-- | C] () -- C:\ProgramData\V93GE [2012.12.23 16:59:06 | 000,272,928 | ---- | C] () -- C:\Windows\SysWow64\igvpkrng600.bin [2012.12.23 16:58:50 | 000,963,452 | ---- | C] () -- C:\Windows\SysWow64\igcodeckrng600.bin [2012.12.14 03:42:30 | 000,064,512 | ---- | C] () -- C:\Windows\SysWow64\igdde32.dll [2012.05.28 09:47:30 | 000,007,605 | ---- | C] () -- C:\Users\***\AppData\Local\resmon.resmoncfg [2012.03.19 23:23:09 | 000,000,673 | ---- | C] () -- C:\Windows\wininit.ini [2012.03.19 23:01:45 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Echo [2012.03.19 23:01:45 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filters [2012.03.19 23:01:11 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Effects [2012.03.19 23:01:11 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Flange Saw [2012.03.19 23:01:10 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Dynamic Library [2012.03.19 23:01:10 | 000,000,012 | RH-- | C] () -- C:\ProgramData\Filesystems [2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Distortion [2012.03.19 22:59:29 | 000,000,000 | ---- | C] () -- C:\ProgramData\Dance Kit [2012.03.19 22:47:31 | 000,000,000 | ---- | C] () -- C:\Windows\ViewNX2.INI [2012.02.09 22:54:03 | 000,001,453 | ---- | C] () -- C:\Windows\eReg.dat [2012.01.21 12:30:37 | 000,000,608 | ---- | C] () -- C:\Windows\wiso.ini [2011.06.25 19:43:53 | 000,030,028 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat [2011.06.25 14:43:52 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.06.25 14:43:52 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Drum Kits [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documents [2011.05.17 21:17:36 | 000,000,268 | RH-- | C] () -- C:\Users\***\AppData\Roaming\Documentation [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2011.05.17 21:17:36 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2011.03.19 22:34:23 | 000,006,656 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.02.27 07:52:56 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.08.21 15:11:31 | 000,857,088 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 15:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.08.21 15:08:38 | 000,453,120 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.01.21 12:30:40 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Buhl Data Service [2013.06.01 22:03:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012.04.20 08:33:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.magix-fotos.fotobuch.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011.03.21 20:35:24 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Haufe Mediengruppe [2013.05.12 00:00:27 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\LaserSoft Imaging [2011.03.18 23:03:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Leadertech [2011.03.20 23:40:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lexware [2012.06.01 00:32:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\MAGIX [2013.04.15 22:45:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\metaspinner net GmbH [2012.03.19 22:46:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nikon [2012.01.31 22:49:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia [2011.04.11 21:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Ovi Suite [2011.11.22 23:47:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nokia Suite [2011.03.20 13:29:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PC Suite [2012.05.24 17:43:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PCDr [2012.06.02 14:33:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PhotoScape [2012.09.02 23:16:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\proDAD [2012.06.14 20:14:08 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Samsung [2012.12.20 21:52:04 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Windows Live Writer [2013.05.03 16:51:09 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XSManager ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2013.06.16 11:00:17 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2011.03.16 01:24:47 | 000,000,000 | ---D | M] -- C:\apps [2013.06.15 21:21:46 | 000,000,000 | ---D | M] -- C:\ComboFix [2013.06.18 21:07:37 | 000,000,000 | ---D | M] -- C:\Config.Msi [2011.06.25 14:38:09 | 000,000,000 | ---D | M] -- C:\dell [2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.03.16 03:20:46 | 000,000,000 | ---D | M] -- C:\Drivers [2011.03.16 00:54:20 | 000,000,000 | ---D | M] -- C:\Intel [2011.03.19 22:58:20 | 000,000,000 | R--D | M] -- C:\MSOCache [2012.06.13 21:47:30 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.06.17 16:50:31 | 000,000,000 | R--D | M] -- C:\Program Files [2013.06.16 23:00:35 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.06.18 20:49:59 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.03.18 22:59:18 | 000,000,000 | -HSD | M] -- C:\Programme [2013.06.15 21:20:46 | 000,000,000 | ---D | M] -- C:\Qoobox [2011.03.18 23:05:44 | 000,000,000 | -HSD | M] -- C:\System Recovery [2013.06.18 21:07:34 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.05.23 21:55:30 | 000,000,000 | ---D | M] -- C:\Temp [2012.05.28 09:28:50 | 000,000,000 | R--D | M] -- C:\Users [2013.06.18 21:10:54 | 000,000,000 | ---D | M] -- C:\Windows [2011.07.08 19:09:20 | 000,000,000 | ---D | M] -- C:\{BFFABDB7-DE96-4467-9C57-1BFDA39C34AF} < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 07:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 07:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011.03.20 21:04:40 | 000,001,104 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2011.03.20 21:04:41 | 000,001,108 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2013.06.18 20:53:52 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\erdnt\cache64\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\erdnt\cache86\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\erdnt\cache64\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\erdnt\cache86\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 08:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 08:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 15:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTOR.SYS > [2011.01.12 17:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\dell\drivers\R296901\f6flpy-x64\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Drivers\Chipset_IRST\f6flpy-x64\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.01.13 03:51:44 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys [2011.01.12 17:44:08 | 000,355,352 | ---- | M] (Intel Corporation) MD5=F989555F1662581032CCE1578A8FF28E -- C:\dell\drivers\R296901\f6flpy-x86\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\erdnt\cache64\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\erdnt\cache86\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\erdnt\cache86\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\erdnt\cache64\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\erdnt\cache86\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\erdnt\cache64\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\erdnt\cache64\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2013.06.08 13:40:01 | 013,760,512 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < %USERPROFILE%\*.* > [2013.06.18 22:46:59 | 004,718,592 | -HS- | M] () -- C:\Users\***\ntuser.dat [2013.06.18 22:46:59 | 000,262,144 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG1 [2011.03.18 22:59:30 | 000,000,000 | -HS- | M] () -- C:\Users\***\ntuser.dat.LOG2 [2011.03.18 23:15:00 | 000,065,536 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.03.18 23:15:00 | 000,524,288 | -HS- | M] () -- C:\Users\***\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.05.18 23:25:13 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TM.blf [2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.05.18 23:25:13 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0a58fca4-818b-11e0-ae41-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2012.01.31 23:26:06 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TM.blf [2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2012.01.31 23:26:06 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{0f997870-49df-11e1-bdb5-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2011.03.19 20:53:10 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TM.blf [2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.03.19 20:53:10 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{3c666c00-524c-11e0-a7af-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2012.12.31 01:40:30 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TM.blf [2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms [2012.12.31 01:40:30 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{78f05a30-52d7-11e2-9152-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms [2012.12.31 01:25:32 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TM.blf [2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000001.regtrans-ms [2012.12.31 01:25:32 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{96757889-52d6-11e2-b749-14feb59c1197}.TMContainer00000000000000000002.regtrans-ms [2011.08.25 23:59:17 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TM.blf [2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2011.08.25 23:59:17 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c1ac9e3e-cf44-11e0-ae26-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2013.05.04 15:36:58 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TM.blf [2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000001.regtrans-ms [2013.05.04 15:36:58 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{c87f8f89-b4b4-11e2-a361-00a0c6000000}.TMContainer00000000000000000002.regtrans-ms [2012.05.24 17:46:55 | 000,065,536 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TM.blf [2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000001.regtrans-ms [2012.05.24 17:46:55 | 000,524,288 | -HS- | M] () -- C:\Users\***\ntuser.dat{db948c67-a4fd-11e1-ad0d-028037ec0200}.TMContainer00000000000000000002.regtrans-ms [2011.03.18 22:59:30 | 000,000,020 | -HS- | M] () -- C:\Users\***\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
19.06.2013, 00:16
| #25 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) Hi, is ok. otl fix Fixen mit OTL
Code:
ATTFilter :OTL
IE - HKCU\..\SearchScopes\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=de_DE&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=c1207fde-90d1-4a55-a1ed-38d8a9c5e0ea&apn_sauid=C8E5CBB4-05A4-4F88-A3E2-84A30A3FA07C
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O8:64bit: - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: &Preispiratensuche nach markiertem Text - C:\\Program Files (x86)\\Preispiraten6\\preispiraten.html File not found
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
:files
:Commands
[emptytemp]
bitte teste, ob es im Firefox, internet explorer, und sonstigen evtl. instalierte Browser, irgendwelche ungewollten toolbars, umleitungen oder sonstigen Probleme gibt. Teste wie pc und programme allgemein laufen.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 15:58
| #26 |
| | GVU Trojaner (Rechner läuft aber noch) Hi Markus, das ging irgendwie schief. Nach dem Fix dauert der Neustart satte 10 Minuten. Der Rechner wurde vollkommen ausgebremst und meine Netzwerkverbindung war auch hinüber. Ich poste mal das Ergebnis des Fix, musste aber auf einen Wiederherstellungspunkt zurückgreifen, sonst ginge gar nichts mehr. All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4D5E70C8-52C6-433A-AD89-4067A2B4F01E}\ not found. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ deleted successfully. 64bit-Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ deleted successfully. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Preispiratensuche nach markiertem Text\ not found. Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\Nach Microsoft E&xel exportieren\ not found. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000005\ deleted successfully. C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL moved successfully. 64bit-Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries64\000000000006\ deleted successfully. File C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL not found. ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 2169961 bytes ->Flash cache emptied: 56958 bytes User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes ->Flash cache emptied: 57472 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes ->Flash cache emptied: 0 bytes User: *** ->Temp folder emptied: 1097260 bytes ->Temporary Internet Files folder emptied: 6783224 bytes ->Java cache emptied: 539607 bytes ->Flash cache emptied: 58084 bytes User: Public ->Temp folder emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 205849 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 7604 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 94490 bytes RecycleBin emptied: 15414781 bytes Total Files Cleaned = 25,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 06192013_155355 Files\Folders moved on Reboot... C:\Users\***\AppData\Local\Temp\Low\REG19B1.tmp moved successfully. C:\Users\***\AppData\Local\Temp\Low\REG9B9C.tmp moved successfully. C:\Users\***\AppData\Local\Temp\Low\REGC5EF.tmp moved successfully. C:\Users\***\AppData\Local\Temp\Low\REGE5E4.tmp moved successfully. C:\Users\***\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\Y1HUNPR8\ads[1].htm moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\Content.IE5\OLJ87K2O\136593-gvu-trojaner-rechner-laeuft-noch-3[1].htm moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\AntiPhishing\7A7E08C8-3FF5-45F2-873D-A84D669DC82F.dat moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\Low\MSIMGSIZ.DAT moved successfully. C:\Users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
19.06.2013, 17:39
| #27 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) auch nach neustart?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 20:12
| #28 |
| | GVU Trojaner (Rechner läuft aber noch) Ja. Einmal runter und wieder hochfahren ca. 20 Minuten. Ich habe ihn dann insgesamt dreimal neu gestartet und es hat sich nichts verändert. Vor allem die Netzwerkverbindungen waren weg. Ich gehe unterwegs mit einem Surfstick ins Netz. So einer der sich selbst installiert. Selbst den bekam ich nicht mehr ans Laufen. Seltsam seltsam! |
|
19.06.2013, 21:20
| #29 |
| /// Malware-holic | GVU Trojaner (Rechner läuft aber noch) also die netzwerkverbindungen werden nicht mehr angezeigt? auch wenn du neu suchst? bin jetzt erst mal im urlaub, eröffne mal ein thema im bereich netzwerke damit das schnell gelöst wird. sorry für die Umstände!b
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
19.06.2013, 21:31
| #30 |
| | GVU Trojaner (Rechner läuft aber noch) Alle weg! Ich hätte sie komplett neu installieren müssen. Aber der Rechner hat auch keine in der Umgebung angezeigt, was er sonst macht. Da herrschte totale Leere. Durch den Wiederherstellungspunkt funktioniert jetzt natürlich wieder alles. Ich bin jetzt praktisch vor dem Fix gelandet. Bevor Du Dich in den Urlaub verabschiedest, für den ich Dir viel Spaß, gute Laune und Entspannung/Action wünsche... kannst Du mir ne kurze Einschätzung geben, wie es um den Rechner bestellt ist  ?Viele Grüße. |
|
| Themen zu GVU Trojaner (Rechner läuft aber noch) |
| anderen, antivir, beendet, board, ergebnisse, folgende, funktioniert, geblockt, lösung, nicht mehr, probleme, quarantäne, rechner, registry, seite, spyware, taskmanager, tr/dldr.nymaim.b.69, tr/drop.xpaj.a, trojaner, windows |
Linear-Darstellung
