| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner eingefangenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
07.08.2013, 12:42
| #1 |
 |  GVU-Trojaner eingefangen Hallo, ich habe diesen GVU Trojaner, angeblich vom BKA mit Angela Merkel-Foto oben und der Aufforderung 100 € per paysafecard zu überweisen. Es ist mit einem Countdown, der immer 48 Stunden beträgt bei Neustart. Ich habe mehrer Benutzerkonten zum Anmelden auf meinem Win 7 PC (32 Bit). Beim Anmelden der anderen Konten kommt dieses Fenster mit der Zahlungsaufforderung nicht, nur der eine Benutzer hat keine Möglichkeit, das Fenster wegzuklicken, wenn er sich angemeldet hat in Win und auf den Desktop kommen will. Man kann von dort nur den Benutzer wechseln über Task-Manager oder ausschalten. Bei Neustart und Anmelden dieses Benutzers ist das Fenster mit der Zahlungsaufforderung wieder da und lässt sich wie gesagt nicht löschen. Habe schon gesehen, dass vielen geholfen wurde bei dem selben Problem. Ich habe deshalb das Programm OTL von Oldtimer durchlaufen lassen als anderer Benutzer (auf Desktop abgespeichert) und dort "Scanne alle Benutzer" angeklickt. Er ist soeben durch mit dem Scan. Soll ich schon mal das Ergebnis der Txt-Datei von OTL hier posten? Ich bin wirklich dankbar, dass einem hier geholfen werden kann. Bin froh, dass es Menschen gibt, die sich für sowas engagieren und anderen wie mir helfen, die sich nicht ausskennen. |
|
07.08.2013, 12:45
| #2 |
| /// Malware-holic   | GVU-Trojaner eingefangen Hi,
__________________zeige mal die OTL Berichte
__________________ |
|
07.08.2013, 13:36
| #3 |
| | GVU-Trojaner eingefangen Danke für die schnelle Antwort. Diesen Text (Extras.txt) hat OTL automatisch erstellt, nachdem der Quick Scan fertig war:
__________________OTL Logfile: Code:
ATTFilter OTL logfile created on: 07.08.2013 12:36:13 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Rudolf\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16635) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 1,74 Gb Available Physical Memory | 57,92% Memory free 5,99 Gb Paging File | 4,23 Gb Available in Paging File | 70,59% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 445,75 Gb Total Space | 202,10 Gb Free Space | 45,34% Space Free | Partition Type: NTFS Drive D: | 19,99 Gb Total Space | 11,41 Gb Free Space | 57,05% Space Free | Partition Type: FAT32 Drive J: | 3,84 Gb Total Space | 3,84 Gb Free Space | 100,00% Space Free | Partition Type: FAT32 Computer Name: RUDOLF-PC | User Name: Rudolf | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.08.07 12:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe PRC - [2013.08.01 21:15:33 | 000,377,184 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe PRC - [2013.07.25 23:30:47 | 000,212,832 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe PRC - [2013.07.25 23:30:17 | 000,852,832 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuard.exe PRC - [2013.07.25 09:43:49 | 000,288,096 | ---- | M] (BullGuard Ltd.) -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe PRC - [2013.06.21 11:52:52 | 000,875,296 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvxdsync.exe PRC - [2013.06.21 11:52:51 | 001,821,984 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\Display\nvtray.exe PRC - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2013.06.12 02:23:57 | 000,770,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Internet Explorer\iexplore.exe PRC - [2013.05.16 16:44:05 | 001,012,000 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\NvTmru.exe PRC - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2013.02.27 07:05:53 | 000,101,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\consent.exe PRC - [2012.11.23 04:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe PRC - [2012.08.28 07:41:06 | 000,247,768 | ---- | M] (TomTom) -- C:\Programme\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.03.06 14:49:38 | 000,225,280 | ---- | M] (Teldat GmbH) -- C:\Programme\Teldat WIN-Tools\Eumex 402 WIN-Tools V1.00\ControlCenter.exe PRC - [2012.02.21 08:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE PRC - [2011.10.14 14:27:46 | 000,304,696 | ---- | M] (Hewlett-Packard Company) -- C:\Programme\HP\StatusAlerts\bin\HPStatusAlerts.exe PRC - [2011.08.04 01:12:46 | 000,164,352 | ---- | M] (HP) -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.12.03 18:21:16 | 000,807,760 | ---- | M] (LULU Software) -- C:\Programme\Soda PDF\ConversionService.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:41 | 001,174,016 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2010.10.12 13:56:40 | 000,979,328 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\EPSON Software\Event Manager\EEventManager.exe PRC - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2009.07.14 03:14:46 | 000,115,200 | ---- | M] () -- \\?\C:\Windows\System32\wbem\WMIADAP.EXE PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () -- C:\Programme\AAVUpdateManager\aavus.exe PRC - [2008.02.28 18:07:58 | 001,828,136 | ---- | M] (Nero AG) -- C:\Programme\Common Files\Nero\Lib\NMIndexStoreSvr.exe PRC - [2007.12.17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE PRC - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe PRC - [2007.10.03 15:44:58 | 000,178,712 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe PRC - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodag.exe PRC - [2007.05.11 03:08:54 | 002,512,392 | ---- | M] (O&O Software GmbH) -- C:\Windows\System32\oodtray.exe PRC - [2007.04.25 22:05:34 | 000,311,296 | ---- | M] (shbox.de) -- C:\Programme\FreePDF_XP\fpassist.exe PRC - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe PRC - [2007.03.23 13:20:52 | 000,227,328 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia PC Suite 6\LaunchApplication.exe PRC - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE PRC - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe PRC - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) -- C:\Programme\Common Files\X10\Common\X10nets.exe ========== Modules (No Company Name) ========== MOD - [2013.07.10 21:43:02 | 000,212,992 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.ServiceProce#\f752f8cf702b7c7eff6c659b2e0c760a\System.ServiceProcess.ni.dll MOD - [2013.07.10 21:42:45 | 011,914,752 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\c57eba08ab60f48e7d57228849d92a34\System.Web.ni.dll MOD - [2013.07.10 21:42:31 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\89fe719039385377f6b5ad8d0070aa6b\System.Runtime.Remoting.ni.dll MOD - [2013.07.10 21:41:47 | 000,310,784 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Seri#\a300d50e46379ad6eca7f58e63f4ed70\System.Runtime.Serialization.Formatters.Soap.ni.dll MOD - [2013.07.10 21:41:46 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\178644ab40108f3becd8b91049a254c3\System.Windows.Forms.ni.dll MOD - [2013.07.10 21:41:38 | 001,593,344 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\bfa7a95284aec941f4b03bae0debe07c\System.Drawing.ni.dll MOD - [2013.07.10 21:41:37 | 001,806,848 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\11509d217344ee991a9bd930da0d0318\System.Deployment.ni.dll MOD - [2013.07.10 21:41:15 | 005,464,064 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\32066405eb9ab14056b2af3115d2a6de\System.Xml.ni.dll MOD - [2013.07.10 21:41:10 | 000,978,432 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\9e24b9ffd816c0c90efc4d3fc9fd745f\System.Configuration.ni.dll MOD - [2013.07.10 21:41:09 | 007,989,760 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\187c13e8967097d2ed1e5f123e7d890a\System.ni.dll MOD - [2013.07.10 21:40:53 | 011,499,520 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\9a6c1b7af18b4d5a91dc7f8d6617522f\mscorlib.ni.dll MOD - [2013.06.06 20:28:52 | 000,482,656 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\SQLite.dll MOD - [2013.04.25 21:10:01 | 000,557,408 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\LibXml2.dll MOD - [2013.04.25 21:10:01 | 000,077,952 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpBackupRes.dll MOD - [2013.03.04 20:15:03 | 000,015,488 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpInspectorRes.dll MOD - [2013.03.04 20:14:54 | 000,030,848 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\res\de\BpMainRes.dll MOD - [2013.03.04 20:14:44 | 000,073,568 | ---- | M] () -- C:\Programme\BullGuard Ltd\BullGuard\zlib1.dll MOD - [2011.10.14 14:25:02 | 000,111,160 | ---- | M] () -- C:\Programme\HP\StatusAlerts\bin\NativeUtils.dll MOD - [2011.08.28 23:19:12 | 000,093,696 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2009.10.28 21:24:04 | 000,200,192 | ---- | M] () -- C:\Programme\7-PDF\7-PDF Maker\7p.dll MOD - [2009.07.14 10:47:16 | 000,397,312 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Deployment.resources\2.0.0.0_de_b03f5f7f11d50a3a\System.Deployment.resources.dll MOD - [2009.07.14 10:47:11 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll ========== Services (SafeList) ========== SRV - [2013.08.01 21:15:33 | 000,377,184 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe -- (BsBhvScan) SRV - [2013.07.25 23:30:52 | 000,478,048 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsFire.dll -- (BsFire) SRV - [2013.07.25 23:30:47 | 000,212,832 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardScanner.exe -- (BsScanner) SRV - [2013.07.25 23:30:18 | 000,307,552 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsFileScan.dll -- (BsFileScan) SRV - [2013.07.25 23:30:14 | 000,261,472 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsMain.dll -- (BsMain) SRV - [2013.07.25 23:30:12 | 000,560,992 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BsBackup.dll -- (BsBackup) SRV - [2013.07.25 23:30:11 | 000,495,456 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- c:\Programme\BullGuard Ltd\BullGuard\BsMailProxy\BsMailProxy.dll -- (BsMailProxy) SRV - [2013.07.25 09:43:49 | 000,288,096 | ---- | M] (BullGuard Ltd.) [Auto | Running] -- C:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate.exe -- (BsUpdate) SRV - [2013.06.21 05:15:56 | 000,413,472 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2013.06.12 00:15:08 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.05.27 06:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2013.05.16 16:38:39 | 001,826,592 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2013.05.10 09:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.08.28 07:41:08 | 000,092,632 | ---- | M] (TomTom) [Auto | Running] -- C:\Programme\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.21 08:01:02 | 000,142,432 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE -- (EPSON_PM_RPCV4_04) SRV - [2011.10.17 16:51:54 | 000,013,824 | ---- | M] (Hewlett-Packard Company) [On_Demand | Stopped] -- C:\Programme\HP\HPBDSService\HPBDSService.exe -- (HP DS Service) SRV - [2011.08.04 01:12:46 | 000,164,352 | ---- | M] (HP) [Auto | Running] -- C:\Programme\HP\HPLaserJetService\HPLaserJetService.exe -- (HP LaserJet Service) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2010.12.03 18:21:16 | 000,807,760 | ---- | M] (LULU Software) [Auto | Running] -- C:\Programme\Soda PDF\ConversionService.exe -- (Soda PDF Service) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.03.30 17:15:52 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2010.01.09 22:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.09 22:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) SRV - [2009.08.27 18:09:10 | 001,253,376 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.13 14:51:46 | 000,160,768 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\soft Xpansion\SXDS10.exe -- (SXDS10) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2008.10.24 17:35:44 | 000,128,296 | ---- | M] () [Auto | Running] -- C:\Programme\AAVUpdateManager\aavus.exe -- (AAV UpdateService) SRV - [2008.08.07 12:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2008.07.22 00:21:04 | 000,069,120 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Programme\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager) SRV - [2007.12.17 06:00:00 | 000,143,872 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE -- (EPSON_EB_RPCV4_01) SRV - [2007.10.03 15:45:02 | 000,358,936 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) SRV - [2007.05.11 03:09:48 | 001,050,120 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Windows\System32\oodag.exe -- (O&O Defrag) SRV - [2007.03.26 13:06:24 | 000,292,864 | ---- | M] (Nokia.) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.01.11 06:02:00 | 000,113,664 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE -- (EPSON_PM_RPCV4_01) SRV - [2006.12.19 18:23:20 | 000,094,208 | ---- | M] (SEIKO EPSON CORPORATION) [Auto | Running] -- C:\Programme\Common Files\EPSON\EBAPI\eEBSvc.exe -- (EpsonBidirectionalService) SRV - [2001.11.12 13:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Running] -- C:\Programme\Common Files\X10\Common\X10nets.exe -- (x10nets) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\dsltestSp5.sys -- (dsltestSp5) DRV - [2013.06.21 14:02:43 | 009,069,344 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2013.03.21 22:12:51 | 000,064,624 | ---- | M] (BullGuard Ltd.) [File_System | System | Running] -- C:\Windows\System32\drivers\BdSpy.sys -- (BdSpy) DRV - [2013.03.04 20:14:52 | 000,033,888 | R--- | M] (Agnitum Ltd.) [Kernel | System | Running] -- C:\Windows\System32\drivers\afw.sys -- (AFW) DRV - [2013.03.04 20:14:52 | 000,027,760 | ---- | M] (BullGuard Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\BdNet.sys -- (BdNet) DRV - [2013.03.04 20:14:40 | 000,343,456 | ---- | M] (BitDefender S.R.L.) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Trufos.sys -- (Trufos) DRV - [2013.03.04 20:14:31 | 000,337,504 | R--- | M] (Agnitum Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\afwcore.sys -- (afwcore) DRV - [2012.08.23 16:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV - [2012.08.23 16:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2011.11.18 10:58:18 | 000,216,136 | ---- | M] (NovaShield, Inc.) [File_System | System | Running] -- C:\Windows\System32\drivers\NSKernel.sys -- (NovaShieldFilterDriver) DRV - [2011.11.18 10:58:18 | 000,020,040 | ---- | M] (NovaShield, Inc.) [Kernel | System | Running] -- C:\Windows\System32\drivers\NSNetmon.sys -- (NovaShieldTDIDriver) DRV - [2011.11.17 11:38:32 | 000,039,016 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\tbhsd.sys -- (tbhsd) DRV - [2011.11.17 11:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCapMP) DRV - [2011.11.17 11:38:28 | 000,031,848 | ---- | M] (RapidSolution Software AG) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rrnetcap.sys -- (RRNetCap) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.09.17 05:10:36 | 000,596,992 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) DRV - [2010.01.27 04:09:02 | 000,050,704 | ---- | M] (CACE Technologies, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf.sys -- (npf) DRV - [2010.01.05 03:20:10 | 001,500,160 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\athur.sys -- (athur) DRV - [2009.07.14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp) DRV - [2009.07.14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32) DRV - [2009.07.14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u) DRV - [2009.07.14 00:02:50 | 000,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6032.sys -- (e1express) DRV - [2009.06.17 19:14:10 | 000,033,408 | ---- | M] (B.H.A Corporation) [Kernel | System | Running] -- C:\Windows\System32\drivers\CDRBSDRV.SYS -- (cdrbsdrv) DRV - [2008.11.19 17:09:10 | 000,024,832 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbmodem.sys -- (USBModem) DRV - [2008.11.19 17:09:08 | 000,019,968 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbdiag.sys -- (UsbDiag) DRV - [2008.11.19 17:09:08 | 000,013,056 | ---- | M] (LG Electronics Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lgusbbus.sys -- (usbbus) DRV - [2007.08.01 15:49:00 | 000,016,448 | ---- | M] (T-Systems Enterprise Services GmbH) [Kernel | System | Stopped] -- C:\Windows\System32\drivers\dslmnlwf.sys -- (DslMNLwf) DRV - [2006.11.30 15:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF) DRV - [2005.12.01 10:49:22 | 000,023,600 | ---- | M] (Licensed for Gebhard Software) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\drhard.sys -- (drhard) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKLM\..\SearchScopes,DefaultScope = {BE28C22E-F666-424d-B5FD-125C4AFEE34E} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKLM\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms} IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://igoogle.de/ IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes,DefaultScope = {F7CEDB0B-AA0E-4569-A922-5DB52C4029C9} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/index.html?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict] IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.web.de/ IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict] IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com/ IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://startpage24.com IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes,DefaultScope = {F7CEDB0B-AA0E-4569-A922-5DB52C4029C9} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{1890EA42-2E82-4D0F-AB8A-BB6D02569C18}: "URL" = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MEDA IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{A2DC3FEF-AB4D-442c-8517-34EC6E125C8D}: "URL" = hxxp://search.webwebweb.com/search.php?query={searchTerms}&lang={language}&zip=&town=&site=&country=&safe=[safe,off,strict] IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{BE28C22E-F666-424d-B5FD-125C4AFEE34E}: "URL" = hxxp://search.myheritage.com?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{CF739809-1C6C-47C0-85B9-569DBB141420}: "URL" = hxxp://dl.ask.com/toolbarv/askRedirect.jsp?gct=&gc=1&q={searchTerms}&crm=1&toolbar=GLS IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\SearchScopes\{F7CEDB0B-AA0E-4569-A922-5DB52C4029C9}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-2060138361-726176767-895876555-1009\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Ask" FF - prefs.js..browser.search.order.1: "Ask" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}:6.0.33 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}:2.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.webwebweb.com/search.php?query=" FF - prefs.js..network.proxy.autoconfig_url: "file:///C:/Users/Rudolf/AppData/Local/RapidSolution/Videoraptor/WebRip/profile/rrproxy_ffox_4dceabbd.pac" FF - prefs.js..network.proxy.gopher: "" FF - prefs.js..network.proxy.gopher_port: 0 FF - prefs.js..network.proxy.no_proxies_on: "" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Windows\system32\C2MP\npdivx32.dll (DivX,Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: C:\Windows\system32\Wat\npWatWeb.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20513.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@Musicnotes.com/Musicnotes Viewer,version=1.17.3: d:\Musicnotes\npmusicn.dll (Musicnotes, Inc.) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@pack.google.com/Google Updater;version=14: C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll (Google) FF - HKLM\Software\MozillaPlugins\@Sibelius.com/Scorch Plugin,version=5.2.5.48: d:\Musicnotes\npsibelius.dll () FF - HKLM\Software\MozillaPlugins\@startpage24.com/npLin64;Version=4: C:\Program Files\Startpage24\Plugin\Version_720\firefox\plugins\nplink64.dll (Link64 GmbH) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\videoraptor-firefox-surf-and-catch-extension@audials.com: C:\Program Files\RapidSolution\RS Audials One\VideoRaptor\plugins\GeckoBased\videoraptor-firefox-surf-and-catch-extension@audials.com\ [2010.02.28 00:02:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFSodaPDFConverter@sodapdf.com: C:\Program Files\Soda PDF\FFSodaExt [2011.04.11 21:49:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ffext@startpage24: C:\Program Files\Startpage24\Plugin\Version_720\firefox [2011.08.18 21:42:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\antiphishing@bullguard: C:\Program Files\BullGuard Ltd\BullGuard\Antiphishing\FF\antiphishing@bullguard\ [2013.06.07 11:18:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.22 16:47:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.05.17 23:25:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: C:\Program Files\Mozilla Firefox 4.0 Beta 6\components [2010.11.19 23:12:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: C:\Program Files\Mozilla Firefox 4.0 Beta 6\plugins FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{380AE6CB-09B9-4373-B360-D01C2462A6E7}: C:\Program Files\BullGuard Ltd\BullGuard\backup\thunderbirdbkplugin [2013.06.07 11:18:56 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Ltd\BullGuard\Spamfilter\TbSpamfilter [2013.06.07 11:18:56 | 000,000,000 | ---D | M] [2010.02.28 00:17:03 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Extensions [2009.12.28 20:58:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.04.02 11:06:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\12e5ej20.tarnfox\extensions [2012.04.02 11:06:18 | 000,000,000 | ---D | M] (Click&Clean) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\12e5ej20.tarnfox\extensions\clickclean@hotcleaner.com [2013.06.02 20:33:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lqe58dlo.default\extensions [2010.06.27 13:58:22 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Rudolf\AppData\Roaming\mozilla\Firefox\Profiles\lqe58dlo.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.03.30 13:05:12 | 000,035,695 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\facebook@disconnect.me.xpi [2012.04.02 11:04:40 | 000,255,045 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\jid1-F9UJ2thwoAm5gQ@jetpack.xpi [2012.03.30 13:05:12 | 000,008,503 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\longurlplease@darragh.curran.xpi [2012.03.30 13:05:12 | 000,048,898 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\stealthyextension@gmail.com.xpi [2012.03.30 13:05:12 | 000,049,540 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\trackerblock@privacychoice.org.xpi [2012.03.30 13:05:12 | 000,521,058 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.03.30 13:05:12 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\12e5ej20.tarnfox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.04.02 20:27:11 | 000,049,690 | ---- | M] () (No name found) -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\extensions\{3e9bb2a7-62ca-4efa-a4e6-f6f6168a652d}.xpi [2009.04.11 22:16:39 | 000,000,681 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\searchplugins\ask.xml [2012.04.21 15:48:25 | 000,005,249 | ---- | M] () -- C:\Users\Rudolf\AppData\Roaming\mozilla\firefox\profiles\lqe58dlo.default\searchplugins\Startpage24.xml [2013.02.27 20:03:58 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2011.06.19 13:02:34 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.06.28 20:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.24 21:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.06.28 20:57:26 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.09.24 21:19:07 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.04.02 12:13:46 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2010.06.26 21:43:33 | 000,075,208 | ---- | M] (Foxit Software Company) -- C:\Program Files\mozilla firefox\plugins\npFoxitReaderPlugin.dll [2012.04.02 12:13:48 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.04.02 12:13:48 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.04.02 12:13:48 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.04.02 12:13:48 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.04.02 12:13:48 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.04.02 12:13:48 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}{google:zeroPrefixUrl}sugkey={google:suggestAPIKeyParameter}, CHR - homepage: hxxp://dsl-start.computerbild.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\28.0.1500.95\gcswf32.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_233.dll CHR - plugin: Skype Toolbars (Enabled) = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\npSkypeChromePlugin.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.310.5 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U31 (Enabled) = C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll CHR - plugin: Foxit Reader Plugin for Mozilla (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npFoxitReaderPlugin.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL CHR - plugin: NPCIG.dll (Enabled) = C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll CHR - plugin: Google Updater (Enabled) = C:\Program Files\Google\Google Updater\2.4.2432.1652\npCIDetect14.dll CHR - plugin: Picasa (Enabled) = C:\Program Files\Google\Picasa3\npPicasa3.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dv.dll CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll CHR - plugin: Startpage24 Startpage (Enabled) = C:\Program Files\Startpage24\Plugin\Version_720\firefox\plugins\nplink64.dll CHR - plugin: Shockwave for Director (Enabled) = C:\Windows\system32\Adobe\Director\np32dsw.dll CHR - plugin: DivX Web Player (Enabled) = C:\Windows\system32\C2MP\npdivx32.dll CHR - plugin: Windows Activation Technologies (Enabled) = C:\Windows\system32\Wat\npWatWeb.dll CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: Musicnotes (Enabled) = d:\Musicnotes\npmusicn.dll CHR - plugin: ScorchPlugin (Enabled) = d:\Musicnotes\npsibelius.dll CHR - Extension: YouTube = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.6_0\ CHR - Extension: Google-Suche = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.20_0\ CHR - Extension: Send to Kindle (by Klip.me) = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\ipkfnchcgalnafehpglfbommidgmalan\3.2.5_0\ CHR - Extension: Skype Extension = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.3.0.7550_0\ CHR - Extension: Outlook.com = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pfpeapihoiogbcmdmnibeplnikfnhoge\1.0.2_0\ CHR - Extension: Google Mail = C:\Users\Rudolf\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (AskBar BHO) - {201f27d4-3704-41d6-89c1-aa35e39143ed} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O2 - BHO: (Videoraptor_WebRipPlugin Class) - {3C0372C2-04C3-4100-BAB1-1D42C552BC48} - C:\Programme\RapidSolution\RS Audials One\VideoRaptor\plugins\IE\VR_WebRipIePlugin.dll (RapidSolution Software) O2 - BHO: (IECatcher Class) - {569E7719-1A11-415E-9206-AC1860FB8BFF} - C:\Programme\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.) O2 - BHO: (Soda PDF Helper) - {5CFCAFF6-5BB0-4864-B626-021C99ED82E5} - C:\Programme\Soda PDF\PDFIEHelper.dll (LULU Software) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Programme\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (no name) - {BBD43808-9D13-4B0B-B023-178FD1FAE442} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {3041d03e-fd4b-44e0-b742-2d9b88305f98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\EPSON Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Soda PDF Toolbar) - {980EB9EC-6EB5-4258-BDDB-EFE25C5F99EF} - C:\Programme\Soda PDF\PDFIEPlugin.dll (LULU Software) O3 - HKLM\..\Toolbar: (InstantGet Bar) - {98C92840-EB1C-40bd-B6A5-395EC9CD6510} - C:\Programme\LOADSTREET\InstantGet\IEBar\IGIEBar.dll () O3 - HKLM\..\Toolbar: (Perfect PDF 5) - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Programme\soft Xpansion\Perfect PDF 5\PDF4ie.dll (soft Xpansion) O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O3 - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..\Toolbar\WebBrowser: (Ask Toolbar) - {3041D03E-FD4B-44E0-B742-2D9B88305F98} - C:\Programme\AskBarDis\bar\bin\askBar.dll (Ask.com) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [BullGuard] C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe (BullGuard Ltd.) O4 - HKLM..\Run: [BullGuardUpdate2] c:\Programme\BullGuard Ltd\BullGuard\BullGuardUpdate2.exe (BullGuard Ltd.) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [FreePDF Assistant] C:\Programme\FreePDF_XP\fpassist.exe (shbox.de) O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe (Intel Corporation) O4 - HKLM..\Run: [Nikon Message Center 2] C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe (Nikon Corporation) O4 - HKLM..\Run: [Nvtmru] C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe (NVIDIA Corporation) O4 - HKLM..\Run: [OODefragTray] C:\Windows\System32\oodtray.exe (O&O Software GmbH) O4 - HKLM..\Run: [PCSuiteTrayApplication] C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe (Nokia) O4 - HKLM..\Run: [StatusAlerts] C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe (Hewlett-Packard Company) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1003..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [EPSON Stylus SX200 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1006..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [EPSON Stylus SX200 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [EPSON Stylus SX200 Series (Kopie 1)] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\Run: [TomTomHOME.exe] C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\RunOnce: [FlashPlayerUpdate] C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin File not found O4 - HKU\S-1-5-21-2060138361-726176767-895876555-1009..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O8 - Extra context menu item: &Alles mit InstantGet runterladen - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.) O8 - Extra context menu item: Acoo Search(&A) - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGIEBar.dll () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O8 - Extra context menu item: Mit InstantGet runterla&den - C:\Program Files\LOADSTREET\InstantGet\IEBar\IGCatcher.dll (Kylinsoft, Inc.) O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra 'Tools' menuitem : Sun Java Konsole - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Programme\Java\jre7\bin\jp2iexp.dll () O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Report to BullGuard - {27FD17FB-CF63-486b-B2BE-8D8781CBEA01} - C:\Programme\BullGuard Ltd\BullGuard\Antiphishing\IE\BgAntiphishingIE.dll (BullGuard Ltd.) O9 - Extra Button: InstantGet starten - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programme\LOADSTREET\InstantGet\InstantGet.exe (Kylinsoft, Inc.) O9 - Extra 'Tools' menuitem : &InstantGet - {6DDFE91C-A45C-4812-8F57-098932C9D88D} - C:\Programme\LOADSTREET\InstantGet\InstantGet.exe (Kylinsoft, Inc.) O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Printee - {E55E1F27-11DA-0001-0002-00AABB000004} - C:\Programme\Irido\Printee for IE\Bin\printee.dll (irido.com) O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1003\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1006\..Trusted Ranges: GD ([http] in Local intranet) O15 - HKU\S-1-5-21-2060138361-726176767-895876555-1009\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/8/b/d/8bd77752-5704-4d68-a152-f7252adaa4f2/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 1.6.0_06) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_06-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{412F6E33-7153-439A-A35A-D292C3C1122E}: DhcpNameServer = 192.168.1.250 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{75CEE66F-318A-4FD5-8328-16CBE11763DB}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AE9AE8FC-3BEB-4468-B818-4D9F93104AA8}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C0C5A969-9B9C-42E5-8C62-8FB3894F04BE}: DhcpNameServer = 192.168.0.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\printee {E55E1F27-11DA-0001-0002-00AA00000006} - C:\Programme\Irido\Printee for IE\Bin\printee.dll (irido.com) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\startpage24 - No CLSID value found O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (BgGamingMonitor.dll) - C:\Windows\System32\BgGamingMonitor.dll (BullGuard Ltd.) O20 - AppInit_DLLs: (c:\PROGRA~1\BULLGU~1\BULLGU~1\BgAgent.dll) - c:\Programme\BullGuard Ltd\BullGuard\BgAgent.dll (BullGuard Ltd.) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O24 - Desktop WallPaper: C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Rudolf\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{90e69d49-c128-11e0-bce8-0021850d4cfe}\Shell - "" = AutoRun O33 - MountPoints2\{90e69d49-c128-11e0-bce8-0021850d4cfe}\Shell\AutoRun\command - "" = L:\USBAutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (OODBS) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {2D46B6DC-2207-486B-B523-A557E6D54B47} - C:\Windows\system32\cmd.exe /D /C start C:\Windows\system32\ie4uinit.exe -ClearIconCache ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460) ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -UserConfig ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\28.0.1500.95\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {DAA94A2A-2A8D-4D3B-9DB8-56FBECED082D} - Microsoft .NET Framework 1.1 Security Update (KB953297) ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.08.07 12:29:53 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe [2013.08.06 21:58:11 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.07.28 19:34:20 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Local\Abelssoft [2013.07.28 19:34:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyKeyFinder [2013.07.28 19:34:14 | 000,000,000 | ---D | C] -- C:\Program Files\MyKeyFinder [2013.07.28 12:55:58 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN [2013.07.25 23:31:37 | 000,113,088 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2013.07.25 23:31:35 | 000,060,256 | ---- | C] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.07.12 19:50:38 | 000,000,000 | ---D | C] -- C:\Users\Rudolf\AppData\Local\Teldat [2013.07.12 19:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Teldat Eumex 402 WIN-Tools V1.00 [2013.07.12 19:47:47 | 000,000,000 | ---D | C] -- C:\Program Files\Teldat WIN-Tools [2010.03.14 02:32:08 | 000,877,784 | ---- | C] (MAGIX AG) -- C:\Users\Rudolf\AppData\Roaming\mgxoschk.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.08.07 12:36:22 | 000,728,284 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.08.07 12:36:22 | 000,678,428 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.08.07 12:36:22 | 000,161,236 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.08.07 12:36:22 | 000,131,688 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.08.07 12:32:10 | 000,010,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.08.07 12:32:10 | 000,010,736 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.08.07 12:29:54 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Rudolf\Desktop\OTL.exe [2013.08.07 12:28:10 | 000,000,494 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Update Version3 Startup Task.job [2013.08.07 12:28:09 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.08.07 12:26:19 | 000,000,512 | ---- | M] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2013.08.07 12:24:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.08.07 12:24:12 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys [2013.08.07 12:24:10 | 002,260,290 | ---- | M] () -- C:\Windows\System32\oodbs.lor [2013.08.07 12:15:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.08.07 11:56:01 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.08.06 21:58:11 | 000,002,174 | ---- | M] () -- C:\Users\Public\Desktop\Google Earth.lnk [2013.08.06 18:00:00 | 000,000,470 | ---- | M] () -- C:\Windows\tasks\SpeedyPC Registration3.job [2013.08.06 18:00:00 | 000,000,446 | ---- | M] () -- C:\Windows\tasks\ParetoLogic Registration3.job [2013.08.06 13:25:00 | 000,001,052 | ---- | M] () -- C:\Windows\tasks\Google Software Updater.job [2013.07.28 19:34:15 | 000,001,869 | ---- | M] () -- C:\Users\Public\Desktop\MyKeyFinder.lnk [2013.07.28 12:55:58 | 000,001,028 | ---- | M] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.07.25 23:31:26 | 000,060,256 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BGLsp.dll [2013.07.25 23:31:19 | 000,113,088 | ---- | M] (BullGuard Ltd.) -- C:\Windows\System32\BgGamingMonitor.dll [2013.07.12 19:49:18 | 000,000,046 | ---- | M] () -- C:\Windows\hmview.ini [2013.07.12 19:48:05 | 000,002,258 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2013.07.12 19:48:05 | 000,002,217 | ---- | M] () -- C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk [2013.07.10 21:39:21 | 000,510,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.08.07 12:26:19 | 000,000,512 | ---- | C] () -- C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD [2013.07.28 19:34:15 | 000,001,869 | ---- | C] () -- C:\Users\Public\Desktop\MyKeyFinder.lnk [2013.07.28 12:55:58 | 000,001,028 | ---- | C] () -- C:\Users\Public\Desktop\VLC media player.lnk [2013.07.12 19:50:36 | 000,002,217 | ---- | C] () -- C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk [2013.07.12 19:48:05 | 000,002,258 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Control Center.lnk [2013.02.18 22:35:14 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Organs [2013.02.18 22:35:14 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\Nature Sounds [2013.02.18 22:35:14 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLeo.DAT [2012.12.28 18:25:39 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MIDI Configurations [2012.12.28 18:25:39 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Machines [2012.12.28 18:25:38 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLes.DAT [2012.12.28 18:25:04 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MIDI Devices [2012.12.28 18:25:04 | 000,000,268 | RH-- | C] () -- C:\ProgramData\Mail [2012.12.28 18:25:04 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLev.DAT [2012.12.28 18:25:03 | 000,000,268 | RH-- | C] () -- C:\ProgramData\MIDI Patch Names [2012.12.28 18:25:03 | 000,000,268 | RH-- | C] () -- C:\Users\Rudolf\AppData\Roaming\MAS [2012.12.28 18:25:03 | 000,000,020 | -H-- | C] () -- C:\ProgramData\PKP_DLet.DAT [2012.11.16 21:25:13 | 000,000,161 | ---- | C] () -- C:\Windows\Readiris.ini [2012.11.16 20:01:04 | 000,000,608 | -HS- | C] () -- C:\Windows\System32\winzvprt5.sys [2012.11.16 20:01:04 | 000,000,230 | ---- | C] () -- C:\Windows\System32\hppfaxprinter5.ini [2012.08.14 14:20:23 | 000,000,054 | ---- | C] () -- C:\Windows\Player.INI [2012.01.15 02:34:31 | 000,444,283 | ---- | C] () -- C:\Program Files\Common Files\WinPcapNmap.exe [2011.12.07 00:41:53 | 000,000,094 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\fusioncache.dat [2011.11.16 23:17:35 | 000,000,060 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\Default.PLS [2011.11.09 21:14:12 | 000,000,000 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\{ADC9AC13-BE0E-4997-A707-30FC6EC44247} [2011.10.30 15:02:02 | 000,000,046 | ---- | C] () -- C:\Windows\hmview.ini [2011.08.12 19:48:20 | 000,164,352 | ---- | C] () -- C:\Windows\System32\UNRAR.DLL [2011.08.12 19:48:20 | 000,075,264 | ---- | C] () -- C:\Windows\System32\UNACEV2.DLL [2011.06.23 22:55:31 | 000,000,000 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\{BE254C61-9F73-4BF6-A5CC-35E5CE8E8C6D} [2010.03.30 21:12:27 | 000,000,186 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\wklnhst.dat [2010.03.14 04:50:30 | 000,115,165 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\mdbu.bin [2010.03.05 22:04:02 | 000,005,632 | ---- | C] () -- C:\Users\Rudolf\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.02.27 01:00:29 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol [2009.10.25 15:21:23 | 000,001,074 | RH-- | C] () -- C:\Users\Rudolf\XrxWm.ini [2009.10.25 15:21:23 | 000,000,522 | RH-- | C] () -- C:\Users\Rudolf\xw45cpdy.dyc [2009.09.20 20:28:25 | 000,543,273 | ---- | C] () -- C:\Users\Rudolf\AppData\Roaming\NMM-MetaData.db [2008.07.28 22:26:26 | 000,000,049 | ---- | C] () -- C:\Users\Rudolf\MU-NDS.INI ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.02.27 06:55:05 | 012,872,704 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2013.08.06 17:54:03 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\BullGuard [2013.02.10 21:51:11 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\Epson [2010.02.28 00:15:27 | 000,000,000 | ---D | M] -- C:\Users\Arne\AppData\Roaming\PC Suite [2011.12.29 23:16:01 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\BullGuard [2011.12.29 23:10:40 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\PC Suite [2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Berbel.Rudolf-PC\AppData\Roaming\PDF Software [2013.03.18 15:19:55 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\7-PDFMaker [2013.03.07 21:22:25 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\BullGuard [2012.07.17 00:49:27 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\EPSON [2010.02.28 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\Nokia [2010.02.28 00:27:31 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\PC Suite [2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Helge\AppData\Roaming\PDF Software [2013.06.28 13:26:36 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\BullGuard [2013.06.28 13:26:35 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\Epson [2011.12.29 23:04:26 | 000,000,000 | ---D | M] -- C:\Users\Imke\AppData\Roaming\PC Suite [2011.12.08 01:10:18 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\.zaz [2010.04.26 11:50:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\7-PDFMaker [2010.02.28 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\A-Z Technology [2013.04.02 20:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Baxox [2010.02.28 00:16:56 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Buhl Data Service GmbH [2013.04.23 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\BullGuard [2011.04.14 00:06:49 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Canon [2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\COMPUTERBILD Browser-Optimierer [2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\concept design [2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DasTelefonbuch Deutschland [2011.08.12 19:48:22 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Dateicommander [2011.11.16 22:27:38 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DriverCure [2011.03.02 00:05:11 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Duden [2013.05.05 13:45:20 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\DVDVideoSoft [2010.04.26 11:35:01 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Engelmann Media [2012.11.03 21:04:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\EPSON [2011.10.17 20:14:29 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\FileZilla [2013.06.30 20:00:09 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\FolderColorize [2010.06.26 21:44:25 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Foxit [2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\GlarySoft [2010.08.27 17:46:03 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\InstantGet [2013.04.23 22:31:05 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Iqda [2011.08.07 21:40:55 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\LG Electronics [2010.12.20 00:11:12 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MAGIX [2010.02.28 00:16:57 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\map&guide [2012.04.28 21:31:12 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Mobipocket [2009.01.08 00:09:32 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\MyHeritage [2012.12.28 18:29:16 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nikon [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nokia [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Nokia Multimedia Player [2013.04.02 20:30:06 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Omun [2013.05.05 13:45:19 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\OpenCandy [2011.11.16 22:27:37 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\ParetoLogic [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\PC Suite [2013.02.05 22:32:44 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\PDF Software [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Pegasys Inc [2013.02.05 22:16:54 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\SpeedyPC Software [2011.08.12 20:23:51 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Startpage24 [2013.06.30 20:17:07 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Stellarium [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\T-Online [2011.06.12 18:14:50 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Template [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\The Complete Genealogy Reporter - FTB [2010.02.28 00:17:04 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\TomTom [2011.05.14 18:20:16 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Tunebite [2009.11.14 01:08:01 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\TVG [2011.03.18 16:06:21 | 000,000,000 | ---D | M] -- C:\Users\Rudolf\AppData\Roaming\Ulead Systems ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2010.02.27 23:32:48 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2011.12.29 23:10:41 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2010.02.28 00:36:34 | 000,000,000 | -H-D | M] -- C:\$WINDOWS.~Q [2009.01.31 19:21:05 | 000,000,000 | ---D | M] -- C:\12.000 Office Vorlagen Teil 1 [2009.01.31 18:13:15 | 000,000,000 | ---D | M] -- C:\12.000 Office Vorlagen Teil 3 [2010.04.09 21:19:58 | 000,000,000 | ---D | M] -- C:\650 Office Vorlagen [2011.05.07 00:58:53 | 000,000,000 | -HSD | M] -- C:\Boot [2013.08.06 21:58:14 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009.07.14 06:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2008.07.22 00:26:05 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2010.09.16 21:14:30 | 000,000,000 | ---D | M] -- C:\downloads [2012.01.17 21:00:34 | 000,000,000 | ---D | M] -- C:\FW3 [2008.07.22 22:27:32 | 000,000,000 | RH-D | M] -- C:\MSOCache [2008.06.11 10:25:01 | 000,000,000 | ---D | M] -- C:\MyWorks [2011.12.07 00:19:02 | 000,000,000 | ---D | M] -- C:\NVIDIA [2009.07.14 04:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.07.28 19:34:14 | 000,000,000 | R--D | M] -- C:\Program Files [2013.08.07 12:39:40 | 000,000,000 | -H-D | M] -- C:\ProgramData [2008.07.22 00:26:05 | 000,000,000 | -HSD | M] -- C:\Programme [2010.02.27 01:00:27 | 000,000,000 | -HSD | M] -- C:\Recovery [2011.08.07 21:44:18 | 000,000,000 | ---D | M] -- C:\Sounds [2013.08.07 12:39:08 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.12.29 23:10:28 | 000,000,000 | R--D | M] -- C:\Users [2011.12.05 23:20:33 | 000,000,000 | ---D | M] -- C:\Vimeo [2013.02.06 21:48:25 | 000,000,000 | ---D | M] -- C:\VPSdriftmodell [2013.07.03 20:54:49 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 03:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 03:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 03:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 03:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 14:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.06.30 21:43:13 | 000,001,094 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job [2009.06.30 21:43:14 | 000,001,098 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job [2009.07.14 06:53:46 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2009.07.14 06:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2010.05.23 15:55:13 | 000,001,052 | ---- | C] () -- C:\Windows\Tasks\Google Software Updater.job [2011.11.16 22:27:27 | 000,000,360 | ---- | C] () -- C:\Windows\Tasks\PC Health Advisor.job [2011.11.16 22:27:28 | 000,000,378 | ---- | C] () -- C:\Windows\Tasks\PC Health Advisor Defrag.job [2011.11.16 22:27:28 | 000,000,420 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Update Version3.job [2011.11.16 22:27:58 | 000,000,446 | ---- | C] () -- C:\Windows\Tasks\ParetoLogic Registration3.job [2012.04.22 16:45:34 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2013.02.05 22:16:40 | 000,000,398 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Pro.job [2013.02.05 22:16:40 | 000,000,442 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3.job [2013.02.05 22:16:40 | 000,000,494 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Update Version3 Startup Task.job [2013.02.05 22:17:02 | 000,000,470 | ---- | C] () -- C:\Windows\Tasks\SpeedyPC Registration3.job < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2007.01.12 22:30:08 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\HomeCinema\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2009.07.14 03:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_518afd35db100430\explorer.exe [2011.02.26 07:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_525b5180f3f95373\explorer.exe [2009.10.31 07:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_51a66d6ddafc2ed1\explorer.exe [2011.02.26 07:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_51a3a583dafd0cef\explorer.exe [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe [2009.08.03 07:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_526619d4f3f142e6\explorer.exe [2009.08.03 07:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_51e07e31dad00878\explorer.exe [2009.10.31 08:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_52283b2af41f3691\explorer.exe < MD5 for: IASTOR.SYS > [2007.09.29 23:03:32 | 000,384,024 | ---- | M] (Intel Corporation) MD5=16A4671255CFB842225F0FDB6DBDB414 -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver64\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Program Files\Intel\Intel Matrix Storage Manager\Driver\IaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\drivers\iaStor.sys [2007.09.29 23:03:12 | 000,308,248 | ---- | M] (Intel Corporation) MD5=E5A0034847537EAEE3C00349D5C34C5F -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_633476a5a8eb44de\iaStor.sys < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WINLOGON.EXE > [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2013.05.22 22:20:21 | 000,357,888 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtmsft.dll [2013.05.22 22:20:21 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\dxtrans.dll < %USERPROFILE%\*.* > [2010.03.30 22:10:35 | 000,012,811 | ---- | M] () -- C:\Users\Rudolf\Ablaufplan Hochzeit Julia.docx [2010.08.16 23:20:32 | 000,000,049 | ---- | M] () -- C:\Users\Rudolf\MU-NDS.INI [2013.08.07 12:44:08 | 007,864,320 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat [2013.08.07 12:44:08 | 000,262,144 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat.LOG1 [2010.02.27 23:52:31 | 000,000,000 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat.LOG2 [2010.02.27 23:52:31 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf [2010.02.27 23:52:31 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms [2010.02.27 23:52:31 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms [2010.04.09 21:24:18 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TM.blf [2010.04.09 21:24:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TMContainer00000000000000000001.regtrans-ms [2010.04.09 21:24:18 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{99c94114-4406-11df-bb19-0021850d4cfe}.TMContainer00000000000000000002.regtrans-ms [2010.05.10 21:33:15 | 000,065,536 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TM.blf [2010.05.10 21:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TMContainer00000000000000000001.regtrans-ms [2010.05.10 21:33:15 | 000,524,288 | -HS- | M] () -- C:\Users\Rudolf\ntuser.dat{e1d9be48-5c65-11df-a123-0021850d4cfe}.TMContainer00000000000000000002.regtrans-ms [2010.02.27 01:00:37 | 000,000,020 | -HS- | M] () -- C:\Users\Rudolf\ntuser.ini [2008.12.26 12:18:22 | 001,199,437 | ---- | M] () -- C:\Users\Rudolf\Perspektive Imke.docx [2009.10.25 15:21:23 | 000,001,074 | RH-- | M] () -- C:\Users\Rudolf\XrxWm.ini [2009.10.25 15:21:23 | 000,000,522 | RH-- | M] () -- C:\Users\Rudolf\xw45cpdy.dyc < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 ========== Alternate Data Streams ========== @Alternate Data Stream - 307 bytes -> C:\ProgramData\TEMP:8E86D32B < End of report > |
|
07.08.2013, 13:47
| #4 |
| /// Malware-holic | GVU-Trojaner eingefangen Hi, benötige doch folgenes: Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 14:27
| #5 |
| | GVU-Trojaner eingefangen Ok, werde mich da durcharbeiten. Danke. Kann ich das alles auch als angemeldeter Benutzer bei Win 7 anwenden, obwohl das Trojaner-Fenster nur beim Anmelden eines anderen Benutzers erscheint? Oder muss das alles von dem Benutzer durchgeführt werden, bei dem das Fenster erscheint? |
|
07.08.2013, 14:35
| #6 |
| /// Malware-holic | GVU-Trojaner eingefangen Der scan muss aus dem recovery Mode ausgeführt werden, wie angegeben
__________________ --> GVU-Trojaner eingefangen |
|
07.08.2013, 15:56
| #7 |
| | GVU-Trojaner eingefangen Hier der Inhalt der FRST.txt Datei, die auf meinem USB-Stick nach dem FRST Scan am betroffenen Computer erstellt wurde. FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 07-08-2013
Ran by SYSTEM on 07-08-2013 17:11:45
Running from I:\
Windows 7 Home Premium (X86) OS Language: German Standard
Internet Explorer Version 10
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [FreePDF Assistant] - C:\Program Files\FreePDF_XP\fpassist.exe [311296 2007-04-25] (shbox.de)
HKLM\...\Run: [IAAnotif] - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe [178712 2007-10-03] (Intel Corporation)
HKLM\...\Run: [OODefragTray] - C:\Windows\system32\oodtray.exe [2512392 2007-05-11] (O&O Software GmbH)
HKLM\...\Run: [PCSuiteTrayApplication] - C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe [227328 2007-03-23] (Nokia)
HKLM\...\Run: [BCSSync] - C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-03-13] (Microsoft Corporation)
HKLM\...\Run: [BullGuard] - C:\Program Files\BullGuard Ltd\BullGuard\BullGuard.exe [852832 2013-07-25] (BullGuard Ltd.)
HKLM\...\Run: [Adobe ARM] - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM\...\Run: [EEventManager] - C:\Program Files\Epson Software\Event Manager\EEventManager.exe [979328 2010-10-12] (SEIKO EPSON CORPORATION)
HKLM\...\Run: [StatusAlerts] - C:\Program Files\HP\StatusAlerts\bin\HPStatusAlerts.exe [304696 2011-10-14] (Hewlett-Packard Company)
HKLM\...\Run: [] - [x]
HKLM\...\Run: [Nikon Message Center 2] - C:\Program Files\Nikon\Nikon Message Center 2\NkMC2.exe [571392 2011-10-30] (Nikon Corporation)
HKLM\...\Run: [BullGuardUpdate2] - c:\program files\bullguard ltd\bullguard\BullGuardUpdate2.exe [1879392 2013-07-25] (BullGuard Ltd.)
HKLM\...\Run: [Nvtmru] - C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\nvtmru.exe [1012000 2013-05-16] (NVIDIA Corporation)
HKU\Arne\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Arne\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Arne\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Arne\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Arne\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Arne\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil32_11_7_700_224_Plugin.exe [ 2013-06-11] (Adobe Systems Incorporated)
HKU\Berbel.Rudolf-PC\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\BERBEL~1.RUD\AppData\Local\Temp\E_SEF8C.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Helge\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Helge\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Helge\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Helge\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Helge\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Imke\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Imke\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Imke\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\Imke\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\Imke\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\Rudolf\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\Rudolf\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\UpdatusUser\...\Run: [ehTray.exe] - C:\Windows\ehome\ehTray.exe [ 2010-11-20] (Microsoft Corporation)
HKU\UpdatusUser\...\Run: [EPSON Stylus SX200 Series] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Users\Rudolf\AppData\Local\Temp\E_S62DA.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\UpdatusUser\...\Run: [IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe [ 2008-02-28] (Nero AG)
HKU\UpdatusUser\...\Run: [TomTomHOME.exe] - C:\Program Files\TomTom HOME 2\TomTomHOMERunner.exe [ 2012-08-28] (TomTom)
HKU\UpdatusUser\...\Run: [EPSON Stylus SX200 Series (Kopie 1)] - C:\Windows\system32\spool\DRIVERS\W32X86\3\E_FATIEFE.EXE /FU "C:\Windows\TEMP\E_S61E5.tmp" /EF "HKCU" [x] <===== ATTENTION
HKU\UpdatusUser\...\RunOnce: [FlashPlayerUpdate] - C:\Windows\system32\Macromed\Flash\FlashUtil10t_Plugin.exe -update plugin [x]
HKU\UpdatusUser\...\RunOnce: [sxAutoReg] - C:\Program Files\Internet Explorer\iexplore.exe [ 2013-06-12] (Microsoft Corporation)
Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk
ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg ()
BootExecute: autocheck autochk * OODBS
========================== Services (Whitelisted) =================
S2 AAV UpdateService; C:\Program Files\AAVUpdateManager\aavus.exe [128296 2008-10-24] ()
S2 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S2 BsBackup; C:\Program Files\BullGuard Ltd\BullGuard\BsBackup.dll [560992 2013-07-25] (BullGuard Ltd.)
S2 BsBhvScan; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardBhvScanner.exe [376736 2013-08-07] (BullGuard Ltd.)
S2 BsFileScan; c:\program files\bullguard ltd\bullguard\BsFileScan.dll [307552 2013-07-25] (BullGuard Ltd.)
S2 BsFire; c:\program files\bullguard ltd\bullguard\BsFire.dll [478048 2013-07-25] (BullGuard Ltd.)
S2 BsMailProxy; c:\program files\bullguard ltd\bullguard\BsMailProxy\BsMailProxy.dll [495456 2013-07-25] (BullGuard Ltd.)
S2 BsMain; C:\Program Files\BullGuard Ltd\BullGuard\BsMain.dll [261472 2013-07-25] (BullGuard Ltd.)
S2 BsScanner; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardScanner.exe [212832 2013-07-25] (BullGuard Ltd.)
S2 BsUpdate; C:\Program Files\BullGuard Ltd\BullGuard\BullGuardUpdate.exe [288096 2013-07-25] (BullGuard Ltd.)
S2 EpsonBidirectionalService; C:\Program Files\Common Files\EPSON\EBAPI\eEBSVC.exe [94208 2006-12-19] (SEIKO EPSON CORPORATION)
S2 EPSON_EB_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40ST7.EXE [143872 2007-12-17] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_01; C:\ProgramData\EPSON\EPW!3 SSRP\E_S40RP7.EXE [113664 2007-01-11] (SEIKO EPSON CORPORATION)
S2 EPSON_PM_RPCV4_04; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S50RP7.EXE [142432 2012-02-21] (SEIKO EPSON CORPORATION)
S2 Fabs; C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe [1253376 2009-08-27] (MAGIX AG)
S3 FirebirdServerMAGIXInstance; C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe [3276800 2008-08-07] (MAGIX®)
S3 GoogleDesktopManager; C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe [69120 2008-07-21] (Google)
S2 gupdate1c98b0b12b4a6e0; C:\Program Files\Google\Update\GoogleUpdate.exe [133104 2009-02-10] (Google Inc.)
S3 HP DS Service; C:\Program Files\HP\HPBDSService\HPBDSService.exe [13824 2011-10-17] (Hewlett-Packard Company)
S2 HP LaserJet Service; C:\Program Files\HP\HPLaserJetService\HPLaserJetService.exe [164352 2011-08-04] (HP)
S2 O&O Defrag; C:\Windows\system32\oodag.exe [1050120 2007-05-11] (O&O Software GmbH)
S2 RichVideo; C:\Program Files\CyberLink\Shared Files\RichVideo.exe [237638 2008-06-03] ()
S2 Soda PDF Service; C:\Program Files\Soda PDF\ConversionService.exe [807760 2010-12-03] (LULU Software)
S3 SXDS10; C:\Program Files\Common Files\soft Xpansion\SXDS10.exe [160768 2009-07-13] (soft Xpansion)
S2 x10nets; C:\Program Files\Common Files\X10\Common\X10nets.exe [20480 2001-11-12] (X10)
==================== Drivers (Whitelisted) ====================
S1 AFW; C:\Windows\System32\DRIVERS\afw.sys [33888 2013-03-04] (Agnitum Ltd.)
S3 afwcore; C:\Windows\System32\DRIVERS\afwcore.sys [337504 2013-03-04] (Agnitum Ltd.)
S3 athur; C:\Windows\System32\DRIVERS\athur.sys [1500160 2010-01-05] (Atheros Communications, Inc.)
S3 BdNet; C:\Windows\System32\drivers\BdNet.sys [27760 2013-03-04] (BullGuard Ltd.)
S1 BdSpy; C:\Windows\System32\DRIVERS\BdSpy.sys [64624 2013-03-21] (BullGuard Ltd.)
S1 cdrbsdrv; C:\Windows\System32\Drivers\cdrbsdrv.sys [33408 2009-06-17] (B.H.A Corporation)
S2 drhard; C:\Windows\System32\Drivers\drhard.sys [23600 2005-12-01] (Licensed for Gebhard Software)
S1 DslMNLwf; C:\Windows\System32\DRIVERS\dslmnlwf.sys [16448 2007-08-01] (T-Systems Enterprise Services GmbH)
S1 ElbyCDIO; C:\Windows\System32\Drivers\ElbyCDIO.sys [26024 2009-12-17] (Elaborate Bytes AG)
S3 netr28u; C:\Windows\System32\DRIVERS\netr28u.sys [657408 2009-07-13] (Ralink Technology Corp.)
S2 npf; C:\Windows\System32\drivers\npf.sys [50704 2010-01-27] (CACE Technologies, Inc.)
S3 Ph3xIB32; C:\Windows\System32\DRIVERS\Ph3xIB32.sys [1311232 2009-07-13] (NXP Semiconductors)
S3 RRNetCap; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-17] (RapidSolution Software AG)
S3 RRNetCapMP; C:\Windows\System32\DRIVERS\rrnetcap.sys [31848 2011-11-17] (RapidSolution Software AG)
S3 tbhsd; C:\Windows\System32\drivers\tbhsd.sys [39016 2011-11-17] (RapidSolution Software AG)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [343456 2013-03-04] (BitDefender S.R.L.)
S3 usbbus; C:\Windows\System32\DRIVERS\lgusbbus.sys [13056 2008-11-19] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\DRIVERS\lgusbdiag.sys [19968 2008-11-19] (LG Electronics Inc.)
S3 USBModem; C:\Windows\System32\DRIVERS\lgusbmodem.sys [24832 2008-11-19] (LG Electronics Inc.)
S3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 dsltestSp5; System32\Drivers\dsltestSp5.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-08-07 17:11 - 2013-08-07 17:11 - 00000000 ____D C:\FRST
2013-08-07 16:04 - 2013-08-07 16:04 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 _____ C:\Users\Rudolf\Desktop\Neues Textdokument.txt
2013-08-07 12:28 - 2013-08-07 12:28 - 00089888 _____ C:\Users\Rudolf\Desktop\Extras.Txt
2013-08-07 12:27 - 2013-08-07 12:27 - 00199578 _____ C:\Users\Rudolf\Desktop\OTL.Txt
2013-08-07 11:29 - 2013-08-07 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Rudolf\Desktop\OTL.exe
2013-08-06 17:00 - 2013-08-06 17:00 - 00000000 ____D C:\Users\Arne\AppData\Local\Macromedia
2013-08-06 16:57 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Local\Mozilla
2013-08-06 16:53 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Mozilla
2013-08-06 16:42 - 2013-08-06 16:42 - 00000000 ____D C:\Users\Helge\AppData\Roaming\DivX
2013-08-06 12:02 - 2013-08-06 12:11 - 107312646 _____ C:\Users\Helge\Downloads\Patrick_Moraz-Story_of_I(1976).rar
2013-07-28 18:34 - 2013-07-28 18:34 - 00001869 _____ C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Abelssoft
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Program Files\MyKeyFinder
2013-07-28 11:55 - 2013-07-28 11:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 22:31 - 2013-07-25 22:31 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-07-25 22:31 - 2013-07-25 22:31 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Teldat
2013-07-12 18:50 - 2013-07-12 18:48 - 00002217 _____ C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
2013-07-12 18:47 - 2013-07-12 18:47 - 00000000 ____D C:\Program Files\Teldat WIN-Tools
2013-07-10 19:45 - 2013-06-12 00:43 - 14329856 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 02877440 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 01767936 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 01141248 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00690688 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00493056 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-07-10 19:45 - 2013-06-12 00:43 - 00042496 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-07-10 19:45 - 2013-06-12 00:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 13760512 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 02046976 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00391168 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00109056 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00061440 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-07-10 19:45 - 2013-06-12 00:42 - 00033280 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-07-10 19:45 - 2013-06-11 23:51 - 00071680 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-07-10 19:45 - 2013-06-07 03:37 - 02706432 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-07-10 19:29 - 2013-04-10 00:34 - 01247744 _____ (Microsoft Corporation) C:\Windows\System32\DWrite.dll
2013-07-10 19:28 - 2013-06-05 04:05 - 02347520 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2013-07-10 19:28 - 2013-06-04 05:53 - 00509440 _____ (Microsoft Corporation) C:\Windows\System32\qedit.dll
2013-07-10 19:28 - 2013-05-06 05:56 - 01620480 _____ (Microsoft Corporation) C:\Windows\System32\WMVDECOD.DLL
==================== One Month Modified Files and Folders =======
2013-08-07 17:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\LogFiles
2013-08-07 16:04 - 2013-08-07 16:04 - 00000512 _____ C:\Windows\System32\F39D4DE6-98B8-4E05-91BD-549E8A8248BD
2013-08-07 16:04 - 2013-05-11 14:28 - 17545776 _____ C:\Windows\setupact.log
2013-08-07 16:04 - 2011-12-07 22:38 - 00000664 _____ C:\Windows\System32\config\afw_hm.conf
2013-08-07 16:04 - 2011-12-07 22:38 - 00000004 _____ C:\Windows\System32\config\afw_db.conf
2013-08-07 16:04 - 2011-12-07 22:34 - 00000000 ____D C:\ProgramData\BullGuard
2013-08-07 16:04 - 2009-01-02 19:12 - 00000375 _____ C:\Windows\System32\Drivers\etc\hosts.ics
2013-08-07 16:04 - 2008-05-27 08:57 - 00000000 ____D C:\ProgramData\NVIDIA
2013-08-07 16:03 - 2009-01-18 20:43 - 02266675 _____ C:\Windows\System32\oodbs.lor
2013-08-07 15:57 - 2010-02-27 23:53 - 02029490 _____ C:\Windows\WindowsUpdate.log
2013-08-07 15:57 - 2010-02-27 22:50 - 00010736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:57 - 2010-02-27 22:50 - 00010736 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-08-07 15:42 - 2013-05-11 14:28 - 00079668 _____ C:\Windows\PFRO.log
2013-08-07 13:28 - 2013-08-07 13:28 - 00000000 _____ C:\Users\Rudolf\Desktop\Neues Textdokument.txt
2013-08-07 12:28 - 2013-08-07 12:28 - 00089888 _____ C:\Users\Rudolf\Desktop\Extras.Txt
2013-08-07 12:27 - 2013-08-07 12:27 - 00199578 _____ C:\Users\Rudolf\Desktop\OTL.Txt
2013-08-07 11:36 - 2010-02-27 22:51 - 01696914 _____ C:\Windows\System32\PerfStringBackup.INI
2013-08-07 11:29 - 2013-08-07 11:29 - 00602112 _____ (OldTimer Tools) C:\Users\Rudolf\Desktop\OTL.exe
2013-08-06 20:58 - 2011-11-20 10:15 - 00002174 _____ C:\Users\Public\Desktop\Google Earth.lnk
2013-08-06 20:58 - 2008-07-21 23:21 - 00000000 ____D C:\Program Files\Google
2013-08-06 17:00 - 2013-08-06 17:00 - 00000000 ____D C:\Users\Arne\AppData\Local\Macromedia
2013-08-06 16:57 - 2013-08-06 16:57 - 00000000 ____D C:\Users\Arne\AppData\Local\Mozilla
2013-08-06 16:57 - 2013-08-06 16:53 - 00000000 ____D C:\Users\Arne\AppData\Roaming\Mozilla
2013-08-06 16:54 - 2008-10-12 13:19 - 00000000 ____D C:\Users\Arne\AppData\Roaming\BullGuard
2013-08-06 16:42 - 2013-08-06 16:42 - 00000000 ____D C:\Users\Helge\AppData\Roaming\DivX
2013-08-06 12:57 - 2012-08-08 16:38 - 00000000 ____D C:\Users\Helge\AppData\Roaming\vlc
2013-08-06 12:11 - 2013-08-06 12:02 - 107312646 _____ C:\Users\Helge\Downloads\Patrick_Moraz-Story_of_I(1976).rar
2013-07-28 18:34 - 2013-07-28 18:34 - 00001869 _____ C:\Users\Public\Desktop\MyKeyFinder.lnk
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Abelssoft
2013-07-28 18:34 - 2013-07-28 18:34 - 00000000 ____D C:\Program Files\MyKeyFinder
2013-07-28 13:46 - 2008-07-27 00:55 - 00000000 ___RD C:\Users\Rudolf\Documents\BWK
2013-07-28 12:43 - 2008-12-11 21:15 - 00000000 ____D C:\ProgramData\FreePDF
2013-07-28 12:41 - 2013-05-18 21:31 - 00000388 _____ C:\fpRedmon.log
2013-07-28 11:58 - 2009-11-14 00:09 - 00000000 ____D C:\Users\Rudolf\AppData\Roaming\vlc
2013-07-28 11:55 - 2013-07-28 11:55 - 00001028 _____ C:\Users\Public\Desktop\VLC media player.lnk
2013-07-25 22:31 - 2013-07-25 22:31 - 00113088 _____ (BullGuard Ltd.) C:\Windows\System32\BgGamingMonitor.dll
2013-07-25 22:31 - 2013-07-25 22:31 - 00060256 _____ (BullGuard Ltd.) C:\Windows\System32\BGLsp.dll
2013-07-14 22:10 - 2011-07-12 21:21 - 00000000 ____D C:\Users\Rudolf\Desktop\Achtum
2013-07-12 18:53 - 2008-07-27 00:42 - 00000000 ___RD C:\Users\Rudolf\Documents\Privat
2013-07-12 18:50 - 2013-07-12 18:50 - 00000000 ____D C:\Users\Rudolf\AppData\Local\Teldat
2013-07-12 18:49 - 2011-10-30 14:02 - 00000046 _____ C:\Windows\hmview.ini
2013-07-12 18:48 - 2013-07-12 18:50 - 00002217 _____ C:\Users\Rudolf\Desktop\Konfiguration der Telefonanlage.lnk
2013-07-12 18:48 - 2008-05-26 13:27 - 00000000 ___HD C:\Program Files\InstallShield Installation Information
2013-07-12 18:47 - 2013-07-12 18:47 - 00000000 ____D C:\Program Files\Teldat WIN-Tools
2013-07-12 18:43 - 2008-09-22 22:22 - 00000000 ____D C:\Program Files\DIFX
2013-07-12 18:42 - 2011-10-30 14:31 - 00000000 ____D C:\Program Files\T-Home
2013-07-10 22:16 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET
2013-07-10 20:39 - 2009-07-14 05:33 - 00510536 _____ C:\Windows\System32\FNTCACHE.DAT
2013-07-10 20:38 - 2008-05-26 13:11 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2013-07-10 20:36 - 2009-07-14 09:56 - 00000000 ____D C:\Program Files\Windows Journal
2013-07-10 20:36 - 2009-07-14 05:52 - 00000000 ____D C:\Program Files\Windows Defender
2013-07-10 19:46 - 2008-05-26 15:29 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-07-10 19:39 - 2010-03-14 18:24 - 75699896 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-07-08 19:43 - 2009-04-13 12:36 - 00000000 ____D C:\Users\Rudolf\Documents\Steuerfälle
==================== Known DLLs (Whitelisted) ============
==================== Bamital & volsnap Check =================
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2013-03-14 00:33:22
Restore point made on: 2013-03-24 19:04:41
Restore point made on: 2013-03-24 21:19:42
Restore point made on: 2013-03-28 00:29:08
Restore point made on: 2013-04-05 09:22:23
Restore point made on: 2013-04-10 23:35:23
Restore point made on: 2013-04-15 23:01:24
Restore point made on: 2013-04-23 21:29:52
Restore point made on: 2013-04-23 23:50:27
Restore point made on: 2013-04-24 22:19:05
Restore point made on: 2013-05-05 12:29:37
Restore point made on: 2013-05-11 14:25:51
Restore point made on: 2013-05-15 13:12:45
Restore point made on: 2013-05-22 21:17:44
Restore point made on: 2013-05-31 21:31:14
Restore point made on: 2013-06-07 21:59:44
Restore point made on: 2013-06-12 14:34:55
Restore point made on: 2013-06-16 20:46:05
Restore point made on: 2013-06-24 19:40:26
Restore point made on: 2013-07-05 21:36:10
Restore point made on: 2013-07-10 19:33:58
Restore point made on: 2013-07-12 18:42:33
Restore point made on: 2013-07-12 18:47:15
Restore point made on: 2013-07-27 13:16:53
Restore point made on: 2013-08-05 20:53:39
Restore point made on: 2013-08-07 11:39:05
==================== Memory info ===========================
Percentage of memory in use: 15%
Total physical RAM: 3070.18 MB
Available physical RAM: 2596.46 MB
Total Pagefile: 3068.45 MB
Available Pagefile: 2593.25 MB
Total Virtual: 2047.88 MB
Available Virtual: 1930.44 MB
==================== Drives ================================
Drive c: (BOOT) (Fixed) (Total:445.75 GB) (Free:203.31 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive d: (RECOVER) (Fixed) (Total:19.99 GB) (Free:11.41 GB) FAT32
Drive i: () (Removable) (Total:3.84 GB) (Free:3.84 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 466 GB) (Disk ID: 341942CD)
Partition 1: (Active) - (Size=446 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=20 GB) - (Type=OF Extended)
========================================================
Disk: 4 (Size: 4 GB) (Disk ID: 8A5C34AE)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-08-05 20:46
==================== End Of Log ============================
Geändert von fck-fan (07.08.2013 um 16:16 Uhr) |
|
07.08.2013, 16:11
| #8 |
| /// Malware-holic | GVU-Trojaner eingefangen was soll ich mit solch einem Post anfangen? bitte poste bei Fragen bzw problemen, oder wenn das Log fertig sind.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 16:30
| #9 | |
| | GVU-Trojaner eingefangenZitat:
Tante Edit sagt: All right. Haben uns wohl missverstanden.  Geändert von fck-fan (07.08.2013 um 16:37 Uhr) |
|
07.08.2013, 16:36
| #10 |
| /// Malware-holic | GVU-Trojaner eingefangen du hast deinen beitrag um 17.16 geendert, ich habe aber um 17.11 geantwortet also war mein post zu der Zeit noch gerechtfertitg :-) ich editiere gleich mehr rein. Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter Startup: C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk
ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg ()
C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Wenn du das betroffene Konto wieder starten kannst: Navigiere bitte zu: C:\FRST\Quarantine Rechtsklick, mit Winrar oder einem anderen Archvierer packen und im Uploadchannel hochladen. http://upload.trojaner-board.de Empfehlungen fürs Deinstallieren Bitte kopiere die Liste der installierten Programme aus der additions.txt hier in deinen Thread. Notiere mir bitte hinter jede Zeile, ob folgendes Kategorie zutrifft: Unbekannt, Nötig, Unnötig
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 17:00
| #11 |
| | GVU-Trojaner eingefangen Super. Mein Desktop ist wieder hergestellt und das Fenster vom Trojaner ist verschwunden! Ich kann mich nur 1000 mal bedanken! Wie so ein Trojaner den Kopf bumsen kann. Eindeutig zu viele schlechte Menschen auf diesem Planeten. Umso schöner, dass ihr mir geholfen habt. Hatte übrigens vorhin den USB-Stick in einem USB-Hub, deshalb funktionierte es nicht. Also USB-Stick sollte scheinbar direkt in den Rechner, wenn man mit FRST arbeiten will. Wo finde ich die additions.txt fürs Deinstallieren? Hier der Inhalt von Fixlog.txt: Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 07-08-2013 Ran by SYSTEM at 2013-08-07 17:48:39 Run:1 Running from I:\ Boot Mode: Recovery ============================================== C:\Users\Helge\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\fkcovysallamioovjgi.lnk => Moved successfully. ShortcutTarget: fkcovysallamioovjgi.lnk -> C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg () not found. "C:\Users\Helge\AppData\Local\Temp\igjvooimallasyvockf.bfg" => File/Directory not found. ==== End of Fixlog ==== |
|
07.08.2013, 17:10
| #12 |
| /// Malware-holic | GVU-Trojaner eingefangen Hi, sorry, mach mal bitte mit dem Upload weiter, das mit der Additions.txt kommt später. Wenn der Upload durch ist, anweisung steht in meinem letzten Post, gehts bitte hiermit weiter: Es sind 2 Logs zu erstellen, möglichst gleichzeitig posten. 1. Scan mit Combofix
2. Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 17:15
| #13 |
| | GVU-Trojaner eingefangen Hm, Upload hat nicht geklappt, bekomme folgende Meldung beim Upload Channel: Fehler: Die Dateien konnten nicht empfangen werden. Bitte melden Sie sich im Forum. |
|
07.08.2013, 17:27
| #14 |
| /// Malware-holic | GVU-Trojaner eingefangen File-Upload.net - Ihr kostenloser File Hoster! da hochladen, Link als private Nachicht an mich
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.08.2013, 17:33
| #15 |
| /// Malware-holic | GVU-Trojaner eingefangen Passt, danke. weiter mit Combofix und TDSS-Killer.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu GVU-Trojaner eingefangen |
| 32 bit, anderen, anderer, angeblich, angemeldet, anmelden, benutzerkonten, countdown, desktop, down, eingefangen, ergebnis, fenster, gen, melde, melden, menschen, posten, programm, scan, task-manager, trojaner, wechsel, wechseln, win, wirklich |
WARNUNG an die MITLESER: 
Linear-Darstellung
