| |
| |||||||
Log-Analyse und Auswertung: Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVirWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
25.07.2013, 19:02
| #1 | |||
 |  Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Hallo, seit gestern habe ich ein paar Probleme auf meinen Windows Vista System. Die Kommandozeile lässt sich nicht mehr öffnen. Nicht aus dem Menü und auch nicht aus dem System32-Ordner. Ich habe probeweise einen neuen Benutzer erstellt, welcher die Kommandozeile ausführen kann. Beim Bearbeiten der Schritte zur Log-Erstellung konnte ich feststellen, dass sich AntiVir nicht deaktivieren lässt. Zur Sicherheit hier die Logs: OTL: Zitat:
Extra-Log: Zitat:
Zitat:
|
|
25.07.2013, 19:09
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Hallo und
__________________ Zitat:
Es geht weiter wenn du alles Illegale entfernt hast. Bei wiederholten Crack/Keygen Verstößen behalte ich es mir vor, den Support einzustellen, d.h. Hilfe nur noch bei der Datensicherung und Neuinstallation des Betriebssystems.
__________________ |
|
25.07.2013, 20:50
| #3 |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Ok, ich hab nochmal neu gestartet und gescannt:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/25/2013 9:22:25 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Matze\Desktop 64bit-Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Vereinigte Staaten von Amerika | Language: ENU | Date Format: M/d/yyyy 4.00 Gb Total Physical Memory | 2.46 Gb Available Physical Memory | 61.63% Memory free 8.17 Gb Paging File | 6.37 Gb Available in Paging File | 78.01% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 285.47 Gb Total Space | 37.64 Gb Free Space | 13.18% Space Free | Partition Type: NTFS Drive D: | 10.00 Gb Total Space | 2.51 Gb Free Space | 25.14% Space Free | Partition Type: NTFS Computer Name: MATZEBOOK | User Name: Matze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe PRC - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013/06/27 10:39:10 | 000,345,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2013/05/25 02:47:30 | 027,776,968 | ---- | M] (Dropbox, Inc.) -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2013/04/03 03:06:06 | 003,684,488 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe PRC - [2013/04/03 03:05:58 | 002,777,736 | ---- | M] (Crawler.com) -- C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe PRC - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe PRC - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe PRC - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) -- C:\Program Files (x86)\Online Armor\oacat.exe PRC - [2011/02/28 10:44:18 | 001,579,520 | ---- | M] (ESRI) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe PRC - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe PRC - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe PRC - [2008/10/13 15:57:54 | 000,962,480 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe PRC - [2008/10/13 15:53:48 | 004,378,000 | ---- | M] (Acronis) -- C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe PRC - [2008/10/13 12:16:50 | 000,165,144 | ---- | M] (Acronis) -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe PRC - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) -- C:\Program Files\Dell\DellDock\DockLogin.exe PRC - [2008/08/06 14:40:26 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\Windows\OEM02Mon.exe ========== Modules (No Company Name) ========== MOD - [2013/03/13 22:48:52 | 024,978,944 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\libcef.dll MOD - [2012/11/14 01:32:50 | 003,558,400 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\Dropbox\bin\wxmsw28uh_vc.dll MOD - [2012/01/16 21:06:32 | 000,577,621 | ---- | M] () -- C:\Program Files (x86)\Spyware Terminator\sqlite3.dll ========== Services (SafeList) ========== SRV:64bit: - [2012/06/20 15:20:52 | 001,315,592 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV:64bit: - [2009/09/25 21:42:00 | 001,044,992 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysNative\LMabcoms.exe -- (lmab_device) SRV:64bit: - [2008/10/16 19:05:00 | 001,449,984 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2008/10/16 18:27:20 | 000,826,368 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2008/09/23 23:09:52 | 000,155,648 | ---- | M] (Stardock Corporation) [Auto | Running] -- C:\Program Files\Dell\DellDock\DockLogin.exe -- (DockLoginService) SRV:64bit: - [2008/07/17 14:23:00 | 000,122,880 | ---- | M] (IDT, Inc.) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\STacSV64.exe -- (STacSV) SRV:64bit: - [2008/07/17 14:22:52 | 000,086,016 | ---- | M] (Andrea Electronics Corporation) [Auto | Running] -- C:\Windows\SysNative\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe -- (AESTFilters) SRV - [2013/07/21 09:35:39 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013/06/27 10:39:20 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013/06/27 10:39:10 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013/06/26 16:17:50 | 000,117,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013/04/03 03:06:12 | 001,149,104 | ---- | M] (Crawler.com) [Auto | Running] -- C:\Program Files (x86)\Spyware Terminator\st_rsser64.exe -- (ST2012_Svc) SRV - [2012/12/07 18:26:56 | 000,167,424 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service) SRV - [2012/07/27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/06/20 15:20:56 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand | Running] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/06/04 20:17:41 | 004,382,968 | ---- | M] (Emsi Software GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\Online Armor\OAsrv.exe -- (SvcOnlineArmor) SRV - [2012/06/04 20:15:53 | 000,210,920 | ---- | M] (Emsi Software GmbH) [Auto | Running] -- C:\Program Files (x86)\Online Armor\oacat.exe -- (OAcat) SRV - [2010/11/09 10:25:38 | 001,386,320 | ---- | M] (Flexera Software, Inc.) [Auto | Running] -- C:\Program Files (x86)\ArcGIS\License10.0\bin\lmgrd.exe -- (ArcGIS License Manager) SRV - [2010/11/08 23:04:26 | 000,036,352 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\OpenVPN\bin\openvpnserv.exe -- (OpenVPNService) SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/09/25 21:42:00 | 000,593,920 | ---- | M] ( ) [Auto | Running] -- C:\Windows\SysWOW64\lmabcoms.exe -- (lmab_device) SRV - [2009/03/30 06:42:14 | 000,066,368 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009/03/03 12:19:28 | 000,691,200 | ---- | M] (FileZilla Project) [Disabled | Stopped] -- C:\Program Files (x86)\FileZilla Server\FileZilla server.exe -- (FileZilla Server) SRV - [2008/10/24 16:35:44 | 000,128,296 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008/10/20 22:18:26 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU) SRV - [2008/10/13 12:18:16 | 000,743,192 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc) SRV - [2007/10/14 21:15:16 | 000,963,072 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2007/05/31 17:11:54 | 000,443,784 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007/05/31 17:11:46 | 000,225,672 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\stflt.sys -- (sp_rsdrv2) DRV:64bit: - [2013/04/30 11:11:01 | 000,028,600 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013/04/30 11:11:00 | 000,130,016 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\DRIVERS\avipbb.sys -- (avipbb) DRV:64bit: - [2013/04/30 11:10:59 | 000,100,712 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\avgntflt.sys -- (avgntflt) DRV:64bit: - [2013/02/12 04:18:19 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\usb8023x.sys -- (usb_rndisx) DRV:64bit: - [2012/12/07 19:27:50 | 000,036,928 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\htcnprot.sys -- (htcnprot) DRV:64bit: - [2012/06/04 20:19:18 | 000,035,368 | ---- | M] (Emsisoft) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\oanet.sys -- (OAnet) DRV:64bit: - [2012/02/29 15:52:46 | 000,016,384 | ---- | M] (Microsoft Corporation) [Recognizer | System | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/12/26 21:49:10 | 000,016,760 | ---- | M] (Intel Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\Drivers\sepdal.sys -- (sepdal) DRV:64bit: - [2011/09/22 21:01:54 | 000,311,144 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Stopped] -- C:\Windows\SysNative\DRIVERS\RsFx0105.sys -- (RsFx0105) DRV:64bit: - [2010/11/08 23:04:26 | 000,030,720 | ---- | M] (The OpenVPN Project) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\tap0901.sys -- (tap0901) DRV:64bit: - [2009/11/05 13:58:12 | 000,273,088 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\AF9035BDA.sys -- (AF9035BDA) DRV:64bit: - [2009/11/02 15:38:02 | 000,865,344 | ---- | M] (DiBcom) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\dvb7700all.sys -- (mod7700) DRV:64bit: - [2009/10/01 02:51:42 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\wpdusb.sys -- (WpdUsb) DRV:64bit: - [2009/06/03 15:05:45 | 001,580,576 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\tdrpm147.sys -- (tdrpman147) DRV:64bit: - [2009/06/03 15:05:33 | 000,880,160 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\timntr.sys -- (timounter) DRV:64bit: - [2009/06/03 15:05:33 | 000,083,488 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\Windows\SysNative\DRIVERS\tifsfilt.sys -- (tifsfilter) DRV:64bit: - [2009/06/03 15:05:24 | 000,237,600 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\Windows\SysNative\DRIVERS\snman380.sys -- (snapman380) DRV:64bit: - [2009/04/11 07:03:32 | 000,111,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\sdbus.sys -- (sdbus) DRV:64bit: - [2008/11/17 08:50:30 | 004,751,360 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\NETw5v64.sys -- (NETw5v64) DRV:64bit: - [2008/10/23 07:45:58 | 000,057,856 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rixdpx64.sys -- (rismxdp) DRV:64bit: - [2008/10/23 07:45:56 | 000,062,976 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimmpx64.sys -- (rimmptsk) DRV:64bit: - [2008/10/23 07:45:54 | 000,055,296 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\DRIVERS\rimspx64.sys -- (rimsptsk) DRV:64bit: - [2008/09/22 13:44:28 | 000,384,024 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iastor.sys -- (iaStor) DRV:64bit: - [2008/08/28 07:09:32 | 003,154,944 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\NETw4v64.sys -- (NETw4v64) DRV:64bit: - [2008/08/06 14:40:30 | 000,012,288 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Vfx.sys -- (OEM02Vfx) DRV:64bit: - [2008/07/23 11:51:08 | 000,199,728 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2008/07/17 14:23:14 | 000,393,216 | ---- | M] (IDT, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\stwrt64.sys -- (STHDA) DRV:64bit: - [2008/06/19 14:22:46 | 000,062,480 | ---- | M] (UPEK Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\Drivers\tcusb.sys -- (TcUsb) DRV:64bit: - [2008/02/06 03:00:00 | 000,054,480 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\Drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2008/01/21 04:49:47 | 000,011,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\Drivers\RootMdm.sys -- (ROOTMODEM) DRV:64bit: - [2008/01/21 04:47:25 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\serscan.sys -- (StillCam) DRV:64bit: - [2008/01/21 04:46:57 | 000,022,528 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2008/01/21 04:46:55 | 000,317,952 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\e1e6032e.sys -- (e1express) DRV:64bit: - [2007/12/06 09:51:00 | 000,391,680 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\yk60x64.sys -- (yukonx64) DRV:64bit: - [2007/10/10 17:03:00 | 000,266,624 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\DRIVERS\OEM02Dev.sys -- (OEM02Dev) DRV:64bit: - [2006/11/07 03:52:50 | 000,086,832 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2006/11/07 01:13:44 | 000,020,016 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\btwrchid.sys -- (btwrchid) DRV:64bit: - [2006/11/07 01:13:42 | 000,094,512 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2006/11/02 09:48:50 | 002,488,320 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\DRIVERS\atikmdag.sys -- (R300) DRV:64bit: - [2006/04/20 08:22:00 | 000,141,888 | ---- | M] (SafeNet, Inc.) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\Drivers\SENTINEL64.SYS -- (Sentinel) DRV - [2012/06/04 20:19:18 | 000,040,512 | ---- | M] (Emsisoft) [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\OAmon.sys -- (OAmon) DRV - [2012/06/04 20:19:17 | 000,061,624 | ---- | M] () [File_System | System | Running] -- C:\Windows\SysWOW64\drivers\OADriver.sys -- (OADevice) DRV - [2012/06/04 20:16:11 | 000,061,624 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysWOW64\drivers\oahlp64.sys -- (oahlpXX) DRV - [2004/04/05 08:57:46 | 000,966,352 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\Capi20.sys -- (CAPI20) DRV - [2003/03/19 14:36:48 | 000,037,696 | ---- | M] (DeTeWe Berlin) [Kernel | Auto | Stopped] -- C:\Windows\SysWOW64\drivers\DETEWECP.SYS -- (DETEWECP) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {8CC1B7C0-3FDB-4368-82C6-F39F339FB180} IE:64bit: - HKLM\..\SearchScopes\{8CC1B7C0-3FDB-4368-82C6-F39F339FB180}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&Form=DLCDF7&pc=MDDC&src={referrer:source?} IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.uk.msn.com/USCON/8 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "foxsearch" FF - prefs.js..browser.search.order.1: "foxsearch" FF - prefs.js..browser.search.selectedEngine: "foxsearch" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledItems: firefox@tvunetworks.com:2 FF - prefs.js..extensions.enabledItems: 4 FF - prefs.js..extensions.enabledItems: 9 FF - prefs.js..extensions.enabledItems: 1 FF - prefs.js..extensions.enabledItems: {A27F3FEF-1113-4cfb-A032-8E12D7D8EE70}:7.3.2.26 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_7_700_224.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: C:\Program Files\XChangePDFViewer\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker\bin\npFFApi.dll File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.25.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.25.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8051.1204: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pages.tvunetworks.com/WebPlayer: C:\Windows\system32\TVUAx\npTVUAx.dll (TVU networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=0.9.9: C:\Program Files (x86)\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Matze\AppData\Local\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{FFB96CC1-7EB3-449D-B827-DB661701C6BB}: C:\Program Files\CheckPoint\ZAForceField\WOW64\TrustChecker FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox351\components [2010/02/20 10:50:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.5.8\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox351\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Sunbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Sunbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\{A69F5EC7-88F0-4902-A15C-E569DFA33C3A}: C:\Program Files (x86)\BirdieSync\Thunderbird Service [2010/09/23 17:19:24 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/05/06 09:26:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 09:50:17 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/07/25 21:09:01 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013/06/26 16:17:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013/06/26 16:17:40 | 000,000,000 | ---D | M] [2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions [2010/01/12 21:17:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012/10/25 17:41:45 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions [2010/04/29 08:43:36 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2009/11/29 19:37:30 | 000,000,000 | ---D | M] (TVU Web Player) -- C:\Users\Matze\AppData\Roaming\mozilla\Firefox\Profiles\82wuf84f.default\extensions\firefox@tvunetworks.com [2011/12/19 14:17:47 | 000,000,933 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\11-suche.xml [2011/12/19 14:17:47 | 000,002,419 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\englische-ergebnisse.xml [2011/12/19 14:17:47 | 000,010,525 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\gmx-suche.xml [2011/12/19 14:17:47 | 000,002,457 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\lastminute.xml [2011/12/19 14:17:47 | 000,005,508 | ---- | M] () -- C:\Users\Matze\AppData\Roaming\mozilla\firefox\profiles\82wuf84f.default\searchplugins\webde-suche.xml [2013/06/25 09:04:34 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2012/07/20 09:50:17 | 000,136,672 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2010/03/19 10:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012/06/18 10:30:29 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/06/18 10:30:29 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/18 10:30:29 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2011/02/15 22:04:06 | 000,000,143 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\foxsearch.src [2012/06/18 10:30:29 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/18 10:30:29 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/18 10:30:29 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter} CHR - homepage: CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\21.0.1180.89\PepperFlash\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_271.dll CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Matze\AppData\Local\Google\Chrome\Application\28.0.1500.72\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.330.3 (Enabled) = C:\Windows\SysWOW64\npdeployJava1.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox351\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office Live Plug-in for Firefox (Enabled) = C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npLegitCheckPlugin.dll CHR - plugin: Gutscheinmieze-Plugin (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll CHR - plugin: VLC Multimedia Plug-in (Enabled) = C:\Program Files (x86)\VLC\npvlc.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: TVU Web Player for FireFox (Enabled) = C:\Windows\system32\TVUAx\npTVUAx.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll O1 HOSTS File: ([2009/05/25 14:27:19 | 000,000,794 | ---- | M]) - C:\Windows\SysNative\drivers\etc\Hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (PDF-XChange Viewer IE-Plugin) - {C5D07EB6-BBCE-4DAE-ACBB-D13A8D28CB1F} - C:\Program Files\XChangePDFViewer\PDF Viewer\Win32\PDFXCviewIEPlugin.dll (Tracker Software Products Ltd.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (TerraTec Home Cinema) - {AD6E6555-FB2C-47D4-8339-3E2965509877} - C:\Program Files (x86)\TerraTec\TerraTec Home Cinema\ThcDeskBand.dll (TerraTec Electronic GmbH) O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found. O4:64bit: - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis) O4:64bit: - HKLM..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [SigmatelSysTrayApp] C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray64.exe (IDT, Inc.) O4:64bit: - HKLM..\Run: [SpywareTerminatorShield] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorShield.exe (Crawler.com) O4:64bit: - HKLM..\Run: [SpywareTerminatorUpdater] C:\Program Files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe (Crawler.com) O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe (Acronis) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe (Creative Technology Ltd.) O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis) O4 - Startup: C:\Users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: disableCAD = 1 O8:64bit: - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8:64bit: - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html File not found O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - res://C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation) O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Programs\PartyGaming\PartyPoker\RunApp.exe () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9F424424-480A-472D-AC66-23A440330559}: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O20:64bit: - AppInit_DLLs: (acaptuser64.dll) - C:\Windows\SysNative\acaptuser64.dll (Adobe Systems, Inc.) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\Windows\SysNative\vrlogon.dll (UPEK Inc.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Windows\system32\psqlpwd.dll) - C:\Windows\SysNative\psqlpwd.dll (UPEK Inc.) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\XPS_NB_1280x864_NewBlue.jpg O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell - "" = AutoRun O33 - MountPoints2\{135e0603-773c-11e2-bd6a-0023ae11b0be}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell - "" = AutoRun O33 - MountPoints2\{8b2a9945-e0d2-11de-b77b-0023ae11b0be}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell - "" = AutoRun O33 - MountPoints2\{b0707254-bcd2-11e0-8c2a-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell - "" = AutoRun O33 - MountPoints2\{de74f350-79f9-11df-a286-00215ca0d0f1}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell - "" = AutoRun O33 - MountPoints2\{fab8016b-075b-11e0-84c3-00215ca0d0f1}\Shell\AutoRun\command - "" = "F:\WD SmartWare.exe" autoplay=true O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2013/07/25 21:06:58 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2013/07/25 11:01:36 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe [2013/07/24 15:09:10 | 000,051,496 | ---- | C] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Spyware Terminator [2013/07/24 15:09:03 | 000,000,000 | ---D | C] -- C:\ProgramData\Spyware Terminator [2013/07/24 15:08:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spyware Terminator 2012 [2013/07/24 15:08:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Spyware Terminator [2013/07/22 03:01:31 | 000,000,000 | ---D | C] -- C:\Windows\SysNative\MRT [2013/07/10 15:44:42 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/07/10 15:44:42 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/07/10 15:44:40 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/07/10 15:44:40 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/07/10 15:44:40 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/07/10 15:44:40 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/07/10 15:44:39 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/07/10 15:44:39 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/07/10 15:44:38 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/07/10 15:44:38 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/07/10 15:44:38 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/07/10 15:44:37 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/07/10 15:44:37 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/07/10 15:44:37 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/07/10 15:44:36 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/07/10 15:34:16 | 000,619,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\qedit.dll [2013/07/10 15:34:15 | 000,505,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\qedit.dll [2013/07/10 15:33:47 | 001,556,480 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\DWrite.dll [2013/07/10 15:33:46 | 000,566,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10level9.dll [2013/07/10 15:33:46 | 000,327,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1core.dll [2013/07/10 15:33:45 | 002,002,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10warp.dll [2013/07/10 15:33:45 | 001,268,224 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10.dll [2013/07/10 15:33:45 | 000,834,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d2d1.dll [2013/07/10 15:33:45 | 000,287,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10core.dll [2013/07/10 15:33:44 | 000,196,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\d3d10_1.dll [2013/07/10 15:33:42 | 001,548,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WMVDECOD.DLL [2013/07/10 15:33:41 | 001,706,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WMVDECOD.DLL [2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ythu [2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ylpayp [2013/07/04 17:13:29 | 000,000,000 | ---D | C] -- C:\Users\Matze\AppData\Roaming\Ilkid [2013/06/26 16:17:38 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/07/25 21:18:53 | 003,172,944 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/07/25 21:16:12 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.dat [2013/07/25 21:16:12 | 000,178,149 | ---- | M] () -- C:\ProgramData\nvModes.001 [2013/07/25 21:15:03 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2013/07/25 21:15:03 | 000,003,744 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2013/07/25 21:14:46 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/07/25 21:13:24 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2013/07/25 11:02:54 | 000,377,856 | ---- | M] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe [2013/07/25 11:01:33 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Matze\Desktop\OTL.exe [2013/07/25 10:46:56 | 000,000,000 | ---- | M] () -- C:\Users\Matze\defogger_reenable [2013/07/25 10:45:50 | 000,050,477 | ---- | M] () -- C:\Users\Matze\Desktop\Defogger.exe [2013/07/24 15:09:10 | 000,051,496 | ---- | M] (Windows (R) Win 7 DDK provider) -- C:\Windows\SysNative\drivers\stflt.sys [2013/07/24 15:08:36 | 000,000,839 | ---- | M] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013/07/24 08:06:37 | 000,001,782 | -H-- | M] () -- C:\Users\Matze\Documents\Default.rdp [2013/07/21 09:35:40 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/07/21 09:35:38 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/07/21 09:35:38 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/07/21 09:05:19 | 000,000,600 | ---- | M] () -- C:\Users\Matze\AppData\Local\PUTTY.RND [2013/07/21 05:32:47 | 000,000,680 | ---- | M] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat [2013/07/18 19:10:47 | 001,776,322 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/07/18 19:10:47 | 000,753,028 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/07/18 19:10:47 | 000,703,018 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/07/18 19:10:47 | 000,174,794 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/07/18 19:10:47 | 000,148,542 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/07/16 12:57:52 | 000,011,544 | ---- | M] () -- C:\Users\Matze\Desktop\fert_var.R [2013/07/15 15:34:32 | 000,000,508 | ---- | M] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R [2013/07/13 08:31:02 | 000,002,044 | ---- | M] () -- C:\Users\Matze\Desktop\Google Chrome.lnk [2013/07/13 08:25:41 | 000,000,856 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job [2013/07/12 20:00:42 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job [2013/07/08 13:01:58 | 000,767,723 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf [2013/07/08 13:01:15 | 001,161,686 | ---- | M] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf [2013/07/08 08:16:14 | 000,000,908 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job [2013/07/08 08:00:49 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/07/07 11:13:36 | 000,041,158 | ---- | M] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf [2013/07/07 11:02:56 | 002,921,444 | ---- | M] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf [2013/07/07 10:57:08 | 001,375,797 | ---- | M] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf [2013/07/05 16:36:46 | 001,842,004 | ---- | M] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf [2013/07/05 16:35:14 | 001,251,889 | ---- | M] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf [2013/07/05 16:33:55 | 000,705,320 | ---- | M] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf [2013/07/05 16:31:53 | 000,671,065 | ---- | M] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf [2013/07/05 15:22:39 | 000,005,142 | ---- | M] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R [2013/07/05 14:32:35 | 014,343,128 | ---- | M] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf [2013/07/05 10:21:54 | 000,003,448 | ---- | M] () -- C:\Users\Matze\Documents\no3leachsub.pdf [2013/07/02 09:15:44 | 000,002,255 | ---- | M] () -- C:\Users\Matze\Desktop\nitrate_shape.R [1 C:\Users\Matze\AppData\Local\*.tmp files -> C:\Users\Matze\AppData\Local\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/07/25 11:02:59 | 000,377,856 | ---- | C] () -- C:\Users\Matze\Desktop\gmer_2.1.19163.exe [2013/07/25 10:46:56 | 000,000,000 | ---- | C] () -- C:\Users\Matze\defogger_reenable [2013/07/25 10:46:08 | 000,050,477 | ---- | C] () -- C:\Users\Matze\Desktop\Defogger.exe [2013/07/24 15:08:36 | 000,000,839 | ---- | C] () -- C:\Users\Public\Desktop\Spyware Terminator 2012.lnk [2013/07/16 08:20:10 | 000,000,508 | ---- | C] () -- C:\Users\Matze\Desktop\_1_lhs_nitrate004.R [2013/07/15 22:46:15 | 000,011,544 | ---- | C] () -- C:\Users\Matze\Desktop\fert_var.R [2013/07/13 08:25:41 | 000,000,856 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job [2013/07/12 20:00:42 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job [2013/07/08 13:01:57 | 000,767,723 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Nitrogen leaching losses after biogas residue application to maize.pdf [2013/07/08 13:00:38 | 001,161,686 | ---- | C] () -- C:\Users\Matze\Desktop\Svoboda 2013 Crop production for biogas and water protection—A trade-off.pdf [2013/07/07 11:13:36 | 000,041,158 | ---- | C] () -- C:\Users\Matze\Desktop\Filipinski 2009 - Nährstoffausträge bei ökologisch und konventioneller beritschafteten Boden-Dauerbeobachtungsflächen in SH.pdf [2013/07/07 11:02:56 | 002,921,444 | ---- | C] () -- C:\Users\Matze\Desktop\Kunkel 2012 Modellierung der Denitrifikation im Boden und.pdf [2013/07/07 10:57:07 | 001,375,797 | ---- | C] () -- C:\Users\Matze\Desktop\Nmin Bauernblatt_Artikelserie_Artikel_7.pdf [2013/07/05 16:36:46 | 001,842,004 | ---- | C] () -- C:\Users\Matze\Desktop\Munz 2011 Reducing monitoring gaps at the aquifer-river interface by modelling groundwater-surface water exchange flow patterns.pdf [2013/07/05 16:35:13 | 001,251,889 | ---- | C] () -- C:\Users\Matze\Desktop\Saenger 2005 A numerical study of surface-subsurface exchange processes at a riffle-pool pair in the Lahn River, Germany.pdf [2013/07/05 16:33:55 | 000,705,320 | ---- | C] () -- C:\Users\Matze\Desktop\Krause 2007 The impact of groundwater–surface water interactions on the water balance of a mesoscale lowland river catchment in norteastern Germany.pdf [2013/07/05 16:31:52 | 000,671,065 | ---- | C] () -- C:\Users\Matze\Desktop\Harbaugh - Modflow.pdf [2013/07/05 14:31:59 | 014,343,128 | ---- | C] () -- C:\Users\Matze\Desktop\DIPCON 2010 Diffuse Pollution and Eutrophication.pdf [2013/07/05 12:59:06 | 000,005,142 | ---- | C] () -- C:\Users\Matze\Desktop\nitrat_frachten_year_sub.R [2013/07/05 10:21:54 | 000,003,448 | ---- | C] () -- C:\Users\Matze\Documents\no3leachsub.pdf [2013/07/02 09:15:36 | 000,002,255 | ---- | C] () -- C:\Users\Matze\Desktop\nitrate_shape.R [2013/05/31 15:26:39 | 000,000,268 | ---- | C] () -- C:\Users\Matze\advanced_ip_scanner_MAC.bin [2013/03/08 13:13:35 | 000,002,276 | ---- | C] () -- C:\Users\Matze\.recently-used.xbel [2013/02/18 22:37:16 | 021,748,128 | ---- | C] () -- C:\Users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe [2013/02/13 11:00:47 | 000,131,504 | ---- | C] () -- C:\Users\Matze\testjabref.xml [2013/01/28 16:42:58 | 000,000,153 | ---- | C] () -- C:\Windows\ODBC.INI [2012/09/17 18:19:04 | 000,313,014 | ---- | C] () -- C:\Users\Matze\Gewässer.rar [2012/06/18 11:31:34 | 001,756,328 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\oahlp64.sys [2012/05/19 16:46:27 | 000,061,624 | ---- | C] () -- C:\Windows\SysWow64\drivers\OADriver.sys [2012/02/17 09:39:29 | 000,047,832 | ---- | C] () -- C:\Users\Matze\Meine Konten_20120217T083929.gsb [2012/02/16 21:59:15 | 000,019,036 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205915.gnucash [2012/02/16 21:53:57 | 000,018,792 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216205357.gnucash [2012/02/16 19:15:17 | 000,016,473 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216181517.gnucash [2012/02/16 18:39:13 | 000,016,348 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173913.gnucash [2012/02/16 18:37:51 | 000,005,608 | ---- | C] () -- C:\Users\Matze\AppData\Local\recently-used.xbel [2012/02/16 18:37:39 | 000,016,182 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173739.gnucash [2012/02/16 18:30:25 | 000,016,019 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216173025.gnucash [2012/02/16 18:14:28 | 000,004,097 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216171428.gnucash [2012/02/16 18:07:11 | 000,000,610 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170711.gnucash [2012/02/16 18:06:24 | 000,016,013 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170624.gnucash [2012/02/16 18:00:11 | 000,004,228 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216170011.gnucash [2012/02/16 17:51:43 | 000,004,470 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216165143.gnucash [2012/02/16 17:24:17 | 000,004,075 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash.20120216162417.gnucash [2012/02/16 17:22:15 | 000,019,032 | ---- | C] () -- C:\Users\Matze\AppData\Local\geldmatze.gnucash [2012/02/07 15:07:42 | 000,000,600 | ---- | C] () -- C:\Users\Matze\AppData\Local\PUTTY.RND [2012/02/01 18:27:45 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\GkSui20.EXE [2011/09/27 13:52:04 | 000,026,162 | ---- | C] () -- C:\Users\Matze\holzrahmen_drahtgflech+.2011_09_27_13_52_04.0.svg [2011/09/27 13:19:24 | 000,022,771 | ---- | C] () -- C:\Users\Matze\Neues Dokument 13.2011_09_27_13_19_24.0.svg [2010/11/25 20:16:25 | 000,004,096 | -H-- | C] () -- C:\Users\Matze\AppData\Local\keyfile3.drm [2010/09/28 20:28:44 | 000,053,847 | ---- | C] () -- C:\Users\Matze\Direkt_Depot_8951303030_Wertpapier_Terminsache_DE0005140008_201.2010_09_28_20_28_44.0.svg [2010/08/22 12:18:18 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_18_18.0.svg [2010/08/22 12:17:12 | 000,146,625 | ---- | C] () -- C:\Users\Matze\Zwischenbericht_I_LLUR_EndNote_Ver3_pd'.2010_08_22_12_17_12.0.svg [2010/08/18 14:18:58 | 000,000,016 | ---- | C] () -- C:\Users\Matze\.gtk-bookmarks [2010/08/04 13:09:55 | 000,047,843 | ---- | C] () -- C:\Users\Matze\Neues Dokument 1.2010_08_04_13_09_55.0.svg [2010/06/07 21:21:09 | 000,032,811 | ---- | C] () -- C:\Users\Matze\antrag.bst [2010/06/07 21:05:44 | 000,018,067 | ---- | C] () -- C:\Users\Matze\antrag.dbj [2009/11/09 14:19:46 | 000,031,497 | ---- | C] () -- C:\Users\Matze\versuch_test.bst [2009/11/09 14:12:52 | 000,018,872 | ---- | C] () -- C:\Users\Matze\antrag_test.dbj [2009/11/09 14:09:30 | 000,030,744 | ---- | C] () -- C:\Users\Matze\neuest.bst [2009/11/09 14:01:17 | 000,018,869 | ---- | C] () -- C:\Users\Matze\neuest.dbj [2009/11/09 13:56:49 | 000,001,495 | ---- | C] () -- C:\Users\Matze\neu.bst [2009/11/09 13:55:49 | 000,001,076 | ---- | C] () -- C:\Users\Matze\neu.dbj [2009/11/06 09:15:50 | 000,035,099 | ---- | C] () -- C:\Users\Matze\pathdef.m [2009/10/20 11:05:28 | 000,001,517 | ---- | C] () -- C:\Users\Matze\germanstyle.bst [2009/10/20 11:04:14 | 000,001,091 | ---- | C] () -- C:\Users\Matze\germanstyle.dbj [2009/10/20 08:00:58 | 000,030,191 | ---- | C] () -- C:\Users\Matze\test2.bst [2009/10/20 07:51:11 | 000,018,104 | ---- | C] () -- C:\Users\Matze\test2.dbj [2009/10/17 12:27:47 | 000,031,222 | ---- | C] () -- C:\Users\Matze\test.bst [2009/10/17 12:08:34 | 000,027,394 | ---- | C] () -- C:\Users\Matze\test.dbj [2009/10/06 10:51:12 | 000,000,014 | ---- | C] () -- C:\Users\Matze\geonext.ini [2009/10/05 10:01:09 | 000,032,116 | ---- | C] () -- C:\Users\Matze\ownstyle.bst [2009/10/05 09:42:28 | 000,027,492 | ---- | C] () -- C:\Users\Matze\ownstyle.dbj [2009/05/23 13:58:45 | 000,000,186 | ---- | C] () -- C:\Users\Matze\AppData\Local\RAExpertHistory.xml [2009/04/16 19:47:08 | 000,000,680 | ---- | C] () -- C:\Users\Matze\AppData\Local\d3d9caps.dat [2009/03/23 10:54:50 | 000,002,806 | ---- | C] () -- C:\Users\Matze\.jmf-resource [2009/03/11 20:47:32 | 000,117,760 | ---- | C] () -- C:\Users\Matze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/03/11 10:36:03 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.001 [2009/03/11 10:27:09 | 000,178,149 | ---- | C] () -- C:\ProgramData\nvModes.dat ========== ZeroAccess Check ========== [2006/11/02 17:30:40 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n. [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-221889202-2462721696-489215793-1000\$6e2d6f99c183032ac3dd1b6968c33d41\n. [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/08 19:59:03 | 012,899,840 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\$Recycle.Bin\S-1-5-18\$6e2d6f99c183032ac3dd1b6968c33d41\n. "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009/04/11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2008/01/21 04:50:58 | 000,513,024 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > |
|
25.07.2013, 21:04
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Bevor wir uns an die weitere Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.07.2013, 22:01
| #5 |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir So, combofix ist durchgelaufen. Wie ich zuvor schon erwähnt hatte, kann ich AntiVir nicht deaktivieren. Folglich hat comboFix dies auch angemerkt. Hier der log: Combofix Logfile: Code:
ATTFilter ComboFix 13-07-25.02 - Matze 07/25/2013 22:13:25.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4093.2461 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Downloads\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\Roaming
c:\users\Matze\AppData\Local\assembly\tmp
c:\users\Matze\AppData\Local\TempDIR
c:\users\Matze\AppData\Local\TempDIR\WindowsXP-KB893357-v2-x86-DEU.exe
c:\users\Matze\AppData\Local\TempDIR\WindowsXP-KB917021-v3-x86-DEU.exe
c:\users\Matze\AppData\Local\TempFullTiltPokerEuSetup.exe
c:\windows\pkunzip.pif
c:\windows\pkzip.pif
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\regobj.dll
c:\windows\SysWow64\WanPacket.dll
c:\windows\SysWow64\wpcap.dll
c:\windows\wininit.ini
.
c:\windows\SysWow64\userinit.exe . . . ist infiziert!!
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-25 bis 2013-07-25 ))))))))))))))))))))))))))))))
.
.
2013-07-25 20:37 . 2013-07-25 20:46 -------- d-----w- c:\users\Matze\AppData\Local\temp
2013-07-25 20:37 . 2013-07-25 20:37 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 07:58 . 2013-07-25 07:58 -------- d-----w- c:\users\Matthias
2013-07-24 13:09 . 2013-07-24 13:09 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-07-24 13:09 . 2013-07-24 15:15 -------- d-----w- c:\programdata\Spyware Terminator
2013-07-24 13:09 . 2013-07-24 13:09 -------- d-----w- c:\users\Matze\AppData\Roaming\Spyware Terminator
2013-07-24 13:08 . 2013-07-24 13:09 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-07-22 01:01 . 2013-07-22 01:09 -------- d-----w- c:\windows\system32\MRT
2013-07-10 13:34 . 2013-06-01 04:19 619008 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 13:34 . 2013-06-01 04:06 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 13:34 . 2013-04-09 04:08 1815552 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 13:34 . 2013-04-09 04:07 1500672 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 13:34 . 2013-04-09 04:07 1447936 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:34 . 2013-04-09 04:07 1476608 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 13:34 . 2013-04-09 03:51 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-04 15:13 . 2013-07-08 06:24 -------- d-----w- c:\users\Matze\AppData\Roaming\Ythu
2013-07-04 15:13 . 2013-07-08 06:12 -------- d-----w- c:\users\Matze\AppData\Roaming\Ylpayp
2013-07-04 15:13 . 2013-07-04 15:13 -------- d-----w- c:\users\Matze\AppData\Roaming\Ilkid
2013-06-26 14:17 . 2013-07-02 12:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 07:35 . 2012-03-30 16:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 07:35 . 2011-12-07 19:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 07:07 . 2013-06-25 07:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 07:07 . 2012-06-23 06:12 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 07:07 . 2010-05-19 17:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe
2013-05-31 13:26 . 2013-05-31 13:26 268 ----a-w- c:\users\Matze\advanced_ip_scanner_MAC.bin
2013-05-08 04:14 . 2013-06-13 07:52 1417576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-13 07:52 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 04:16 . 2013-06-13 07:51 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-13 07:51 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-13 07:51 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-04-30 09:11 . 2013-04-30 10:17 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-30 09:11 . 2013-04-30 10:17 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-30 09:10 . 2013-04-30 10:17 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-08-06 36864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 962480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF9035BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF9035BDA.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:35]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2009-06-01 c:\windows\Tasks\sicherung.job
- c:\program files (x86)\DeltaCopy\sicherung.dcp [2009-06-01 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 12:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 12:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-23 271872]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 66824]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
TCP: Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-10 17:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-05-06 09:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
------- Dateityp-Verknüpfung -------
.
vbefile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
vbsfile\shell\open2\command="%SystemRoot%\System32\CScript.exe" "%1" %*
jsefile\shell\open2\command=c:\windows\SysWOW64\CScript.exe "%1" %*
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-WudfPf
SafeBoot-WudfRd
HKLM-Run-SigmatelSysTrayApp - c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe
AddRemove-888poker - c:\progra~2\PACIFI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\BFE]
"ImagePath"="."
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Online Armor\OAcat.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-25 22:56:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-25 20:56
.
Vor Suchlauf: 25 Verzeichnis(se), 41,966,907,392 Bytes frei
Nach Suchlauf: 31 Verzeichnis(se), 45,455,781,888 Bytes frei
.
- - End Of File - - B2544C26EC0B798679A54FA4186B84D1
5C616939100B85E558DA92B899A0FC36 [/QUOTE] Ein Problem, kann ich als Laie schonmal rauslesen. Die user-init scheint ein Problem zu haben? |
|
25.07.2013, 22:14
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Combofix-Skript
__________________ --> Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir |
|
25.07.2013, 23:03
| #7 |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Ist durchgelaufen. Ich hatte erneut das Problem, dass AntiVir nicht deaktiviert werden kann. Folglich lief der Virenscanner im Hintergrund und hat auch mehrere Warnungen ausgegeben bzw. hat Aktionen blockiert. Combofix Logfile: Code:
ATTFilter ComboFix 13-07-25.02 - Matze 07/25/2013 23:26:07.1.2 - x64
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.49.1031.18.4093.2578 [GMT 2:00]
ausgeführt von:: c:\users\Matze\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Matze\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
FW: Online Armor Firewall *Disabled* {BD3F5FCA-866B-1E2E-0A68-58900A751EA1}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Matze\AppData\Roaming\Ylpayp
c:\users\Matze\AppData\Roaming\Ythu
c:\users\Matze\AppData\Roaming\Ythu\weet.ovi
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-06-25 bis 2013-07-25 ))))))))))))))))))))))))))))))
.
.
2013-07-25 21:43 . 2013-07-25 21:50 -------- d-----w- c:\users\Matze\AppData\Local\temp
2013-07-25 21:43 . 2013-07-25 21:43 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-07-25 07:58 . 2013-07-25 07:58 -------- d-----w- c:\users\Matthias
2013-07-24 13:09 . 2013-07-24 13:09 51496 ----a-w- c:\windows\system32\drivers\stflt.sys
2013-07-24 13:09 . 2013-07-24 15:15 -------- d-----w- c:\programdata\Spyware Terminator
2013-07-24 13:09 . 2013-07-24 13:09 -------- d-----w- c:\users\Matze\AppData\Roaming\Spyware Terminator
2013-07-24 13:08 . 2013-07-24 13:09 -------- d-----w- c:\program files (x86)\Spyware Terminator
2013-07-22 01:01 . 2013-07-22 01:09 -------- d-----w- c:\windows\system32\MRT
2013-07-10 13:34 . 2013-06-01 04:19 619008 ----a-w- c:\windows\system32\qedit.dll
2013-07-10 13:34 . 2013-06-01 04:06 505344 ----a-w- c:\windows\SysWow64\qedit.dll
2013-07-10 13:34 . 2013-04-09 04:08 1815552 ----a-w- c:\program files\Windows Journal\NBDoc.DLL
2013-07-10 13:34 . 2013-04-09 04:07 1500672 ----a-w- c:\program files\Windows Journal\JNWDRV.dll
2013-07-10 13:34 . 2013-04-09 04:07 1447936 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\journal.dll
2013-07-10 13:34 . 2013-04-09 04:07 1476608 ----a-w- c:\program files\Windows Journal\JNTFiltr.dll
2013-07-10 13:34 . 2013-04-09 03:51 936960 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\journal.dll
2013-07-04 15:13 . 2013-07-04 15:13 -------- d-----w- c:\users\Matze\AppData\Roaming\Ilkid
2013-06-26 14:17 . 2013-07-02 12:27 -------- d-----w- c:\program files (x86)\Mozilla Thunderbird
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-07-21 07:35 . 2012-03-30 16:56 692104 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-07-21 07:35 . 2011-12-07 19:58 71048 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-06-25 07:07 . 2013-06-25 07:08 96168 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-06-25 07:07 . 2012-06-23 06:12 867240 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2013-06-25 07:07 . 2010-05-19 17:47 789416 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-06-23 22:57 . 2006-11-02 12:35 78277128 ----a-w- c:\windows\system32\mrt.exe
2013-05-31 13:26 . 2013-05-31 13:26 268 ----a-w- c:\users\Matze\advanced_ip_scanner_MAC.bin
2013-05-08 04:14 . 2013-06-13 07:52 1417576 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-05-08 02:27 . 2013-06-13 07:52 40448 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2013-05-02 04:16 . 2013-06-13 07:51 686080 ----a-w- c:\windows\system32\win32spl.dll
2013-05-02 04:04 . 2013-06-13 07:51 443904 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-05-02 04:03 . 2013-06-13 07:51 37376 ----a-w- c:\windows\SysWow64\printcom.dll
2013-04-30 09:11 . 2013-04-30 10:17 28600 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-04-30 09:11 . 2013-04-30 10:17 130016 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-04-30 09:10 . 2013-04-30 10:17 100712 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
--- c:\windows\SysWow64\userinit.exe ---
Company: Microsoft Corporation
File Description: Userinit-Anmeldeanwendung
File Version: 6.0.6000.16386 (vista_rtm.061101-2205)
Product Name: Betriebssystem Microsoft® Windows®
Copyright: © Microsoft Corporation. Alle Rechte vorbehalten.
Original Filename: USERINIT.EXE.MUI
File size: 25088
Created time: 2008-01-21 02:50
Modified time: 2008-01-21 02:50
MD5: 0E135526E9785D085BCD9AEDE6FBCBF9
SHA1: D15244D41EFDDBAB08D53FE032AEDFF39091D3AF
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 130736 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt.19.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 138240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2008-08-06 36864]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"TrueImageMonitor.exe"="c:\program files (x86)\Acronis\TrueImageHome\TrueImageMonitor.exe" [2008-10-13 4378000]
"AcronisTimounterMonitor"="c:\program files (x86)\Acronis\TrueImageHome\TimounterMonitor.exe" [2008-10-13 962480]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-06-27 345144]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2013-03-12 253816]
.
c:\users\Matze\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe /systemstartup [2013-5-25 27776968]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dell Dock First Run.lnk - c:\program files\Dell\DellDock\DellDock.exe /firstrun [2008-9-23 1295656]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
"disableCAD"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli psqlpwd
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
R3 AAV UpdateService;AAV UpdateService;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe;c:\program files (x86)\Akademische Arbeitsgemeinschaft\AAVUpdateManager\aavus.exe [x]
R3 AF9035BDA;Cinergy T-Stick service;c:\windows\system32\DRIVERS\AF9035BDA.sys;c:\windows\SYSNATIVE\DRIVERS\AF9035BDA.sys [x]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe;c:\windows\SYSNATIVE\DriverStore\FileRepository\stwrt64.inf_bb0e6831\AESTSr64.exe [x]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
Themes
.
Inhalt des "geplante Tasks" Ordners
.
2013-07-21 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 07:35]
.
2013-07-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ce7f29b9dedbe0.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2009-03-19 10:32]
.
2013-07-13 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000Core1ce7f91cc2b5360.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2013-07-08 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-221889202-2462721696-489215793-1000UA.job
- c:\users\Matze\AppData\Local\Google\Update\GoogleUpdate.exe [2012-09-04 06:47]
.
2009-06-01 c:\windows\Tasks\sicherung.job
- c:\program files (x86)\DeltaCopy\sicherung.dcp [2009-06-01 15:26]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt4]
@="{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}]
2013-05-25 00:36 164016 ----a-w- c:\users\Matze\AppData\Roaming\Dropbox\bin\DropboxExt64.19.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlay]
@="{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}"
[HKEY_CLASSES_ROOT\CLSID\{F2F31467-B1AC-4df0-AE79-FD5FA085E22B}]
2008-06-19 12:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\UEAFOverlayOpen]
@="{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}"
[HKEY_CLASSES_ROOT\CLSID\{A3E208F7-0E3A-4182-A7A6-B169D5D691AA}]
2008-06-19 12:00 3380736 ----a-w- c:\program files\Protector Suite QL\farchns.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2008-07-23 271872]
"PSQLLauncher"="c:\program files\Protector Suite QL\launcher.exe" [2008-06-19 66824]
"SigmatelSysTrayApp"="c:\program files (x86)\SigmaTel\C-Major Audio\WDM\sttray64.exe" [BU]
"Acronis Scheduler2 Service"="c:\program files (x86)\Common Files\Acronis\Schedule2\schedhlp.exe" [2008-10-13 165144]
"SpywareTerminatorShield"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorShield.exe" [2013-04-03 2777736]
"SpywareTerminatorUpdater"="c:\program files (x86)\Spyware Terminator\SpywareTerminatorUpdate.exe" [2013-04-03 3684488]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\acaptuser64.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An vorhandene PDF-Datei anfügen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~1\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
TCP: DhcpNameServer = 192.168.1.1 193.189.244.202 193.189.244.194
TCP: Interfaces\{18BC9B2B-79BD-404A-8FF1-669714163C2B}: NameServer = 134.245.10.7,134.245.1.36
FF - ProfilePath - c:\users\Matze\AppData\Roaming\Mozilla\Firefox\Profiles\82wuf84f.default\
FF - prefs.js: browser.search.selectedEngine - foxsearch
FF - prefs.js: keyword.URL - hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=
FF - ExtSQL: !HIDDEN! 2009-07-10 17:55; {20a82645-c095-46ed-80e3-08825760534b}; c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF - ExtSQL: !HIDDEN! 2010-05-06 09:26; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-888poker - c:\progra~2\PACIFI~1\UNWISE.EXE
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\MpsSvc]
"ImagePath"="."
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_8_800_94_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_8_800_94.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}]
@Denied: (A 2) (Everyone)
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{D27CDB6B-AE6D-11CF-96B8-444553540000}\1.0]
@="Shockwave Flash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}]
@Denied: (A 2) (Everyone)
@=""
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\TypeLib\{FAB3E735-69C7-453B-A446-B6823C6DF1C9}\1.0]
@="FlashBroker"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Dell\DellDock\DockLogin.exe
c:\program files (x86)\Online Armor\OAcat.exe
c:\program files (x86)\Avira\AntiVir Desktop\sched.exe
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\lmgrd.exe
c:\program files (x86)\ArcGIS\License10.0\bin\ARCGIS.exe
c:\program files (x86)\CDBurnerXP\NMSAccessU.exe
c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
c:\program files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
c:\users\Matze\AppData\Roaming\Dropbox\bin\Dropbox.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-07-26 00:00:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2013-07-25 22:00
ComboFix2.txt 2013-07-25 20:56
.
Vor Suchlauf: 29 Verzeichnis(se), 45,067,526,144 Bytes frei
Nach Suchlauf: 30 Verzeichnis(se), 44,707,893,248 Bytes frei
.
- - End Of File - - 1216B0784C5CB294769CE6359C030E63
5C616939100B85E558DA92B899A0FC36 [/QUOTE] |
|
25.07.2013, 23:09
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2013, 06:57
| #9 | |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Hallo! Leider habe ich Probleme das Programm auszuführen. Beim ersten Mal wurde ein Fehler gemeldet und ich sollte das System neu starten. Ich habe danach erneut ausgeführt und es endete in einem BlueScreen. Ich habe es dann nochmal wiederholt und erneut einen BlueScreen bekommen. Falls es hilft, hier der system-log von malwarebytes: Zitat:
|
|
26.07.2013, 15:51
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Du hast das falsche Log gepostet
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2013, 16:42
| #11 |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Sorry, aber das benötigte log wird nicht erstellt, weil der Computer mit BlueScreen reagiert. Deshalb hatte ich das syslog gepostet. |
|
26.07.2013, 17:16
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Dann mach einen neuen Scan 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2013, 17:32
| #13 |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Habe ich schon zweimal versucht. Leider ist das Ergebnis immer gleich. Soll ich nochmal versuchen?? |
|
26.07.2013, 17:42
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Was heißt das Ergebnis ist gleich? Gab es wieder einen Bluescreen?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
26.07.2013, 18:23
| #15 | |
| | Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir Genau, hab es nochmal probiert. Diesmal habe ich mir die Datei notiert: spsys.sys Nach dem erneuten Hochfahren meldet Windows folgenden Fehler: Zitat:
|
|
| Themen zu Kommandozeile lässt sich nicht mehr öffnen, kein Zugriff auf AntiVir |
| amerika, antivir, application/pdf:, avira, bho, cdburnerxp, emsisoft, error, excel, fatal error, fehler, firefox, flash player, helper, home, homepage, hängen, install.exe, logfile, mozilla, object, officejet, online armor, plug-in, registry, richtlinie, scan, security, server, software, spyware, svchost.exe, total commander, tracker, usb, version., vista, visual studio, windows |
riginalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{go ogle:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
rocessEvents Return code: 0 File: .\MainThread.cpp
WARNUNG an die MITLESER: 
Linear-Darstellung
