| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.07.2013, 10:09
| #1 |
| |  GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Hallo zusammen, habe meinen Rechner wie im Forum beschreiben mit OTL PE gescannt. Bei Log in Dateien sind nachstehend gepostet. Ich hoffe das ihr mir helfen könnt. Würde mich riesig freuen. Vielen dank jetzt schon einmal für eure Unterstützung. Picasso4711!OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/21/2013 2:53:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.50 Mb Free Space | 75.50% Space Free | Partition Type: NTFS
Drive H: | 372.51 Gb Total Space | 309.23 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 10:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/07 13:58:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 06:27:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/25 18:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/21 09:41:44 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto] -- H:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/08 13:02:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 13:02:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/17 17:22:02 | 000,077,520 | ---- | M] () [On_Demand] -- H:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/17 17:15:44 | 000,331,608 | ---- | M] () [Auto] -- H:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/04 19:02:02 | 000,329,544 | ---- | M] () [Auto] -- H:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/04 19:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/30 07:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto] -- H:\Windows\SysWOW64\LxrSII1s.exe -- (LxrSII1s)
SRV - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- H:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/08 13:02:14 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 13:02:14 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- H:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/01/04 19:01:56 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2012/01/04 19:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/09/16 11:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/04/29 06:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- H:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/20 10:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/04/16 11:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- H:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/12/30 04:32:04 | 000,063,064 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2011/07/17 03:39:44 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- H:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 90 82 6A 73 5C CE 01 [binary data]
IE - HKU\Kalle_und_Lydia_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Kalle_und_Lydia_ON_H\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\UpdatusUser_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: H:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.3: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/07 13:57:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/07 13:57:56 | 000,000,000 | ---D | M]
[2009/12/21 14:21:50 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Extensions
[2009/12/21 14:21:50 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/04/23 14:25:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\extensions
[2012/01/03 10:27:44 | 000,002,333 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\searchplugins\askcom.xml
[2009/12/26 16:42:31 | 000,002,171 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\searchplugins\bing.xml
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/07/07 13:57:54 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 13:58:00 | 000,000,000 | ---D | M] (Default) -- H:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2010/05/12 11:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 12:22:04 | 000,013,240 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll
[2010/05/12 11:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 11:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 11:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/05/12 11:41:08 | 000,255,416 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll
[2010/05/12 11:42:42 | 000,031,160 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\icafile.dll
[2010/05/12 11:42:20 | 000,040,384 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll
[2010/05/12 12:22:36 | 000,423,328 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2013/05/11 06:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/04/14 08:55:06 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll
[2010/05/12 11:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2009/12/21 14:25:58 | 000,000,811 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2010/12/17 12:42:16 | 000,427,737 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14727 more lines...
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - H:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - H:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\Kalle_und_Lydia_ON_H\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4:64bit: - HKLM..\Run: [VX3000] H:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] File not found
O4 - HKLM..\Run: [avgnt] H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] H:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] H:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] H:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] H:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SSBkgdUpdate] H:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [ccleaner] H:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [Launcher] H:\Program Files\ABUS Security-Center\VMSExpress\SecurityLauncher.exe (ABUS Security-Center GmbH&Co.KG)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [msnmsgr] H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [Skype] H:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [SpybotSD TeaTimer] H:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - H:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Kalle_und_Lydia_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Kalle_und_Lydia_ON_H Winlogon: Shell - (C:\Users\Kalle und Lydia\AppData\Roaming\cache.dat) - H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - H:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - H:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - H:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - H:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - H:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - H:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - H:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - H:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - H:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - H:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/20 17:52:49 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/07/12 15:39:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/07/12 15:39:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/07/12 15:39:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/07/12 15:39:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iesysprep.dll
[2013/07/12 15:39:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/12 15:39:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/12 15:39:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/07/12 15:39:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iesetup.dll
[2013/07/12 15:39:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/07/12 15:39:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/07/12 15:39:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iernonce.dll
[2013/07/12 15:39:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/07/12 15:39:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/07/12 15:39:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/07/12 15:39:29 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/07/12 15:39:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/07/12 15:39:27 | 002,877,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/07/12 02:10:48 | 000,624,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\qedit.dll
[2013/07/12 02:10:48 | 000,509,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\qedit.dll
[2013/07/12 02:10:46 | 001,887,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WMVDECOD.DLL
[2013/07/12 02:10:46 | 001,620,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 02:09:58 | 001,643,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll
[2013/07/12 02:09:58 | 001,247,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\DWrite.dll
[2013/07/07 13:57:54 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Mozilla Firefox
[2013/07/06 10:25:49 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/29 14:27:27 | 000,000,000 | ---D | C] -- H:\dbs
[2013/06/29 13:31:31 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\ABUS Security-Center
[2013/06/29 13:31:12 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/06/29 13:31:11 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\WinPcap
[2013/06/29 13:28:02 | 000,000,000 | ---D | C] -- H:\ProgramData\ABUS Security-Center
[2013/06/29 13:27:56 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2013/06/29 13:27:56 | 000,000,000 | ---D | C] -- H:\Program Files\ABUS Security-Center
[2013/06/29 13:27:09 | 000,000,000 | ---D | C] -- H:\Users\Kalle und Lydia\AppData\Roaming\ABUS Security-Center GmbH & Co. KG
[2012/10/01 16:49:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- H:\ProgramData\lsass.exe
========== Files - Modified Within 30 Days ==========
[2013/07/20 13:31:35 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/07/20 13:31:29 | 000,000,064 | ---- | M] () -- H:\Windows\SysWow64\rp_stats.dat
[2013/07/20 13:31:29 | 000,000,044 | ---- | M] () -- H:\Windows\SysWow64\rp_rules.dat
[2013/07/20 13:31:28 | 000,000,408 | ---- | M] () -- H:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/07/20 13:30:58 | 3220,086,784 | -HS- | M] () -- H:\hiberfil.sys
[2013/07/20 12:09:44 | 000,000,004 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini
[2013/07/20 12:09:13 | 000,014,016 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 12:09:13 | 000,014,016 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 12:06:55 | 009,270,816 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/07/20 12:06:55 | 003,141,018 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/07/20 12:06:55 | 002,812,480 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/07/20 12:06:55 | 002,517,734 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/07/20 12:06:55 | 000,005,222 | ---- | M] () -- H:\Windows\System32\PerfStringBackup.INI
[2013/07/20 12:06:12 | 000,001,128 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 12:03:17 | 000,001,124 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/20 12:02:45 | 000,000,006 | -H-- | M] () -- H:\Windows\tasks\SA.DAT
[2013/07/19 17:27:24 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 02:09:32 | 000,413,656 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/07/07 14:40:39 | 000,002,044 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/06 10:25:49 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/29 13:31:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2013/06/29 13:31:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/06/29 12:01:39 | 000,001,274 | ---- | M] () -- H:\Windows\wininit.ini
========== Files Created - No Company Name ==========
[2013/07/19 17:10:21 | 000,000,408 | ---- | C] () -- H:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/07/19 16:34:20 | 000,000,004 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini
[2013/06/29 12:01:36 | 000,001,274 | ---- | C] () -- H:\Windows\wininit.ini
[2013/06/07 17:40:37 | 095,023,320 | ---- | C] () -- H:\ProgramData\bocmj8.pad
[2012/08/12 07:25:05 | 000,000,040 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cdr.ini
[2012/08/12 07:22:06 | 000,000,073 | ---- | C] () -- H:\Windows\cdplayer.ini
[2012/08/12 07:19:37 | 000,001,534 | ---- | C] () -- H:\ProgramData\ss.ini
[2012/08/10 17:11:03 | 004,503,728 | ---- | C] () -- H:\ProgramData\00etadpu.pad
[2012/01/11 08:19:47 | 000,099,840 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat
[2011/07/20 05:37:46 | 000,000,064 | ---- | C] () -- H:\Windows\SysWow64\rp_stats.dat
[2011/07/20 05:37:46 | 000,000,044 | ---- | C] () -- H:\Windows\SysWow64\rp_rules.dat
[2011/05/18 07:33:45 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- H:\Windows\SysWow64\pthreadVC.dll
[2010/01/30 07:44:39 | 000,000,428 | ---- | C] () -- H:\Windows\MAXLINK.INI
[2009/12/24 16:41:51 | 000,109,744 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- H:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- H:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- H:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- H:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- H:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,478 | ---- | C] () -- H:\Windows\win.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- H:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 12:24:18 | 000,015,498 | ---- | C] () -- H:\Windows\VX3000.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2013/05/25 08:16:23 | 000,000,000 | ---D | M] -- H:\ProgramData\74A3C6B67685FB86000074A3521E0668
[2013/06/29 14:27:27 | 000,000,000 | ---D | M] -- H:\ProgramData\ABUS Security-Center
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/10/20 04:30:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Ask
[2010/12/26 08:20:35 | 000,000,000 | ---D | M] -- H:\ProgramData\Citrix
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2012/08/12 07:19:34 | 000,000,000 | ---D | M] -- H:\ProgramData\FreeRIP
[2010/01/30 07:44:31 | 000,000,000 | ---D | M] -- H:\ProgramData\ScanSoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2013/05/20 14:40:41 | 000,000,000 | ---D | M] -- H:\ProgramData\tmp
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2013/07/20 13:31:28 | 000,000,408 | ---- | M] () -- H:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2013/04/13 17:19:27 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/21/2013 2:53:04 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16635)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = H: | %SystemRoot% = H:\Windows | %ProgramFiles% = H:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.50 Mb Free Space | 75.50% Space Free | Partition Type: NTFS
Drive H: | 372.51 Gb Total Space | 309.23 Gb Free Space | 83.01% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet002
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/05/27 01:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2010/05/20 10:26:28 | 000,199,536 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Program Files\Microsoft LifeCam\MSCamS64.exe -- (MSCamSvc)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- H:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/07/07 13:58:00 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand] -- H:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/06/12 06:27:34 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- H:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/02/25 18:32:22 | 001,260,320 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2013/01/18 02:14:20 | 000,383,264 | ---- | M] (NVIDIA Corporation) [Auto] -- H:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service)
SRV - [2012/09/21 09:41:44 | 001,737,728 | ---- | M] (Lavasoft Limited ) [Auto] -- H:\Program Files (x86)\Lavasoft\Ad-Aware\AAWService.exe -- (Lavasoft Ad-Aware Service)
SRV - [2012/05/08 13:02:14 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/08 13:02:13 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- H:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/01/17 17:22:02 | 000,077,520 | ---- | M] () [On_Demand] -- H:\Program Files (x86)\Expat Shield\bin\EXPATTrayService.exe -- (ExpatTrayService)
SRV - [2012/01/17 17:15:44 | 000,331,608 | ---- | M] () [Auto] -- H:\Program Files (x86)\Expat Shield\bin\openvpnas.exe -- (ExpatShieldService)
SRV - [2012/01/04 19:02:02 | 000,329,544 | ---- | M] () [Auto] -- H:\Program Files (x86)\Expat Shield\bin\hsswd.exe -- (ExpatWd)
SRV - [2012/01/04 19:01:58 | 000,363,336 | ---- | M] (AnchorFree Inc.) [Auto] -- H:\Program Files (x86)\Expat Shield\HssWPR\hsssrv.exe -- (ExpatSrv)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- H:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/12/30 07:21:02 | 000,065,536 | ---- | M] (Lexar Media, Inc.) [Auto] -- H:\Windows\SysWOW64\LxrSII1s.exe -- (LxrSII1s)
SRV - [2009/12/17 12:04:18 | 000,185,640 | ---- | M] (TeamViewer GmbH) [Auto] -- H:\Program Files (x86)\TeamViewer\Version5\TeamViewer_Service.exe -- (TeamViewer5)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- H:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/01/26 10:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- H:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2012/05/08 13:02:14 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012/05/08 13:02:14 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto] -- H:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012/01/04 19:01:56 | 000,056,832 | ---- | M] (AnchorFree Inc.) [Kernel | On_Demand] -- H:\Windows\System32\drivers\HssDrv.sys -- (HssDrv)
DRV:64bit: - [2012/01/04 19:01:54 | 000,037,888 | ---- | M] (AnchorFree Inc) [Kernel | On_Demand] -- H:\Windows\System32\drivers\taphss.sys -- (taphss)
DRV:64bit: - [2011/09/16 11:08:07 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System] -- H:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2011/04/29 06:12:00 | 000,069,376 | ---- | M] (Lavasoft AB) [File_System | Boot] -- H:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/06/25 13:07:26 | 000,035,344 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\npf.sys -- (NPF)
DRV:64bit: - [2010/05/20 10:26:30 | 002,060,144 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\VX3000.sys -- (VX3000)
DRV:64bit: - [2010/04/16 11:22:04 | 000,087,600 | ---- | M] (Citrix Systems, Inc.) [Kernel | System] -- H:\Windows\System32\drivers\ctxusbm.sys -- (ctxusbm)
DRV:64bit: - [2009/12/30 04:32:04 | 000,063,064 | ---- | M] (Lexar Media, Inc.) [Kernel | Auto] -- H:\Windows\System32\drivers\LxrSII1d.sys -- (LxrSII1d)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- H:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\nvm62x64.sys -- (NVENETFD)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- H:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV - [2011/07/17 03:39:44 | 000,017,152 | ---- | M] () [Kernel | On_Demand] -- H:\Program Files (x86)\Lavasoft\Ad-Aware\kernexplorer64.sys -- (Lavasoft Kernexplorer)
========== Standard Registry (All) ==========
========== Internet Explorer ==========
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=255141
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 90 82 6A 73 5C CE 01 [binary data]
IE - HKU\Kalle_und_Lydia_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\Kalle_und_Lydia_ON_H\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - Reg Error: Key error. File not found
IE - HKU\Kalle_und_Lydia_ON_H\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\NetworkService_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
IE - HKU\UpdatusUser_ON_H\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - H:\Windows\SysWOW64\ieframe.dll (Microsoft Corporation)
========== FireFox ==========
FF - prefs.js..browser.search.defaultengine: "Ask.com"
FF - prefs.js..browser.search.defaultenginename: "Ask.com"
FF - prefs.js..browser.search.defaultthis.engineName: "Elf 1 Customized Web Search"
FF - prefs.js..browser.search.defaulturl: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&SearchSource=3&q={searchTerms}"
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=971163"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "www.google.de"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA}:6.0.31
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.27
FF - prefs.js..keyword.URL: "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q="
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\System32\Macromed\Flash\NPSWF64_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: H:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: H:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_39: H:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: H:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: H:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVision: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nvidia.com/3DVisionStreaming: H:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: H:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: H:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=1.0.3: H:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: H:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/07 13:57:56 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/07/07 13:57:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 22.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/07 13:57:56 | 000,000,000 | ---D | M]
[2009/12/21 14:21:50 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Extensions
[2009/12/21 14:21:50 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2013/04/23 14:25:25 | 000,000,000 | ---D | M] (No name found) -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\extensions
[2012/01/03 10:27:44 | 000,002,333 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\searchplugins\askcom.xml
[2009/12/26 16:42:31 | 000,002,171 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\searchplugins\bing.xml
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\extensions
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2013/07/07 13:57:55 | 000,000,000 | ---D | M] (Java Console) -- H:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA}
[2013/07/07 13:57:54 | 000,000,000 | ---D | M] (No name found) -- H:\Program Files (x86)\Mozilla Firefox\browser\extensions
[2013/07/07 13:58:00 | 000,000,000 | ---D | M] (Default) -- H:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
File not found (No name found) --
[2010/05/12 11:42:04 | 000,124,344 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\CCMSDK.dll
[2010/05/12 12:22:04 | 000,013,240 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\cgpcfg.dll
[2010/05/12 11:43:54 | 000,070,592 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\CgpCore.dll
[2010/05/12 11:42:52 | 000,091,576 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\confmgr.dll
[2010/05/12 11:42:32 | 000,022,464 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\ctxlogging.dll
[2010/05/12 11:41:08 | 000,255,416 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\ctxmui.dll
[2010/05/12 11:42:42 | 000,031,160 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\icafile.dll
[2010/05/12 11:42:20 | 000,040,384 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\icalogon.dll
[2010/05/12 12:22:36 | 000,423,328 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\plugins\npicaN.dll
[2013/05/11 06:37:28 | 000,209,472 | ---- | M] (Adobe Systems Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll
[2010/04/14 08:55:06 | 000,652,640 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\sslsdk_b.dll
[2010/05/12 11:43:56 | 000,024,000 | ---- | M] (Citrix Systems, Inc.) -- H:\Program Files (x86)\mozilla firefox\plugins\TcpPServ.dll
[2009/12/21 14:25:58 | 000,000,811 | ---- | M] () -- H:\Program Files (x86)\mozilla firefox\searchplugins\yahoo.xml
O1 HOSTS File: ([2010/12/17 12:42:16 | 000,427,737 | ---- | M]) - H:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 123fporn.info
O1 - Hosts: 14727 more lines...
O2:64bit: - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - H:\Program Files (x86)\Expat Shield\HssIE\ExpatIE_64.dll (AnchorFree Inc.)
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - H:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Expat Shield Class) - {3706EE7C-3CAD-445D-8A43-03EBC3B75908} - H:\Program Files (x86)\Expat Shield\HssIE\ExpatIE.dll (AnchorFree Inc.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - H:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - H:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - H:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - H:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O3 - HKU\Kalle_und_Lydia_ON_H\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - File not found
O4:64bit: - HKLM..\Run: [VX3000] H:\Windows\vVX3000.exe (Microsoft Corporation)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe ARM] H:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ApnUpdater] File not found
O4 - HKLM..\Run: [avgnt] H:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [ConnectionCenter] H:\Program Files (x86)\Citrix\ICA Client\concentr.exe (Citrix Systems, Inc.)
O4 - HKLM..\Run: [GrooveMonitor] H:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation)
O4 - HKLM..\Run: [LifeCam] H:\Program Files (x86)\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [OpwareSE4] H:\Program Files (x86)\ScanSoft\OmniPageSE4.0\OpwareSE4.exe (ScanSoft, Inc.)
O4 - HKLM..\Run: [PDFPrint] H:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [SSBkgdUpdate] H:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [ccleaner] H:\Program Files\CCleaner\CCleaner64.exe (Piriform Ltd)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [Launcher] H:\Program Files\ABUS Security-Center\VMSExpress\SecurityLauncher.exe (ABUS Security-Center GmbH&Co.KG)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [msnmsgr] H:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe (Microsoft Corporation)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [Skype] H:\Program Files (x86)\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\Kalle_und_Lydia_ON_H..\Run: [SpybotSD TeaTimer] H:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\LocalService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_H..\Run: [Sidebar] H:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_H..\RunOnce: [mctadmin] File not found
O4 - HKU\UpdatusUser_ON_H..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceActiveDesktopOn = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft E&xel exportieren - H:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - H:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - H:\Program Files (x86)\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - H:\Program Files (x86)\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - H:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10:64bit: - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - H:\Windows\SysWOW64\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - H:\Windows\SysWOW64\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - H:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - H:\Windows\SysWOW64\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - H:\Windows\SysWOW64\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - H:\Windows\SysWOW64\mswsock.dll (Microsoft Corporation)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-0016-0000-0039-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_39-windows-i586.cab (Java Plug-in 1.6.0_39)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - H:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - H:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - H:\Windows\System32\itss.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - H:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - H:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\application/x-ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - H:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18:64bit: - Protocol\Filter\ica {CFB6322E-CC85-4d1b-82C7-893888A236BC} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - H:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - H:\Windows\System32\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - H:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - H:\Windows\SysWow64\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Kalle_und_Lydia_ON_H Winlogon: Shell - (explorer.exe) - H:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Kalle_und_Lydia_ON_H Winlogon: Shell - (C:\Users\Kalle und Lydia\AppData\Roaming\cache.dat) - H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat ()
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - H:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O29:64bit: - HKLM SecurityProviders - (credssp.dll) - H:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - H:\Windows\SysWow64\credssp.dll (Microsoft Corporation)
O30:64bit: - LSA: Authentication Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - H:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (kerberos) - H:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (msv1_0) - H:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (schannel) - H:\Windows\System32\schannel.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (wdigest) - H:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (tspkg) - H:\Windows\System32\tspkg.dll (Microsoft Corporation)
O30:64bit: - LSA: Security Packages - (pku2u) - H:\Windows\System32\pku2u.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - H:\Windows\SysWow64\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - H:\Windows\SysWow64\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - H:\Windows\SysWow64\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - H:\Windows\SysWow64\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - H:\Windows\SysWow64\tspkg.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (pku2u) - H:\Windows\SysWow64\pku2u.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (lsdelete) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/20 17:52:49 | 000,000,000 | -HSD | C] -- H:\RECYCLER
[2013/07/12 15:39:33 | 000,391,168 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\ieui.dll
[2013/07/12 15:39:32 | 000,526,336 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ieui.dll
[2013/07/12 15:39:31 | 000,136,704 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesysprep.dll
[2013/07/12 15:39:31 | 000,109,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iesysprep.dll
[2013/07/12 15:39:31 | 000,089,600 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\RegisterIEPKEYs.exe
[2013/07/12 15:39:31 | 000,071,680 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/07/12 15:39:31 | 000,067,072 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iesetup.dll
[2013/07/12 15:39:31 | 000,061,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iesetup.dll
[2013/07/12 15:39:31 | 000,051,712 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\ie4uinit.exe
[2013/07/12 15:39:31 | 000,039,936 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\iernonce.dll
[2013/07/12 15:39:31 | 000,033,280 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\iernonce.dll
[2013/07/12 15:39:29 | 000,855,552 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript.dll
[2013/07/12 15:39:29 | 000,690,688 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript.dll
[2013/07/12 15:39:29 | 000,603,136 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\msfeeds.dll
[2013/07/12 15:39:29 | 000,493,056 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\msfeeds.dll
[2013/07/12 15:39:28 | 003,958,784 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\jscript9.dll
[2013/07/12 15:39:27 | 002,877,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\jscript9.dll
[2013/07/12 02:10:48 | 000,624,128 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\qedit.dll
[2013/07/12 02:10:48 | 000,509,440 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\qedit.dll
[2013/07/12 02:10:46 | 001,887,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\WMVDECOD.DLL
[2013/07/12 02:10:46 | 001,620,480 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\WMVDECOD.DLL
[2013/07/12 02:09:58 | 001,643,520 | ---- | C] (Microsoft Corporation) -- H:\Windows\System32\DWrite.dll
[2013/07/12 02:09:58 | 001,247,744 | ---- | C] (Microsoft Corporation) -- H:\Windows\SysWow64\DWrite.dll
[2013/07/07 13:57:54 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\Mozilla Firefox
[2013/07/06 10:25:49 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/29 14:27:27 | 000,000,000 | ---D | C] -- H:\dbs
[2013/06/29 13:31:31 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\ABUS Security-Center
[2013/06/29 13:31:12 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/06/29 13:31:11 | 000,000,000 | ---D | C] -- H:\Program Files (x86)\WinPcap
[2013/06/29 13:28:02 | 000,000,000 | ---D | C] -- H:\ProgramData\ABUS Security-Center
[2013/06/29 13:27:56 | 000,000,000 | ---D | C] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2013/06/29 13:27:56 | 000,000,000 | ---D | C] -- H:\Program Files\ABUS Security-Center
[2013/06/29 13:27:09 | 000,000,000 | ---D | C] -- H:\Users\Kalle und Lydia\AppData\Roaming\ABUS Security-Center GmbH & Co. KG
[2012/10/01 16:49:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- H:\ProgramData\lsass.exe
========== Files - Modified Within 30 Days ==========
[2013/07/20 13:31:35 | 000,067,584 | --S- | M] () -- H:\Windows\bootstat.dat
[2013/07/20 13:31:29 | 000,000,064 | ---- | M] () -- H:\Windows\SysWow64\rp_stats.dat
[2013/07/20 13:31:29 | 000,000,044 | ---- | M] () -- H:\Windows\SysWow64\rp_rules.dat
[2013/07/20 13:31:28 | 000,000,408 | ---- | M] () -- H:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/07/20 13:30:58 | 3220,086,784 | -HS- | M] () -- H:\hiberfil.sys
[2013/07/20 12:09:44 | 000,000,004 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini
[2013/07/20 12:09:13 | 000,014,016 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 12:09:13 | 000,014,016 | -H-- | M] () -- H:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/07/20 12:06:55 | 009,270,816 | ---- | M] () -- H:\Windows\System32\perfh007.dat
[2013/07/20 12:06:55 | 003,141,018 | ---- | M] () -- H:\Windows\System32\perfh009.dat
[2013/07/20 12:06:55 | 002,812,480 | ---- | M] () -- H:\Windows\System32\perfc007.dat
[2013/07/20 12:06:55 | 002,517,734 | ---- | M] () -- H:\Windows\System32\perfc009.dat
[2013/07/20 12:06:55 | 000,005,222 | ---- | M] () -- H:\Windows\System32\PerfStringBackup.INI
[2013/07/20 12:06:12 | 000,001,128 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/07/20 12:03:17 | 000,001,124 | ---- | M] () -- H:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/07/20 12:02:45 | 000,000,006 | -H-- | M] () -- H:\Windows\tasks\SA.DAT
[2013/07/19 17:27:24 | 000,000,884 | ---- | M] () -- H:\Windows\tasks\Adobe Flash Player Updater.job
[2013/07/13 02:09:32 | 000,413,656 | ---- | M] () -- H:\Windows\System32\FNTCACHE.DAT
[2013/07/07 14:40:39 | 000,002,044 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2013/07/06 10:25:49 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2013/06/29 13:31:31 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABUS Security-Center
[2013/06/29 13:31:12 | 000,000,000 | ---D | M] -- H:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPcap
[2013/06/29 12:01:39 | 000,001,274 | ---- | M] () -- H:\Windows\wininit.ini
========== Files Created - No Company Name ==========
[2013/07/19 17:10:21 | 000,000,408 | ---- | C] () -- H:\Windows\tasks\Ad-Aware Update (Weekly).job
[2013/07/19 16:34:20 | 000,000,004 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini
[2013/06/29 12:01:36 | 000,001,274 | ---- | C] () -- H:\Windows\wininit.ini
[2013/06/07 17:40:37 | 095,023,320 | ---- | C] () -- H:\ProgramData\bocmj8.pad
[2012/08/12 07:25:05 | 000,000,040 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cdr.ini
[2012/08/12 07:22:06 | 000,000,073 | ---- | C] () -- H:\Windows\cdplayer.ini
[2012/08/12 07:19:37 | 000,001,534 | ---- | C] () -- H:\ProgramData\ss.ini
[2012/08/10 17:11:03 | 004,503,728 | ---- | C] () -- H:\ProgramData\00etadpu.pad
[2012/01/11 08:19:47 | 000,099,840 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat
[2011/07/20 05:37:46 | 000,000,064 | ---- | C] () -- H:\Windows\SysWow64\rp_stats.dat
[2011/07/20 05:37:46 | 000,000,044 | ---- | C] () -- H:\Windows\SysWow64\rp_rules.dat
[2011/05/18 07:33:45 | 000,252,928 | ---- | C] () -- H:\Windows\SysWow64\DShowRdpFilter.dll
[2010/06/25 13:03:12 | 000,053,299 | ---- | C] () -- H:\Windows\SysWow64\pthreadVC.dll
[2010/01/30 07:44:39 | 000,000,428 | ---- | C] () -- H:\Windows\MAXLINK.INI
[2009/12/24 16:41:51 | 000,109,744 | ---- | C] () -- H:\Users\Kalle und Lydia\AppData\Local\GDIPFONTCACHEV1.DAT
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- H:\Windows\bootstat.dat
[2009/07/14 01:32:39 | 000,043,318 | ---- | C] () -- H:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2009/07/14 01:32:39 | 000,029,779 | ---- | C] () -- H:\Windows\Fonts\GlobalSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,489 | ---- | C] () -- H:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2009/07/14 01:32:39 | 000,026,040 | ---- | C] () -- H:\Windows\Fonts\GlobalMonospace.CompositeFont
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- H:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:35:42 | 000,001,405 | ---- | C] () -- H:\Windows\msdfmap.ini
[2009/07/13 22:34:57 | 000,000,478 | ---- | C] () -- H:\Windows\win.ini
[2009/07/13 22:34:57 | 000,000,219 | ---- | C] () -- H:\Windows\system.ini
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- H:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- H:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- H:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- H:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- H:\Windows\SysWow64\msjetoledb40.dll
[2009/06/26 12:24:18 | 000,015,498 | ---- | C] () -- H:\Windows\VX3000.ini
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- H:\Windows\SysWow64\mlang.dat
========== LOP Check ==========
[2013/05/25 08:16:23 | 000,000,000 | ---D | M] -- H:\ProgramData\74A3C6B67685FB86000074A3521E0668
[2013/06/29 14:27:27 | 000,000,000 | ---D | M] -- H:\ProgramData\ABUS Security-Center
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Application Data
[2012/10/20 04:30:04 | 000,000,000 | ---D | M] -- H:\ProgramData\Ask
[2010/12/26 08:20:35 | 000,000,000 | ---D | M] -- H:\ProgramData\Citrix
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Documents
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Dokumente
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Favorites
[2012/08/12 07:19:34 | 000,000,000 | ---D | M] -- H:\ProgramData\FreeRIP
[2010/01/30 07:44:31 | 000,000,000 | ---D | M] -- H:\ProgramData\ScanSoft
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Start Menu
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- H:\ProgramData\Templates
[2013/05/20 14:40:41 | 000,000,000 | ---D | M] -- H:\ProgramData\tmp
[2009/12/21 13:20:49 | 000,000,000 | -HSD | M] -- H:\ProgramData\Vorlagen
[2013/07/20 13:31:28 | 000,000,408 | ---- | M] () -- H:\Windows\Tasks\Ad-Aware Update (Weekly).job
[2013/04/13 17:19:27 | 000,032,632 | ---- | M] () -- H:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
< End of report >
|
|
21.07.2013, 10:25
| #2 |
| /// Helfer-Team  | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Die Bereinigung besteht aus mehreren Schritten, die ausgefuehrt werden muessen. Diese Nacheinander abarbeiten und die 3 Logs, die dabei erstellt werden bitte in deine naechste Antwort einfuegen. Sollte der OTL-FIX nicht richig durchgelaufen sein. Fahre nicht fort, sondern melde dies bitte. 1. Schritt Fixen mit OTLpe
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [ApnUpdater] File not found
O4 - HKLM..\Run: [zzzHPSETUP] File not found
O20 - HKU\Kalle_und_Lydia_ON_H Winlogon: Shell - (C:\Users\Kalle und Lydia\AppData\Roaming\cache.dat) - H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat ()
[2012/10/01 16:49:38 | 000,044,544 | ---- | C] (Microsoft Corporation) -- H:\ProgramData\lsass.exe
[2013/07/20 12:09:44 | 000,000,004 | ---- | M] () -- H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini
[2013/06/07 17:40:37 | 095,023,320 | ---- | C] () -- H:\ProgramData\bocmj8.pad
[2013/05/25 08:16:23 | 000,000,000 | ---D | M] -- H:\ProgramData\74A3C6B67685FB86000074A3521E0668
[2013/05/20 14:40:41 | 000,000,000 | ---D | M] -- H:\ProgramData\tmp
[2012/08/10 17:11:03 | 004,503,728 | ---- | C] () -- H:\ProgramData\00etadpu.pad
dann nrmal neustarten, und: 2. Schritt Downloade Dir bitte  Malwarebytes Anti-Malware
danach: 3. Schritt Downloade Dir bitte  AdwCleaner auf deinen Desktop.
__________________ |
|
22.07.2013, 19:08
| #3 |
| | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Hier der Inhalt aus der LOG-Datei:
__________________========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\ApnUpdater deleted successfully. Registry value HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Run\\zzzHPSETUP deleted successfully. Registry value HKEY_USERS\Kalle_und_Lydia_ON_H\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Kalle und Lydia\AppData\Roaming\cache.dat deleted successfully. H:\Users\Kalle und Lydia\AppData\Roaming\cache.dat moved successfully. H:\ProgramData\lsass.exe moved successfully. H:\Users\Kalle und Lydia\AppData\Roaming\cache.ini moved successfully. H:\ProgramData\bocmj8.pad moved successfully. Folder H:\ProgramData\74A3C6B67685FB86000074A3521E0668\ not found. H:\ProgramData\tmp folder moved successfully. H:\ProgramData\00etadpu.pad moved successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 07232013_002456 Hier das Ergebnis von Malwarebytes: Malwarebytes Anti-Malware (Test) 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.07.22.06 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 10.0.9200.16635 Kalle und Lydia :: KALLEUNDLYDIA [Administrator] Schutz: Aktiviert 22.07.2013 18:43:24 mbam-log-2013-07-22 (18-43-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|H:\|I:\|J:\|K:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 383536 Laufzeit: 1 Stunde(n), 9 Minute(n), 49 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\_OTL\MovedFiles\07232013_002456\H_Users\Kalle und Lydia\AppData\Roaming\cache.dat (Malware.Packer.RRE) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Hier die Logdatei von adwcleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.306 - Datei am 22/07/2013 um 20:00:54 erstellt
# Aktualisiert am 19/07/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Kalle und Lydia - KALLEUNDLYDIA
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Kalle und Lydia\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\pdfforge@mybrowserbar.com
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\extensions\searchsettings@spigot.com
Datei Gelöscht : C:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\searchplugins\Askcom.xml
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\Users\Kalle und Lydia\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Kalle und Lydia\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Kalle und Lydia\AppData\LocalLow\pdfforge
Ordner Gelöscht : C:\Users\Kalle und Lydia\AppData\LocalLow\Search Settings
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\pdfforge
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\Search Settings
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{97F2FF5B-260C-4CCF-834A-2DDA4E29E39E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\EscDomains\grusskartencenter.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKCU\Software\Search Settings
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\YahooPartnerToolbar
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\Software\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\Software\pdfforge
Schlüssel Gelöscht : HKLM\Software\Search Settings
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{E312764E-7706-43F1-8DAB-FCDD2B1E416D}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16635
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v22.0 (de)
Datei : C:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\prefs.js
C:\Users\Kalle und Lydia\AppData\Roaming\Mozilla\Firefox\Profiles\t7zuii8r.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.defaultthis.engineName", "Elf 1 Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&Sea[...]
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.BabylonToolbar.bbDpng", 18);
Gelöscht : user_pref("extensions.BabylonToolbar.cntry", "DE");
Gelöscht : user_pref("extensions.BabylonToolbar.firstRun", false);
Gelöscht : user_pref("extensions.BabylonToolbar.hdrMd5", "091DBB15A8309553D03AD0886141F62D");
Gelöscht : user_pref("extensions.BabylonToolbar.lastActv", "18");
Gelöscht : user_pref("extensions.BabylonToolbar.lastDP", 18);
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "hxxp://search.conduit.com/ResultsExt.aspx?cti[...]
Gelöscht : user_pref("keyword.URL", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2856415&q=");
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Kalle und Lydia\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [7060 octets] - [22/07/2013 20:00:54]
########## EOF - C:\AdwCleaner[S1].txt - [7120 octets] ##########
|
|
22.07.2013, 19:09
| #4 |
| /// Helfer-Team | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Sehr gut!  Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). danach: Downloade Dir bitte  SecurityCheck und:
|
|
22.07.2013, 19:12
| #5 |
| | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Jetzt läuft wieder alles normal, vielen Dank für deine schnelle Hilfe Da hab ich nochmal  gehabt. |
|
22.07.2013, 19:12
| #6 |
| /// Helfer-Team | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter
__________________ --> GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter |
|
23.07.2013, 17:21
| #7 |
| | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Hier der aswMBR LOG: aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-07-23 05:59:37 ----------------------------- 05:59:37.448 OS Version: Windows x64 6.1.7601 Service Pack 1 05:59:37.448 Number of processors: 2 586 0x6B02 05:59:37.449 ComputerName: KALLEUNDLYDIA UserName: 05:59:38.909 Initialize success 06:00:36.212 AVAST engine defs: 13072202 06:00:57.667 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-3 06:00:57.672 Disk 0 Vendor: Hitachi_HDP725040GLA360 GMDOA52A Size: 381554MB BusType: 3 06:00:57.896 Disk 0 MBR read successfully 06:00:57.899 Disk 0 MBR scan 06:00:57.905 Disk 0 Windows 7 default MBR code 06:00:57.920 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 06:00:57.973 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 381452 MB offset 206848 06:00:58.069 Disk 0 scanning C:\Windows\system32\drivers 06:01:26.795 Service scanning 06:02:01.995 Modules scanning 06:02:02.003 Disk 0 trace - called modules: 06:02:02.018 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys 06:02:02.022 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004835060] 06:02:02.358 3 CLASSPNP.SYS[fffff8800191e43f] -> nt!IofCallDriver -> [0xfffffa80046d5580] 06:02:02.363 5 ACPI.sys[fffff88000f1c7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP2T0L0-3[0xfffffa80046d7060] 06:02:02.987 AVAST engine scan C:\Windows 06:02:05.137 AVAST engine scan C:\Windows\system32 06:07:00.084 AVAST engine scan C:\Windows\system32\drivers 06:07:15.134 AVAST engine scan C:\Users\Kalle und Lydia 06:15:44.818 AVAST engine scan C:\ProgramData 06:17:26.859 Scan finished successfully 18:15:50.120 Disk 0 MBR has been saved successfully to "C:\Users\Kalle und Lydia\Desktop\MBR.dat" 18:15:50.312 The log file has been saved successfully to "C:\Users\Kalle und Lydia\Desktop\aswMBR.txt" MfG Picasso4711! |
|
23.07.2013, 19:44
| #8 |
| /// Helfer-Team | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter SecurityCheck? |
|
23.07.2013, 20:36
| #9 |
| | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Hi, wenn ich SecurityCheck starte sollte doch die DOS Box aufmachen, die erscheint aber nur ganz kurz und ist dann wieder weg. Auch wenn ich es über die Suche probiere und es mit der CMD eingabe versuche habe ich das selbe Phenomen. Was nun? Mfg Picasso |
|
24.07.2013, 11:08
| #10 |
| /// Helfer-Team | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Java aktualisieren Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Dann so einstellen: http://www.trojaner-board.de/105213-...tellungen.html Danach poste (kopieren und einfuegen) mir, was du hier angezeigt bekommst: PluginCheck Java deaktivieren Aufgrund derezeitigen Sicherheitsluecke: http://www.trojaner-board.de/122961-...ktivieren.html Danach poste mir (kopieren und einfuegen), was du hier angezeigt bekommst: PluginCheck |
|
13.10.2013, 08:51
| #11 |
| /// Helfer-Team | GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter Fehlende Rückmeldung Gibt es Probleme beim Abarbeiten obiger Anleitung? Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen. Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema. http://www.trojaner-board.de/69886-a...-beachten.html Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist. |
|
| Themen zu GVU Trojaner - Windows 7 fährt im abgesicherten Modus automatisch runter |
| ad-aware, adobe, antivir, autorun, avira, defender, desktop, dvu virus, error, explorer, firefox, flash player, format, fährt von alleine wieder runter, log in, malware.packer.rre, mozilla, nvidia, object, opera, plug-in, registry, safer networking, schannel.dll, security, senden, software, trojaner, windows |
Textbox.
Linear-Darstellung
