| |
| |||||||
Log-Analyse und Auswertung: GVU Trojaner - abgesicherter Modus startet nichtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.11.2013, 16:35
| #1 |
 |  GVU Trojaner - abgesicherter Modus startet nicht Hey! Habe den GVU-Trojaner eingefangen und schon einiges hier im Forum dazu gelesen. Im abgesicherten Modus fährt mein PC leider sofort wieder runter. Habe, wie in vielen anderen Beiträgen beschrieben, ISOBURN und eine OTLPE CD erstellt. Mit der habe ich bereits gebootet und C:\OTL.Txt bekommen. Wie geht es nun weiter? Wäre echt nett wenn ihr helfen könntet.  OTL logfile created on: 11/26/2013 4:25:58 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE 64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.10.9200.16736) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86) Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS Drive D: | 931.41 Gb Total Space | 765.80 Gb Free Space | 82.22% Space Free | Partition Type: NTFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: Reatogo | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend) SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2013/11/20 17:46:20 | 000,061,540 | ---- | M] (Microsoft Corporation) [Auto] -- D:\ProgramData\j3rjrjhd.pss -- (Winmgmt) SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem) BonanzaDealsLive-Dienst (bonanzadealslivem) SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive) BonanzaDealsLive-Dienst (bonanzadealslive) SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/10/17 12:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2012/07/20 18:04:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2010/12/20 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010/12/20 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010/05/04 05:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86) SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013/02/05 15:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012/10/17 12:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012/10/17 12:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr) DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2011/08/31 12:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011/06/09 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011/02/24 03:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci) DRV:64bit: - [2011/02/24 03:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3) DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010/10/19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs) DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=3C8714DAE9D63517&affID=125035&tsp=5030 IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 68 51 8A 52 93 CC 01 [binary data] IE - HKU\Benutzer01_ON_D\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "https://www.google.de/" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll () FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=: FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/25 15:39:09 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Benutzer01\AppData\Roaming\14001.019 [2012/08/30 10:49:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2011/10/25 15:17:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Extensions [2013/10/09 08:01:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions [2013/10/09 08:01:31 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED} [2013/07/30 14:05:20 | 000,000,000 | ---D | M] (Delta Toolbar) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\ffxtlbr@delta.com [2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\babylon.xml [2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\BrowserProtect.xml [2013/04/05 16:02:25 | 000,001,294 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\delta.xml [2011/10/25 16:11:47 | 000,002,378 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\search.xml [2013/10/09 07:57:50 | 000,001,302 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\searchgol.xml [2012/11/03 13:13:58 | 000,003,915 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\sweetim.xml [2012/05/03 03:11:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions File not found (No name found) -- [2012/09/25 15:39:09 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF [2012/08/30 10:49:54 | 000,000,000 | ---D | M] (Java Link Helper) -- D:\USERS\BENUTZER01\APPDATA\ROAMING\14001.019 [2012/07/20 18:04:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/06/09 11:15:59 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013/04/05 16:02:14 | 000,006,469 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/06/09 11:15:59 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/06/09 11:15:59 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/06/09 11:15:59 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/06/09 11:15:59 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/06/09 11:15:59 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - D:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com) O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - D:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O3 - HKU\Benutzer01_ON_D\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.) O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [Sweetpacks Communicator] File not found O4 - HKU\Benutzer01_ON_D..\Run: [iPhone PC Suite] File not found O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk () O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O8 - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm () O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin) O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O13:64bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0) O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe O34 - HKLM BootExecute: (autocheck autochk *) - File not found 64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found 64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2013/11/25 17:22:30 | 000,060,528 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\ejbeb8z.pss [2013/11/25 17:22:27 | 000,188,928 | ---- | C] (Корпорация Майкрософт) -- D:\ProgramData\z8bebje.dss [2013/11/24 14:51:43 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\Sedcard Fragezeichen [2013/11/23 11:45:51 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\zz [2013/11/22 16:25:20 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\gute [2013/11/20 17:46:20 | 000,061,540 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\j3rjrjhd.pss [2013/11/13 14:14:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll [2013/11/13 14:14:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll [2013/11/13 14:14:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll [2013/11/13 14:14:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll [2013/11/13 14:14:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe [2013/11/13 14:14:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe [2013/11/13 14:14:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll [2013/11/13 14:14:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll [2013/11/13 14:14:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe [2013/11/13 14:14:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll [2013/11/13 14:14:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll [2013/11/13 14:14:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll [2013/11/13 14:14:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll [2013/11/13 14:14:24 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll [2013/11/13 14:14:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll [2013/11/13 14:14:23 | 003,959,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll [2013/11/13 14:14:23 | 002,877,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll [2013/11/13 13:23:58 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll [2013/11/13 13:23:58 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll [2013/11/13 13:23:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL [2013/11/13 13:23:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL [2013/11/13 13:23:55 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll [2013/11/13 13:23:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll [2013/11/13 13:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll [2013/11/13 13:23:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll [2013/11/13 13:23:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll [2013/11/13 13:23:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll [2013/11/13 13:23:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll [2013/11/13 13:23:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll [2013/11/13 13:23:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll [2013/11/13 13:23:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll [2013/11/13 13:23:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll [2013/11/13 13:23:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll [2013/11/13 13:23:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll [2013/11/13 13:23:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll [1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ] [1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/11/26 10:02:24 | 095,025,368 | ---- | M] () -- D:\ProgramData\ejbeb8z.bxx [2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [2013/11/26 10:00:07 | 000,000,000 | ---- | M] () -- D:\ProgramData\ejbeb8z.fvv [2013/11/26 10:00:00 | 000,001,114 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [2013/11/26 09:59:44 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013/11/26 09:59:41 | 3151,405,056 | -HS- | M] () -- D:\hiberfil.sys [2013/11/26 09:44:34 | 000,001,118 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/11/26 07:06:07 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821} [2013/11/26 06:58:49 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E} [2013/11/26 06:56:39 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F} [2013/11/25 17:22:30 | 000,060,528 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\ejbeb8z.pss [2013/11/25 17:22:29 | 000,001,033 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk [2013/11/25 17:22:27 | 000,188,928 | ---- | M] (Корпорация Майкрософт) -- D:\ProgramData\z8bebje.dss [2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\tasks\DigitalSite.job [2013/11/25 08:26:41 | 000,000,097 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG [2013/11/25 08:26:41 | 000,000,006 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT [2013/11/20 18:05:50 | 095,025,368 | ---- | M] () -- D:\ProgramData\j3rjrjhd.bxx [2013/11/20 17:55:00 | 000,001,011 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk [2013/11/20 17:51:11 | 000,000,000 | ---- | M] () -- D:\ProgramData\j3rjrjhd.fvv [2013/11/20 17:48:07 | 000,000,285 | ---- | M] () -- D:\ProgramData\j3rjrjhd.reg [2013/11/20 17:46:20 | 000,061,540 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\j3rjrjhd.pss [2013/11/20 17:42:31 | 000,664,764 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2013/11/20 17:42:31 | 000,624,946 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2013/11/20 17:42:31 | 000,134,932 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2013/11/20 17:42:31 | 000,110,584 | ---- | M] () -- D:\Windows\System32\perfc009.dat [1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ] [1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/11/26 07:06:07 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821} [2013/11/26 06:58:49 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E} [2013/11/26 06:56:39 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F} [2013/11/25 17:22:29 | 000,001,033 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk [2013/11/25 17:22:28 | 095,025,368 | ---- | C] () -- D:\ProgramData\ejbeb8z.bxx [2013/11/25 17:22:28 | 000,000,000 | ---- | C] () -- D:\ProgramData\ejbeb8z.fvv [2013/11/20 17:47:38 | 000,000,285 | ---- | C] () -- D:\ProgramData\j3rjrjhd.reg [2013/11/20 17:46:19 | 000,001,011 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk [2013/11/20 17:46:19 | 000,000,000 | ---- | C] () -- D:\ProgramData\j3rjrjhd.fvv [2013/11/20 17:46:18 | 095,025,368 | ---- | C] () -- D:\ProgramData\j3rjrjhd.bxx [2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\ProgramData\Digital Light [2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Devices [2013/10/17 16:56:20 | 000,000,020 | -H-- | C] () -- D:\ProgramData\PKP_DLbz.DAT [2013/10/17 16:56:19 | 000,000,098 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\fusioncache.dat [2013/10/17 16:50:43 | 001,554,702 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI [2013/10/09 08:56:04 | 000,000,097 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG [2013/10/09 08:56:04 | 000,000,006 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT [2013/09/28 12:30:31 | 000,033,289 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\recently-used.xbel [2013/02/17 06:29:23 | 000,089,092 | ---- | C] () -- D:\Windows\War3Unin.dat [2012/09/15 19:36:34 | 000,065,536 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\v4gejj7m.default.dat [2012/08/31 15:47:42 | 000,198,200 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\AcroIEHelpe205.dll [2012/08/23 09:00:53 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe197.dll [2012/08/17 11:03:59 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe194.dll [2012/08/15 12:02:05 | 000,000,047 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\urhtps.dat [2012/08/03 17:07:26 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad [2012/07/04 17:43:13 | 004,503,728 | ---- | C] () -- D:\ProgramData\l_u0_0.pad [2012/04/24 06:10:45 | 000,005,120 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011/11/12 07:34:43 | 000,000,600 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\winscp.rnd [2011/10/21 11:07:20 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin [2011/10/21 11:07:20 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin [2011/10/21 11:03:51 | 000,043,765 | ---- | C] () -- D:\Windows\Ascd_log.ini [2011/10/21 11:02:38 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini [2011/10/21 11:02:35 | 000,029,852 | ---- | C] () -- D:\Windows\Ascd_tmp.ini [2011/08/31 12:51:16 | 000,216,000 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin [2011/08/31 12:46:00 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll [2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll [2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll [2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT [2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat [2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll [2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll [2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat [2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS [2008/09/06 06:59:27 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\Implode.dll ========== LOP Check ========== [2012/10/13 09:56:42 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2012/09/25 15:38:53 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software [2013/04/05 15:48:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon [2013/10/09 07:57:03 | 000,000,000 | ---D | M] -- D:\ProgramData\BonanzaDealsLive [2013/07/29 10:54:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco [2013/07/30 14:04:10 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp [2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2011/11/12 08:07:32 | 000,000,000 | ---D | M] -- D:\ProgramData\PC SUITE [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2012/11/03 13:14:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer [2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2013/10/17 16:56:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Track Settings [2013/07/30 14:04:19 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software [2011/10/25 15:43:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia [2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15 [2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2012/03/12 17:43:26 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip [2011/10/25 15:39:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} [2013/07/30 14:04:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F} [2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job [2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job [2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\Tasks\DigitalSite.job [2013/11/03 06:02:06 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Files - Unicode (All) ========== [2013/09/28 11:16:07 | 003,418,240 | ---- | C] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3 [2013/08/31 08:09:50 | 003,418,240 | ---- | M] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3 < End of report > |
|
26.11.2013, 17:00
| #2 |
| /// Malwareteam   | GVU Trojaner - abgesicherter Modus startet nicht Hi
__________________starte bitte OTL wieder von der CD. führe folgenden Schritt aus und teile mir mit ob das SYstem wieder normal nach einen Neustart bootet... Fixen mit OTL
Code:
ATTFilter :OTL
O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk ()
O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk ()
[2013/11/25 17:22:30 | 000,060,528 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\ejbeb8z.pss
[2013/11/25 17:22:29 | 000,001,033 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ejbeb8z.lnk
[2013/11/25 17:22:27 | 000,188,928 | ---- | M] (Корпорация Майкрософт) -- D:\ProgramData\z8bebje.dss
[2013/11/20 18:05:50 | 095,025,368 | ---- | M] () -- D:\ProgramData\j3rjrjhd.bxx
[2013/11/20 17:55:00 | 000,001,011 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\j3rjrjhd.lnk
[2013/11/20 17:51:11 | 000,000,000 | ---- | M] () -- D:\ProgramData\j3rjrjhd.fvv
[2013/11/20 17:48:07 | 000,000,285 | ---- | M] () -- D:\ProgramData\j3rjrjhd.reg
[2013/11/20 17:46:20 | 000,061,540 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\j3rjrjhd.pss
__________________ |
|
26.11.2013, 17:49
| #3 |
| | GVU Trojaner - abgesicherter Modus startet nicht Hey! Danke für die schnelle Hilfe.
__________________Habe den Fix durchgeführt und den Computer neugestartet. Allerdings fährt er nicht richtig hoch. Er gibt mir die Möglichkeit "Windows normal starten" (funktioniert aber nicht) und "Starthilfe starten(empfohlen)". Wenn ich die Starthilfe verwende, wird nach Reperaturmöglichkeiten gesucht. Dabei wird aber nichts gefunden und ich komme wieder zu diesem Screen mit den beiden Wahlmöglichkeiten. |
|
26.11.2013, 18:15
| #4 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht Poste bitte das Logfile vom Fix und erstelle ein neues OTL Logfile. |
|
26.11.2013, 18:48
| #5 |
| | GVU Trojaner - abgesicherter Modus startet nicht Auf die Logfile vom Fix kann ich ja nicht zugreifen, weil ich nicht neustarten kann. Neue OTL Logfile ist hier:OTL Logfile: Code:
ATTFilter OTL logfile created on: 11/26/2013 6:42:25 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16736)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 765.64 Gb Free Space | 82.20% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem) BonanzaDealsLive-Dienst (bonanzadealslivem)
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive) BonanzaDealsLive-Dienst (bonanzadealslive)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/17 12:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/20 18:04:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/12/20 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/05/04 05:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/02/05 15:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/10/17 12:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 12:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/31 12:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/09 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/24 03:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 03:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = Search-Gol
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 68 51 8A 52 93 CC 01 [binary data]
IE - HKU\Benutzer01_ON_D\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/25 15:39:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Benutzer01\AppData\Roaming\14001.019 [2012/08/30 10:49:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/10/25 15:17:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013/07/30 14:05:20 | 000,000,000 | ---D | M] (Delta Toolbar) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\ffxtlbr@delta.com
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\babylon.xml
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\BrowserProtect.xml
[2013/04/05 16:02:25 | 000,001,294 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\delta.xml
[2011/10/25 16:11:47 | 000,002,378 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\search.xml
[2013/10/09 07:57:50 | 000,001,302 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\searchgol.xml
[2012/11/03 13:13:58 | 000,003,915 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\sweetim.xml
[2012/05/03 03:11:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/09/25 15:39:09 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/30 10:49:54 | 000,000,000 | ---D | M] (Java Link Helper) -- D:\USERS\BENUTZER01\APPDATA\ROAMING\14001.019
[2012/07/20 18:04:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/09 11:15:59 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/05 16:02:14 | 000,006,469 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/09 11:15:59 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/09 11:15:59 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/09 11:15:59 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/09 11:15:59 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/09 11:15:59 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - D:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - D:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Benutzer01_ON_D\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] File not found
O4 - HKU\Benutzer01_ON_D..\Run: [iPhone PC Suite] File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*Restore] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/11/26 17:25:51 | 000,000,000 | ---D | C] -- D:\_OTL
[2013/11/26 16:31:16 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2013/11/24 14:51:43 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
[2013/11/23 11:45:51 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\zz
[2013/11/22 16:25:20 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\gute
[2013/11/13 14:14:25 | 000,526,336 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/11/13 14:14:25 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/11/13 14:14:25 | 000,136,704 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/11/13 14:14:25 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/11/13 14:14:25 | 000,089,600 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/11/13 14:14:25 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/11/13 14:14:25 | 000,067,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/11/13 14:14:25 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/11/13 14:14:25 | 000,051,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/11/13 14:14:25 | 000,039,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/11/13 14:14:25 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/11/13 14:14:24 | 000,855,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/11/13 14:14:24 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/11/13 14:14:24 | 000,603,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/11/13 14:14:24 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/11/13 14:14:23 | 003,959,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/11/13 14:14:23 | 002,877,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/11/13 13:23:58 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll
[2013/11/13 13:23:58 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll
[2013/11/13 13:23:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 13:23:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 13:23:55 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/11/13 13:23:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/11/13 13:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/11/13 13:23:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll
[2013/11/13 13:23:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 13:23:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll
[2013/11/13 13:23:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 13:23:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2013/11/13 13:23:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2013/11/13 13:23:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll
[2013/11/13 13:23:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2013/11/13 13:23:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2013/11/13 13:23:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2013/11/13 13:23:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/11/26 12:23:14 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/11/26 10:02:24 | 095,025,368 | ---- | M] () -- D:\ProgramData\ejbeb8z.bxx
[2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/11/26 10:00:07 | 000,000,000 | ---- | M] () -- D:\ProgramData\ejbeb8z.fvv
[2013/11/26 10:00:00 | 000,001,114 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/11/26 09:59:41 | 3151,405,056 | -HS- | M] () -- D:\hiberfil.sys
[2013/11/26 09:44:34 | 000,001,118 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 09:41:23 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/11/26 07:06:07 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\tasks\DigitalSite.job
[2013/11/25 08:26:41 | 000,000,097 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/11/25 08:26:41 | 000,000,006 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/11/20 17:42:31 | 000,664,764 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/11/20 17:42:31 | 000,624,946 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/11/20 17:42:31 | 000,134,932 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/11/20 17:42:31 | 000,110,584 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/11/26 07:06:07 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/11/25 17:22:28 | 095,025,368 | ---- | C] () -- D:\ProgramData\ejbeb8z.bxx
[2013/11/25 17:22:28 | 000,000,000 | ---- | C] () -- D:\ProgramData\ejbeb8z.fvv
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\ProgramData\Digital Light
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Devices
[2013/10/17 16:56:20 | 000,000,020 | -H-- | C] () -- D:\ProgramData\PKP_DLbz.DAT
[2013/10/17 16:56:19 | 000,000,098 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\fusioncache.dat
[2013/10/17 16:50:43 | 001,554,702 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 08:56:04 | 000,000,097 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/10/09 08:56:04 | 000,000,006 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/09/28 12:30:31 | 000,033,289 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\recently-used.xbel
[2013/02/17 06:29:23 | 000,089,092 | ---- | C] () -- D:\Windows\War3Unin.dat
[2012/09/15 19:36:34 | 000,065,536 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\v4gejj7m.default.dat
[2012/08/31 15:47:42 | 000,198,200 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\AcroIEHelpe205.dll
[2012/08/23 09:00:53 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe197.dll
[2012/08/17 11:03:59 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe194.dll
[2012/08/15 12:02:05 | 000,000,047 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\urhtps.dat
[2012/08/03 17:07:26 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012/07/04 17:43:13 | 004,503,728 | ---- | C] () -- D:\ProgramData\l_u0_0.pad
[2012/04/24 06:10:45 | 000,005,120 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 07:34:43 | 000,000,600 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\winscp.rnd
[2011/10/21 11:07:20 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/10/21 11:07:20 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 11:03:51 | 000,043,765 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/10/21 11:02:38 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/10/21 11:02:35 | 000,029,852 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/31 12:51:16 | 000,216,000 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 12:46:00 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/09/06 06:59:27 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\Implode.dll
========== LOP Check ==========
[2012/10/13 09:56:42 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/25 15:38:53 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software
[2013/04/05 15:48:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/10/09 07:57:03 | 000,000,000 | ---D | M] -- D:\ProgramData\BonanzaDealsLive
[2013/07/29 10:54:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco
[2013/07/30 14:04:10 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/11/12 08:07:32 | 000,000,000 | ---D | M] -- D:\ProgramData\PC SUITE
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/11/03 13:14:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/10/17 16:56:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Track Settings
[2013/07/30 14:04:19 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2011/10/25 15:43:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/12 17:43:26 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/10/25 15:39:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/07/30 14:04:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
[2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/11/25 16:56:00 | 000,000,308 | ---- | M] () -- D:\Windows\Tasks\DigitalSite.job
[2013/11/03 06:02:06 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/09/28 11:16:07 | 003,418,240 | ---- | C] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
[2013/08/31 08:09:50 | 003,418,240 | ---- | M] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
< End of report >
|
|
26.11.2013, 19:04
| #6 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht gut zweite Runde... Fixen mit OTL
Code:
ATTFilter :OTL
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [On_Demand] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslivem) BonanzaDealsLive-Dienst (bonanzadealslivem)
SRV - [2013/10/09 07:57:02 | 000,148,976 | ---- | M] (BonanzaDeals) [Auto] -- D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe -- (bonanzadealslive) BonanzaDealsLive-Dienst (bonanzadealslive)
[2013/11/26 10:02:24 | 095,025,368 | ---- | M] () -- D:\ProgramData\ejbeb8z.bxx
[2013/11/26 10:02:17 | 000,000,934 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineUA.job
[2013/11/26 10:00:07 | 000,000,000 | ---- | M] () -- D:\ProgramData\ejbeb8z.fvv
[2013/11/26 10:00:00 | 000,000,930 | ---- | M] () -- D:\Windows\tasks\BonanzaDealsLiveUpdateTaskMachineCore.job
teile mir mit ob das System jetzt sauber startet
__________________ --> GVU Trojaner - abgesicherter Modus startet nicht |
|
26.11.2013, 19:33
| #7 |
| | GVU Trojaner - abgesicherter Modus startet nicht Hier der Fixlogfile: ========== OTL ========== Service\Driver key bonanzadealslivem) BonanzaDealsLive-Dienst (bonanzadealslivem not found. D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe moved successfully. Service\Driver key bonanzadealslive) BonanzaDealsLive-Dienst (bonanzadealslive not found. File D:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe not found. D:\ProgramData\ejbeb8z.bxx moved successfully. D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineUA.job moved successfully. D:\ProgramData\ejbeb8z.fvv moved successfully. D:\Windows\Tasks\BonanzaDealsLiveUpdateTaskMachineCore.job moved successfully. OTLPE by OldTimer - Version 3.1.48.0 log created on 11262013_191757 Leider wird immer noch mit dieser Starthilfe gestartet. die Systemstartreparatur sucht dann nach einem Problem, findet nichts, und der Computer fährt wieder runter. ! hat doch funktioniert, startet jetzt normal! danke |
|
26.11.2013, 20:31
| #8 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht wunderbar... dann machen wir so weiter : Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:  FRST 32-Bit | FRST 64-Bit(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)
|
|
28.11.2013, 11:23
| #9 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht ich hab schon länger keine Antwort mehr von dir erhalten. Brauchst du weiterhin noch Hilfe? Wenn ich in den nächsten 24 Stunden nichts von dir höre, gehe ich davon aus, dass sich das Thema erledigt hat und lösche es aus meinen Abos. Hinweis: Wir sind noch nicht fertig! Auch wenn die Symptome verschwunden sein sollten, kann dein System weiterhin infiziert sein und über Sicherheitslücken verfügen, welche eine erneute Infektion möglich machen. |
|
05.12.2013, 18:19
| #10 | |
| | GVU Trojaner - abgesicherter Modus startet nichtZitat:
ich bitte nochmal um hilfe, diesesmal bin ich auch bis zum ende dabei, hatte hier dummerweise leider nicht mehr gegucktOTL Logfile: Code:
ATTFilter OTL logfile created on: 12/5/2013 6:10:53 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
64bit-Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.11.9600.16428)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 74.36 Mb Free Space | 74.37% Space Free | Partition Type: NTFS
Drive D: | 931.41 Gb Total Space | 763.35 Gb Free Space | 81.96% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV:64bit: - [2013/12/03 13:58:00 | 000,111,616 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\IEEtwCollector.exe -- (IEEtwCollectorService)
SRV:64bit: - [2013/05/27 00:50:47 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2012/08/21 04:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto] -- D:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2013/05/10 02:57:22 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/17 12:29:39 | 000,544,248 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent)
SRV - [2012/07/20 18:04:21 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2010/12/20 11:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2010/12/20 11:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2010/05/04 05:07:22 | 000,503,080 | ---- | M] (Nero AG) [Auto] -- D:\Program Files (x86)\Nero\Update\NASvc.exe -- (NAUpdate) @C:\Program Files (x86)
SRV - [2010/03/18 06:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
========== Driver Services (SafeList) ==========
DRV:64bit: - [2013/02/05 15:06:06 | 000,057,840 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2012/10/17 12:13:36 | 000,027,048 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva64.sys -- (vpnva)
DRV:64bit: - [2012/10/17 12:11:37 | 000,107,432 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock64.sys -- (acsock)
DRV:64bit: - [2012/08/21 04:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto] -- D:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt)
DRV:64bit: - [2012/08/21 04:13:12 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System] -- D:\Windows\System32\Drivers\aswrdr2.sys -- (aswRdr)
DRV:64bit: - [2012/07/09 06:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbaapl64.sys -- (USBAAPL64)
DRV:64bit: - [2011/08/31 12:53:22 | 012,306,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2011/06/09 23:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2011/02/24 03:30:50 | 000,389,608 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmtxhci.sys -- (asmtxhci)
DRV:64bit: - [2011/02/24 03:30:50 | 000,126,952 | ---- | M] (ASMedia Technology Inc) [Kernel | On_Demand] -- D:\Windows\System32\drivers\asmthub3.sys -- (asmthub3)
DRV:64bit: - [2010/11/20 22:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 22:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV:64bit: - [2010/10/19 09:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\HECIx64.sys -- (MEIx64) Intel(R)
DRV:64bit: - [2009/06/10 15:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKU\Administrator_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=3C8714DAE9D63517&affID=125035&tsp=5030
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = F5 68 51 8A 52 93 CC 01 [binary data]
IE - HKU\Benutzer01_ON_D\..\URLSearchHook: {ba14329e-9550-4989-b3f2-9732e92d17cc} - Reg Error: Key error. File not found
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Benutzer01_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.selectedEngine: ""
FF - prefs.js..browser.search.update: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.google.de/"
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/ShockwavePlayer: D:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Apple.com/iTunes,version=1.0: D:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE: File not found
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/WLPG,version=16.4.3508.0205: D:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=3: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.bdupdater.com/BonanzaDealsLive Update;version=9: D:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll (BonanzaDeals)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@videolan.org/vlc,version=2.1.0: D:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012/09/25 15:39:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\Benutzer01\AppData\Roaming\14001.019 [2012/08/30 10:49:54 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/20 18:04:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 14.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins
[2011/10/25 15:17:42 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions
[2013/10/09 08:01:31 | 000,000,000 | ---D | M] (kikin plugin (NO23 Edition)) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
[2013/07/30 14:05:20 | 000,000,000 | ---D | M] (Delta Toolbar) -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\extensions\ffxtlbr@delta.com
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\babylon.xml
[2013/07/30 14:05:05 | 000,006,507 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\BrowserProtect.xml
[2013/04/05 16:02:25 | 000,001,294 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\delta.xml
[2011/10/25 16:11:47 | 000,002,378 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\search.xml
[2013/10/09 07:57:50 | 000,001,302 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\searchgol.xml
[2012/11/03 13:13:58 | 000,003,915 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\sweetim.xml
[2012/05/03 03:11:26 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
File not found (No name found) --
[2012/09/25 15:39:09 | 000,000,000 | ---D | M] (avast! WebRep) -- D:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF
[2012/08/30 10:49:54 | 000,000,000 | ---D | M] (Java Link Helper) -- D:\USERS\BENUTZER01\APPDATA\ROAMING\14001.019
[2012/07/20 18:04:21 | 000,136,672 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/09 11:15:59 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2013/04/05 16:02:14 | 000,006,469 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
[2012/06/09 11:15:59 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/09 11:15:59 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/09 11:15:59 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/09 11:15:59 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/09 11:15:59 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 16:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (delta Helper Object) - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - D:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
O2 - BHO: (kikin Plugin) - {E601996F-E400-41CA-804B-CD6373A7EEE2} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O2 - BHO: (Yontoo) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - D:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - D:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (Delta Toolbar) - {82E1477C-B154-48D3-9891-33D83C26BCD3} - D:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - D:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O3 - HKU\Benutzer01_ON_D\..\Toolbar\WebBrowser: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
O4:64bit: - HKLM..\Run: [RtHDVCpl] D:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [APSDaemon] D:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] D:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] D:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.)
O4 - HKLM..\Run: [Sweetpacks Communicator] File not found
O4 - HKU\Benutzer01_ON_D..\Run: [iPhone PC Suite] File not found
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4:64bit: - HKLM..\RunOnce: [*Restore] D:\Windows\System32\rstrui.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] File not found
O4 - Startup: D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Administrator_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8:64bit: - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O8 - Extra context menu item: Free YouTube Download - D:\Users\Benutzer01\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubedownload.htm ()
O9 - Extra 'Tools' menuitem : My kikin - {0F7195C2-6713-4d93-A1BC-DA5FA33F0A65} - D:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 10.1.0)
O16:64bit: - DPF: {CAFEEFAC-0017-0000-0001-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_01-windows-i586.cab (Java Plug-in 1.7.0_01)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O18:64bit: - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - Reg Error: Key error. File not found
O18:64bit: - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - Reg Error: Key error. File not found
O20 - AppInit_DLLs: (c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll) - File not found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{55e3a614-fbf6-11e0-ab03-806e6f6e6963}\Shell\AutoRun\command - "" = D:\reatogoMenu.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/12/04 18:56:37 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Apple
[2013/12/04 18:42:13 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Apple Computer
[2013/12/04 18:42:01 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Adobe
[2013/12/04 18:41:56 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
[2013/12/04 18:41:56 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
[2013/12/04 18:41:56 | 000,000,000 | -H-D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned
[2013/12/04 18:41:46 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Identities
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Verlauf
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Temporary Internet Files
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Videos
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Musik
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\Documents\Eigene Bilder
[2013/12/04 18:40:21 | 000,000,000 | -HSD | C] -- D:\Users\Administrator\AppData\Local\Anwendungsdaten
[2013/12/04 18:40:21 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\LocalLow
[2013/12/04 18:40:20 | 000,000,000 | --SD | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft
[2013/12/04 18:40:20 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
[2013/12/04 18:40:20 | 000,000,000 | R--D | C] -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Temp
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Microsoft Help
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local\Microsoft
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Roaming\Media Center Programs
[2013/12/04 18:40:20 | 000,000,000 | ---D | C] -- D:\Users\Administrator\AppData\Local
[2013/12/03 19:11:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/12/03 19:07:01 | 000,061,040 | ---- | C] (Microsoft Corporation) -- D:\ProgramData\lfr8z298z.pss
[2013/12/03 19:06:58 | 000,207,872 | ---- | C] (Корпорация Майкрософт) -- D:\ProgramData\z892z8rfl.dss
[2013/12/03 14:01:12 | 000,028,368 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEUDINIT.EXE
[2013/12/03 13:58:03 | 000,940,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/12/03 13:58:03 | 000,194,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/12/03 13:58:00 | 005,765,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/12/03 13:58:00 | 004,240,384 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/12/03 13:58:00 | 001,993,728 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/12/03 13:58:00 | 001,926,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/12/03 13:58:00 | 001,228,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/12/03 13:58:00 | 001,051,136 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/03 13:58:00 | 000,942,592 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsIntl.dll
[2013/12/03 13:58:00 | 000,817,664 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/12/03 13:58:00 | 000,774,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/12/03 13:58:00 | 000,708,608 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9diag.dll
[2013/12/03 13:58:00 | 000,703,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/12/03 13:58:00 | 000,645,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jsIntl.dll
[2013/12/03 13:58:00 | 000,626,176 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/12/03 13:58:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/12/03 13:58:00 | 000,616,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/12/03 13:58:00 | 000,610,304 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/12/03 13:58:00 | 000,574,976 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/12/03 13:58:00 | 000,553,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9diag.dll
[2013/12/03 13:58:00 | 000,548,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/12/03 13:58:00 | 000,523,776 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/12/03 13:58:00 | 000,453,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/12/03 13:58:00 | 000,440,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/12/03 13:58:00 | 000,413,696 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/12/03 13:58:00 | 000,367,104 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/12/03 13:58:00 | 000,337,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/12/03 13:58:00 | 000,296,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/12/03 13:58:00 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/12/03 13:58:00 | 000,244,736 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/12/03 13:58:00 | 000,235,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/12/03 13:58:00 | 000,235,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/12/03 13:58:00 | 000,233,472 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/12/03 13:58:00 | 000,218,624 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/12/03 13:58:00 | 000,195,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/12/03 13:58:00 | 000,182,272 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/12/03 13:58:00 | 000,167,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/12/03 13:58:00 | 000,164,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/12/03 13:58:00 | 000,151,552 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/12/03 13:58:00 | 000,147,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/12/03 13:58:00 | 000,143,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/12/03 13:58:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/12/03 13:58:00 | 000,139,264 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/12/03 13:58:00 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/12/03 13:58:00 | 000,131,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/12/03 13:58:00 | 000,127,488 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/12/03 13:58:00 | 000,116,736 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/12/03 13:58:00 | 000,112,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/12/03 13:58:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollector.exe
[2013/12/03 13:58:00 | 000,111,616 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/12/03 13:58:00 | 000,105,984 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/12/03 13:58:00 | 000,101,376 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/12/03 13:58:00 | 000,090,112 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/12/03 13:58:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/12/03 13:58:00 | 000,086,016 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/12/03 13:58:00 | 000,084,992 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/12/03 13:58:00 | 000,083,968 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\MshtmlDac.dll
[2013/12/03 13:58:00 | 000,083,456 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/12/03 13:58:00 | 000,081,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/12/03 13:58:00 | 000,077,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/12/03 13:58:00 | 000,074,240 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/03 13:58:00 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/03 13:58:00 | 000,069,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/12/03 13:58:00 | 000,069,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/12/03 13:58:00 | 000,066,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/12/03 13:58:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/12/03 13:58:00 | 000,062,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/12/03 13:58:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\MshtmlDac.dll
[2013/12/03 13:58:00 | 000,061,952 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/12/03 13:58:00 | 000,056,832 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/12/03 13:58:00 | 000,051,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwproxystub.dll
[2013/12/03 13:58:00 | 000,048,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/12/03 13:58:00 | 000,040,448 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/12/03 13:58:00 | 000,036,352 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/12/03 13:58:00 | 000,034,816 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/03 13:58:00 | 000,033,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/12/03 13:58:00 | 000,032,768 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/12/03 13:58:00 | 000,030,208 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/12/03 13:58:00 | 000,024,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/12/03 13:58:00 | 000,013,824 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/12/03 13:58:00 | 000,013,312 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/12/03 13:58:00 | 000,012,800 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/12/03 13:58:00 | 000,004,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollectorres.dll
[2013/12/03 12:18:48 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\Referat
[2013/11/26 17:25:51 | 000,000,000 | ---D | C] -- D:\_OTL
[2013/11/26 16:31:16 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2013/11/24 14:51:43 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
[2013/11/23 11:45:51 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\zz
[2013/11/22 16:25:20 | 000,000,000 | ---D | C] -- D:\Users\Benutzer01\Desktop\gute
[2013/11/13 13:23:58 | 000,830,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\nshwfp.dll
[2013/11/13 13:23:58 | 000,656,896 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\nshwfp.dll
[2013/11/13 13:23:58 | 000,324,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\FWPUCLNT.DLL
[2013/11/13 13:23:58 | 000,216,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\FWPUCLNT.DLL
[2013/11/13 13:23:55 | 001,474,048 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\crypt32.dll
[2013/11/13 13:23:51 | 001,930,752 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\authui.dll
[2013/11/13 13:23:51 | 001,796,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\authui.dll
[2013/11/13 13:23:51 | 000,197,120 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\credui.dll
[2013/11/13 13:23:51 | 000,190,464 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\SmartcardCredentialProvider.dll
[2013/11/13 13:23:51 | 000,168,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\credui.dll
[2013/11/13 13:23:51 | 000,152,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\SmartcardCredentialProvider.dll
[2013/11/13 13:23:46 | 001,447,936 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\lsasrv.dll
[2013/11/13 13:23:46 | 000,307,200 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ncrypt.dll
[2013/11/13 13:23:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ncrypt.dll
[2013/11/13 13:23:46 | 000,135,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspicli.dll
[2013/11/13 13:23:46 | 000,028,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\sspisrv.dll
[2013/11/13 13:23:46 | 000,028,160 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\secur32.dll
[2013/11/13 13:23:45 | 000,404,480 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\gdi32.dll
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/12/05 11:43:57 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/12/05 11:43:50 | 3151,405,056 | -HS- | M] () -- D:\hiberfil.sys
[2013/12/05 11:43:07 | 095,025,368 | ---- | M] () -- D:\ProgramData\lfr8z298z.bxx
[2013/12/05 11:43:00 | 000,000,000 | ---- | M] () -- D:\ProgramData\lfr8z298z.fvv
[2013/12/05 11:42:31 | 000,001,114 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/12/05 09:46:26 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 09:46:26 | 000,022,064 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/12/05 09:45:08 | 000,001,118 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/12/04 18:56:05 | 000,000,308 | ---- | M] () -- D:\Windows\tasks\DigitalSite.job
[2013/12/04 18:42:04 | 000,001,547 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
[2013/12/04 18:42:00 | 000,002,271 | ---- | M] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/04 18:42:00 | 000,002,247 | ---- | M] () -- D:\Users\Administrator\Desktop\Google Chrome.lnk
[2013/12/03 19:11:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Internet Security
[2013/12/03 19:07:01 | 000,061,040 | ---- | M] (Microsoft Corporation) -- D:\ProgramData\lfr8z298z.pss
[2013/12/03 19:07:00 | 000,001,037 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
[2013/12/03 19:06:58 | 000,207,872 | ---- | M] (Корпорация Майкрософт) -- D:\ProgramData\z892z8rfl.dss
[2013/12/03 13:58:03 | 000,940,032 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MsSpellCheckingFacility.exe
[2013/12/03 13:58:03 | 000,194,048 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\elshyph.dll
[2013/12/03 13:58:00 | 005,765,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll
[2013/12/03 13:58:00 | 004,240,384 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9.dll
[2013/12/03 13:58:00 | 001,993,728 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inetcpl.cpl
[2013/12/03 13:58:00 | 001,926,656 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inetcpl.cpl
[2013/12/03 13:58:00 | 001,228,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmlmedia.dll
[2013/12/03 13:58:00 | 001,051,136 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmlmedia.dll
[2013/12/03 13:58:00 | 000,942,592 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jsIntl.dll
[2013/12/03 13:58:00 | 000,817,664 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dll
[2013/12/03 13:58:00 | 000,774,144 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll
[2013/12/03 13:58:00 | 000,708,608 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\jscript9diag.dll
[2013/12/03 13:58:00 | 000,703,488 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dll
[2013/12/03 13:58:00 | 000,645,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jsIntl.dll
[2013/12/03 13:58:00 | 000,626,176 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/12/03 13:58:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieapfltr.dat
[2013/12/03 13:58:00 | 000,616,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieapfltr.dat
[2013/12/03 13:58:00 | 000,610,304 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript.dll
[2013/12/03 13:58:00 | 000,574,976 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/12/03 13:58:00 | 000,553,472 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\jscript9diag.dll
[2013/12/03 13:58:00 | 000,548,352 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\vbscript.dll
[2013/12/03 13:58:00 | 000,523,776 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/12/03 13:58:00 | 000,453,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtmsft.dll
[2013/12/03 13:58:00 | 000,440,832 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/12/03 13:58:00 | 000,413,696 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\html.iec
[2013/12/03 13:58:00 | 000,367,104 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtmsft.dll
[2013/12/03 13:58:00 | 000,337,408 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\html.iec
[2013/12/03 13:58:00 | 000,296,960 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\dxtrans.dll
[2013/12/03 13:58:00 | 000,247,808 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msls31.dll
[2013/12/03 13:58:00 | 000,244,736 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\dxtrans.dll
[2013/12/03 13:58:00 | 000,235,520 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/12/03 13:58:00 | 000,235,008 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\elshyph.dll
[2013/12/03 13:58:00 | 000,233,472 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/12/03 13:58:00 | 000,218,624 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe
[2013/12/03 13:58:00 | 000,195,584 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msrating.dll
[2013/12/03 13:58:00 | 000,182,272 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msls31.dll
[2013/12/03 13:58:00 | 000,167,424 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iexpress.exe
[2013/12/03 13:58:00 | 000,164,864 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msrating.dll
[2013/12/03 13:58:00 | 000,151,552 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iexpress.exe
[2013/12/03 13:58:00 | 000,147,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\occache.dll
[2013/12/03 13:58:00 | 000,143,872 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\wextract.exe
[2013/12/03 13:58:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\wextract.exe
[2013/12/03 13:58:00 | 000,139,264 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieUnatt.exe
[2013/12/03 13:58:00 | 000,135,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iepeers.dll
[2013/12/03 13:58:00 | 000,131,072 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\IEAdvpack.dll
[2013/12/03 13:58:00 | 000,127,488 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\occache.dll
[2013/12/03 13:58:00 | 000,116,736 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iepeers.dll
[2013/12/03 13:58:00 | 000,112,128 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieUnatt.exe
[2013/12/03 13:58:00 | 000,111,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollector.exe
[2013/12/03 13:58:00 | 000,111,616 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\IEAdvpack.dll
[2013/12/03 13:58:00 | 000,105,984 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll
[2013/12/03 13:58:00 | 000,101,376 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\inseng.dll
[2013/12/03 13:58:00 | 000,090,112 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\SetIEInstalledDate.exe
[2013/12/03 13:58:00 | 000,086,016 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe
[2013/12/03 13:58:00 | 000,086,016 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesysprep.dll
[2013/12/03 13:58:00 | 000,084,992 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/12/03 13:58:00 | 000,083,968 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\MshtmlDac.dll
[2013/12/03 13:58:00 | 000,083,456 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\inseng.dll
[2013/12/03 13:58:00 | 000,081,408 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\icardie.dll
[2013/12/03 13:58:00 | 000,077,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\tdc.ocx
[2013/12/03 13:58:00 | 000,074,240 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\SetIEInstalledDate.exe
[2013/12/03 13:58:00 | 000,071,680 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\RegisterIEPKEYs.exe
[2013/12/03 13:58:00 | 000,069,632 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/12/03 13:58:00 | 000,069,120 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\icardie.dll
[2013/12/03 13:58:00 | 000,066,048 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll
[2013/12/03 13:58:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\tdc.ocx
[2013/12/03 13:58:00 | 000,062,464 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\pngfilt.dll
[2013/12/03 13:58:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\MshtmlDac.dll
[2013/12/03 13:58:00 | 000,061,952 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iesetup.dll
[2013/12/03 13:58:00 | 000,056,832 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\pngfilt.dll
[2013/12/03 13:58:00 | 000,051,200 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\ieetwproxystub.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmler.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtmler.dll
[2013/12/03 13:58:00 | 000,048,640 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwproxystub.dll
[2013/12/03 13:58:00 | 000,048,128 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\imgutil.dll
[2013/12/03 13:58:00 | 000,040,448 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\JavaScriptCollectionAgent.dll
[2013/12/03 13:58:00 | 000,036,352 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\imgutil.dll
[2013/12/03 13:58:00 | 000,034,816 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\JavaScriptCollectionAgent.dll
[2013/12/03 13:58:00 | 000,033,792 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll
[2013/12/03 13:58:00 | 000,032,768 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\iernonce.dll
[2013/12/03 13:58:00 | 000,030,208 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\licmgr10.dll
[2013/12/03 13:58:00 | 000,024,576 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\licmgr10.dll
[2013/12/03 13:58:00 | 000,016,284 | ---- | M] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/12/03 13:58:00 | 000,016,284 | ---- | M] () -- D:\Windows\System32\ieuinit.inf
[2013/12/03 13:58:00 | 000,013,824 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshta.exe
[2013/12/03 13:58:00 | 000,013,312 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\msfeedssync.exe
[2013/12/03 13:58:00 | 000,012,800 | ---- | M] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeedssync.exe
[2013/12/03 13:58:00 | 000,004,096 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieetwcollectorres.dll
[2013/11/26 07:06:07 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | M] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/11/25 08:26:41 | 000,000,097 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/11/25 08:26:41 | 000,000,006 | ---- | M] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/11/20 17:42:31 | 000,664,764 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/11/20 17:42:31 | 000,624,946 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/11/20 17:42:31 | 000,134,932 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/11/20 17:42:31 | 000,110,584 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[1 D:\Windows\SysWow64\*.tmp files -> D:\Windows\SysWow64\*.tmp -> ]
[1 D:\Users\Benutzer01\AppData\Roaming\*.tmp files -> D:\Users\Benutzer01\AppData\Roaming\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/12/04 18:42:01 | 000,001,421 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2013/12/04 18:42:00 | 000,002,271 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2013/12/04 18:42:00 | 000,002,247 | ---- | C] () -- D:\Users\Administrator\Desktop\Google Chrome.lnk
[2013/12/04 18:40:20 | 000,002,124 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
[2013/12/04 18:40:20 | 000,000,290 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk
[2013/12/04 18:40:20 | 000,000,272 | ---- | C] () -- D:\Users\Administrator\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk
[2013/12/03 19:07:00 | 000,001,037 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
[2013/12/03 19:06:59 | 095,025,368 | ---- | C] () -- D:\ProgramData\lfr8z298z.bxx
[2013/12/03 19:06:59 | 000,000,000 | ---- | C] () -- D:\ProgramData\lfr8z298z.fvv
[2013/12/03 13:58:00 | 000,016,284 | ---- | C] () -- D:\Windows\SysWow64\ieuinit.inf
[2013/12/03 13:58:00 | 000,016,284 | ---- | C] () -- D:\Windows\System32\ieuinit.inf
[2013/11/26 07:06:07 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
[2013/11/26 06:58:49 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
[2013/11/26 06:56:39 | 000,000,000 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\ProgramData\Digital Light
[2013/10/17 16:56:52 | 000,000,268 | RH-- | C] () -- D:\Users\Benutzer01\AppData\Roaming\Devices
[2013/10/17 16:56:20 | 000,000,020 | -H-- | C] () -- D:\ProgramData\PKP_DLbz.DAT
[2013/10/17 16:56:19 | 000,000,098 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\fusioncache.dat
[2013/10/17 16:50:43 | 001,554,702 | ---- | C] () -- D:\Windows\SysWow64\PerfStringBackup.INI
[2013/10/09 08:56:04 | 000,000,097 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WB.CFG
[2013/10/09 08:56:04 | 000,000,006 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
[2013/09/28 12:30:31 | 000,033,289 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\recently-used.xbel
[2013/02/17 06:29:23 | 000,089,092 | ---- | C] () -- D:\Windows\War3Unin.dat
[2012/09/15 19:36:34 | 000,065,536 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\v4gejj7m.default.dat
[2012/08/31 15:47:42 | 000,198,200 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\AcroIEHelpe205.dll
[2012/08/23 09:00:53 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe197.dll
[2012/08/17 11:03:59 | 000,006,400 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\BAcroIEHelpe194.dll
[2012/08/15 12:02:05 | 000,000,047 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\urhtps.dat
[2012/08/03 17:07:26 | 004,503,728 | ---- | C] () -- D:\ProgramData\ras_0oed.pad
[2012/07/04 17:43:13 | 004,503,728 | ---- | C] () -- D:\ProgramData\l_u0_0.pad
[2012/04/24 06:10:45 | 000,005,120 | ---- | C] () -- D:\Users\Benutzer01\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/12 07:34:43 | 000,000,600 | ---- | C] () -- D:\Users\Benutzer01\AppData\Roaming\winscp.rnd
[2011/10/21 11:07:20 | 000,963,116 | ---- | C] () -- D:\Windows\SysWow64\igkrng600.bin
[2011/10/21 11:07:20 | 000,145,804 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng600.bin
[2011/10/21 11:03:51 | 000,043,765 | ---- | C] () -- D:\Windows\Ascd_log.ini
[2011/10/21 11:02:38 | 000,001,769 | ---- | C] () -- D:\Windows\Language_trs.ini
[2011/10/21 11:02:35 | 000,029,852 | ---- | C] () -- D:\Windows\Ascd_tmp.ini
[2011/08/31 12:51:16 | 000,216,000 | ---- | C] () -- D:\Windows\SysWow64\igfcg600m.bin
[2011/08/31 12:46:00 | 000,056,832 | ---- | C] () -- D:\Windows\SysWow64\igdde32.dll
[2011/08/31 12:26:20 | 013,903,872 | ---- | C] () -- D:\Windows\SysWow64\ig4icd32.dll
[2010/11/20 22:24:49 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2009/07/14 00:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 21:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 21:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 19:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 17:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 16:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
[2009/04/02 07:30:14 | 000,010,296 | ---- | C] () -- D:\Windows\SysWow64\drivers\ASUSHWIO.SYS
[2008/09/06 06:59:27 | 000,017,920 | ---- | C] () -- D:\Windows\SysWow64\Implode.dll
========== LOP Check ==========
[2012/10/13 09:56:42 | 000,000,000 | ---D | M] -- D:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2012/09/25 15:38:53 | 000,000,000 | ---D | M] -- D:\ProgramData\AVAST Software
[2013/04/05 15:48:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon
[2013/10/09 07:57:03 | 000,000,000 | ---D | M] -- D:\ProgramData\BonanzaDealsLive
[2013/07/29 10:54:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco
[2013/07/30 14:04:10 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\EnterNHelp
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2011/11/12 08:07:32 | 000,000,000 | ---D | M] -- D:\ProgramData\PC SUITE
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2012/11/03 13:14:23 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer
[2009/07/14 00:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2013/10/17 16:56:52 | 000,000,000 | ---D | M] -- D:\ProgramData\Track Settings
[2013/07/30 14:04:19 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software
[2011/10/25 15:43:53 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUpMedia
[2013/10/17 16:56:20 | 000,000,000 | ---D | M] -- D:\ProgramData\Ultima_T15
[2011/10/21 10:17:21 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2012/03/12 17:43:26 | 000,000,000 | ---D | M] -- D:\ProgramData\WinZip
[2011/10/25 15:39:43 | 000,000,000 | ---D | M] -- D:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
[2013/07/30 14:04:10 | 000,000,000 | -HSD | M] -- D:\ProgramData\{C4ABDBC8-1C81-42C9-BFFC-4A68511E9E4F}
[2013/12/04 18:56:05 | 000,000,308 | ---- | M] () -- D:\Windows\Tasks\DigitalSite.job
[2013/11/03 06:02:06 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Files - Unicode (All) ==========
[2013/09/28 11:16:07 | 003,418,240 | ---- | C] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
[2013/08/31 08:09:50 | 003,418,240 | ---- | M] ()(D:\Users\Benutzer01\Desktop\????? by ????.MP3) -- D:\Users\Benutzer01\Desktop\最炫民族风 by 凤凰传奇.MP3
< End of report >
|
|
05.12.2013, 18:37
| #11 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht bitte führe meinen geposteten Schritt aus. Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8) Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil) |
|
05.12.2013, 18:58
| #12 |
| | GVU Trojaner - abgesicherter Modus startet nicht Hat alles soweit geklappt! FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by SYSTEM on MININT-HQ9BEG5 on 05-12-2013 18:55:42
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
HKLM\...\RunOnce: [*Restore] - C:\Windows\System32\rstrui.exe /runonce [296960 2010-11-21] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
HKU\Benutzer01\...\Run: [iPhone PC Suite] - C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()
Startup: C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
ShortcutTarget: lfr8z298z.lnk -> C:\ProgramData\z892z8rfl.dss (Корпорация Майкрософт)
==================== Services (Whitelisted) =================
S2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [x]
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [x]
S2 Winmgmt; C:\PROGRA~3\j3rjrjhd.pss [x]
==================== Drivers (Whitelisted) ====================
S2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
S2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
S1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
S1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
S1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
S1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-05 00:56 - 2013-12-05 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-12-05 00:42 - 2013-12-05 00:42 - 00002247 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-05 00:40 - 2013-12-06 00:10 - 00000000 ____D C:\users\Administrator
2013-12-05 00:40 - 2013-12-05 00:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-05 00:40 - 2011-10-25 07:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-12-04 01:11 - 2013-12-04 01:11 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-04 01:07 - 2013-12-04 01:07 - 00061040 ____T (Microsoft Corporation) C:\ProgramData\lfr8z298z.pss
2013-12-04 01:06 - 2013-12-05 17:43 - 95025368 ____T C:\ProgramData\lfr8z298z.bxx
2013-12-04 01:06 - 2013-12-05 17:43 - 00000000 _____ C:\ProgramData\lfr8z298z.fvv
2013-12-04 01:06 - 2013-12-04 01:06 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\z892z8rfl.dss
2013-12-03 20:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\System32\IEUDINIT.EXE
2013-12-03 19:58 - 2013-12-03 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-03 19:56 - 2013-12-03 20:01 - 00011247 _____ C:\Windows\IE11_main.log
2013-12-03 18:18 - 2013-12-05 17:48 - 00000000 ____D C:\Users\Benutzer01\Desktop\Referat
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\_OTL
2013-11-26 22:29 - 2013-12-06 00:13 - 00117070 _____ C:\OTL.Txt
2013-11-26 13:06 - 2013-11-26 13:06 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
2013-11-26 12:58 - 2013-11-26 12:58 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
2013-11-26 12:56 - 2013-11-26 12:56 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
2013-11-24 20:51 - 2013-11-24 20:55 - 00000000 ____D C:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
2013-11-23 17:45 - 2013-11-24 20:50 - 00000000 ____D C:\Users\Benutzer01\Desktop\zz
2013-11-22 22:25 - 2013-11-24 20:52 - 00000000 ____D C:\Users\Benutzer01\Desktop\gute
2013-11-13 19:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\System32\nshwfp.dll
2013-11-13 19:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\System32\IKEEXT.DLL
2013-11-13 19:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\System32\FWPUCLNT.DLL
2013-11-13 19:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 19:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2013-11-13 19:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\System32\SmartcardCredentialProvider.dll
2013-11-13 19:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\System32\credui.dll
2013-11-13 19:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\System32\authui.dll
2013-11-13 19:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\System32\gdi32.dll
2013-11-13 19:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\afd.sys
2013-11-13 19:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2013-11-13 19:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2013-11-13 19:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\sspicli.dll
2013-11-13 19:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\System32\sspisrv.dll
2013-11-13 19:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\System32\secur32.dll
2013-11-13 19:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\System32\schannel.dll
2013-11-13 19:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\System32\lsasrv.dll
2013-11-13 19:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2013-11-13 19:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\lsass.exe
2013-11-13 19:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-06 00:13 - 2013-11-26 22:29 - 00117070 _____ C:\OTL.Txt
2013-12-06 00:10 - 2013-12-05 00:40 - 00000000 ____D C:\users\Administrator
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-05 17:48 - 2013-12-03 18:18 - 00000000 ____D C:\Users\Benutzer01\Desktop\Referat
2013-12-05 17:43 - 2013-12-04 01:06 - 95025368 ____T C:\ProgramData\lfr8z298z.bxx
2013-12-05 17:43 - 2013-12-04 01:06 - 00000000 _____ C:\ProgramData\lfr8z298z.fvv
2013-12-05 17:42 - 2012-06-30 23:51 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-05 17:42 - 2011-10-21 16:17 - 01695279 _____ C:\Windows\WindowsUpdate.log
2013-12-05 17:42 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 17:41 - 2009-07-14 05:51 - 00132347 _____ C:\Windows\setupact.log
2013-12-05 15:46 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:46 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:45 - 2012-06-30 23:51 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 00:56 - 2013-12-05 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-12-05 00:56 - 2013-10-09 13:56 - 00000308 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-05 00:46 - 2011-10-21 17:28 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30B69E26-FAE9-48AA-93B4-0A553DBBA7BE}
2013-12-05 00:42 - 2013-12-05 00:42 - 00002247 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-05 00:40 - 2013-12-05 00:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-04 18:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-04 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\System32\NDF
2013-12-04 01:11 - 2013-12-04 01:11 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-04 01:07 - 2013-12-04 01:07 - 00061040 ____T (Microsoft Corporation) C:\ProgramData\lfr8z298z.pss
2013-12-04 01:06 - 2013-12-04 01:06 - 00207872 _____ (Корпорация Майкрософт) C:\ProgramData\z892z8rfl.dss
2013-12-03 22:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:01 - 2013-12-03 19:56 - 00011247 _____ C:\Windows\IE11_main.log
2013-12-03 19:58 - 2013-12-03 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\System32\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\System32\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\System32\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\System32\MsSpellCheckingFacility.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\System32\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\System32\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\System32\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\System32\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\System32\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\System32\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\System32\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\System32\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\System32\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\System32\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\System32\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\System32\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\System32\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\System32\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\System32\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\System32\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\System32\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\System32\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\System32\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\System32\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollector.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\System32\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\System32\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\System32\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\System32\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\System32\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\System32\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\System32\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\System32\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\System32\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\System32\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\System32\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\System32\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\System32\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\System32\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\System32\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\System32\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\System32\ieetwcollectorres.dll
2013-12-03 19:45 - 2013-07-17 22:50 - 00001304 _____ C:\Users\Benutzer01\Desktop\Pharma.txt
2013-12-03 17:47 - 2013-02-24 15:35 - 00000000 ____D C:\Users\Benutzer01\Downloads\wtvClient0.97.02
2013-11-30 19:41 - 2013-02-17 12:26 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\_OTL
2013-11-26 22:25 - 2011-10-21 16:17 - 00000000 ____D C:\users\Benutzer01
2013-11-26 13:06 - 2013-11-26 13:06 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
2013-11-26 12:58 - 2013-11-26 12:58 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
2013-11-26 12:56 - 2013-11-26 12:56 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
2013-11-25 14:26 - 2013-10-09 14:56 - 00000097 _____ C:\Users\Benutzer01\AppData\Roaming\WB.CFG
2013-11-25 14:26 - 2013-10-09 14:56 - 00000006 _____ C:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
2013-11-24 20:55 - 2013-11-24 20:51 - 00000000 ____D C:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
2013-11-24 20:52 - 2013-11-22 22:25 - 00000000 ____D C:\Users\Benutzer01\Desktop\gute
2013-11-24 20:50 - 2013-11-23 17:45 - 00000000 ____D C:\Users\Benutzer01\Desktop\zz
2013-11-24 20:39 - 2012-06-30 23:51 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-24 20:39 - 2012-06-30 23:51 - 00003862 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-22 11:35 - 2011-10-25 21:15 - 00000000 ____D C:\Users\Benutzer01\Documents\Training
2013-11-20 23:42 - 2010-11-21 07:50 - 00664764 _____ C:\Windows\System32\perfh007.dat
2013-11-20 23:42 - 2010-11-21 07:50 - 00134932 _____ C:\Windows\System32\perfc007.dat
2013-11-20 23:42 - 2009-07-14 06:13 - 01528340 _____ C:\Windows\System32\PerfStringBackup.INI
2013-11-19 19:45 - 2012-02-24 00:59 - 00001527 _____ C:\Users\Benutzer01\Desktop\httpallmyvideos.net7j0ql1ra3m2f.txt
2013-11-13 20:14 - 2011-10-25 07:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 20:13 - 2013-07-15 07:39 - 00000000 ____D C:\Windows\System32\MRT
2013-11-13 20:12 - 2011-10-21 17:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2013-11-13 17:07 - 2011-10-25 21:14 - 00000000 ____D C:\Users\Benutzer01\Desktop\Medizin
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\System32\MpSigStub.exe
2013-11-05 18:01 - 2013-09-29 20:08 - 00000000 ____D C:\Users\Benutzer01\Desktop\Profilbilder
2013-11-05 18:01 - 2013-07-10 23:18 - 00000000 ____D C:\Users\Benutzer01\Desktop\Stipendium
ZeroAccess:
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\U\00000008.@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\L\00000004.@
Files to move or delete:
====================
C:\ProgramData\lfr8z298z.bxx
C:\ProgramData\lfr8z298z.fvv
C:\ProgramData\lfr8z298z.pss
C:\ProgramData\l_u0_0.pad
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\ras_0oed.pad
C:\ProgramData\z892z8rfl.dss
Some content of TEMP:
====================
C:\Users\Benutzer01\AppData\Local\Temp\20120412053054267jniverify.dll
C:\Users\Benutzer01\AppData\Local\Temp\20120420095450663jniverify.dll
C:\Users\Benutzer01\AppData\Local\Temp\5rin.dll
C:\Users\Benutzer01\AppData\Local\Temp\BackupSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrelay32.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrelay64.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrjavaloader32.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrjavaloader64.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrxul32.dll
C:\Users\Benutzer01\AppData\Local\Temp\filnx.exe
C:\Users\Benutzer01\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Benutzer01\AppData\Local\Temp\i4jdel0.exe
C:\Users\Benutzer01\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Benutzer01\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Benutzer01\AppData\Local\Temp\ose00000.exe
C:\Users\Benutzer01\AppData\Local\Temp\Owq5.dll
C:\Users\Benutzer01\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Benutzer01\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Benutzer01\AppData\Local\Temp\Shortcut_SimDSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIntf16.dll
C:\Users\Benutzer01\AppData\Local\Temp\SIntf32.dll
C:\Users\Benutzer01\AppData\Local\Temp\SIntfNT.dll
C:\Users\Benutzer01\AppData\Local\Temp\tbVuze.dll
C:\Users\Benutzer01\AppData\Local\Temp\uninst1.exe
C:\Users\Benutzer01\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Benutzer01\AppData\Local\Temp\Vuze_Installer.exe
C:\Users\Benutzer01\AppData\Local\Temp\war3_Install.exe
C:\Users\Benutzer01\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\Benutzer01\AppData\Local\Temp\Xilisoft FileBulldog.exe
C:\Users\Benutzer01\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Benutzer01\AppData\Local\Temp\yylF.dll
C:\Users\Benutzer01\AppData\Local\Temp\_is5ACC.exe
C:\Users\Benutzer01\AppData\Local\Temp\_isF4CA.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
6
Restore point made on: 2013-11-19 13:05:06
Restore point made on: 2013-11-22 21:05:30
Restore point made on: 2013-11-26 19:49:46
Restore point made on: 2013-11-29 20:36:08
Restore point made on: 2013-12-03 14:10:38
Restore point made on: 2013-12-03 19:55:54
==================== Memory info ===========================
Percentage of memory in use: 16%
Total physical RAM: 4007.22 MB
Available physical RAM: 3364.89 MB
Total Pagefile: 4005.42 MB
Available Pagefile: 3364.97 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:763.27 GB) NTFS
Drive f: () (Removable) (Total:3.91 GB) (Free:3.78 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 86174F59)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 2409FAD8)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0B)
LastRegBack: 2013-12-01 22:58
==================== End Of Log ============================
|
|
05.12.2013, 19:09
| #13 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht Schritt 1: Drücke bitte die  + R Taste und schreibe notepad in das Ausführen Fenster.Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()
Startup: C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
ShortcutTarget: lfr8z298z.lnk -> C:\ProgramData\z892z8rfl.dss (Корпорация Майкрософт)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [x]
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [x]
S2 Winmgmt; C:\PROGRA~3\j3rjrjhd.pss [x]
C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
C:\ProgramData\z892z8rfl.dss
C:\Program Files (x86)\BonanzaDealsLive\
C:\PROGRA~3\j3rjrjhd.pss
C:\ProgramData\lfr8z298z.pss
C:\ProgramData\lfr8z298z.bxx
C:\ProgramData\lfr8z298z.fvv
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier. Schritt 2: erstelle bitte eine neues FRST Logfile falls das System normal bootet |
|
05.12.2013, 22:44
| #14 |
| | GVU Trojaner - abgesicherter Modus startet nicht System starte wieder normal, super danke! hier der Fixlog: Code:
ATTFilter Fix result of Farbar Recovery Tool (FRST written by Farbar) (x64) Version: 05-12-2013
Ran by SYSTEM at 2013-12-05 22:37:46 Run:1
Running from F:\
Boot Mode: Recovery
==============================================
Content of fixlist:
*****************
AppInit_DLLs-x32: c:\progra~3\bitguard\261694~1.246\{c16c1~1\bitguard.dll [ ] ()
Startup: C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
ShortcutTarget: lfr8z298z.lnk -> C:\ProgramData\z892z8rfl.dss (?????????? ??????????)
S2 bonanzadealslive; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /svc [x]
S3 bonanzadealslivem; C:\Program Files (x86)\BonanzaDealsLive\Update\BonanzaDealsLive.exe /medsvc [x]
S2 Winmgmt; C:\PROGRA~3\j3rjrjhd.pss [x]
C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk
C:\ProgramData\z892z8rfl.dss
C:\Program Files (x86)\BonanzaDealsLive\
C:\PROGRA~3\j3rjrjhd.pss
C:\ProgramData\lfr8z298z.pss
C:\ProgramData\lfr8z298z.bxx
C:\ProgramData\lfr8z298z.fvv
*****************
HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_DLLs => Value was restored successfully.
C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk => Moved successfully.
C:\ProgramData\z892z8rfl.dss => Moved successfully.
bonanzadealslive => Service deleted successfully.
bonanzadealslivem => Service deleted successfully.
Winmgmt => Service restored successfully.
"C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\lfr8z298z.lnk" => File/Directory not found.
"C:\ProgramData\z892z8rfl.dss" => File/Directory not found.
C:\Program Files (x86)\BonanzaDealsLive\ => Moved successfully.
"C:\PROGRA~3\j3rjrjhd.pss" => File/Directory not found.
C:\ProgramData\lfr8z298z.pss => Moved successfully.
C:\ProgramData\lfr8z298z.bxx => Moved successfully.
C:\ProgramData\lfr8z298z.fvv => Moved successfully.
==== End of Fixlog ====
hier die neue FRST Logfile: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 05-12-2013
Ran by Benutzer01 (administrator) on BENUTZER01-PC on 05-12-2013 22:41:10
Running from E:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Windows\System32\wbengine.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Sun Microsystems, Inc.) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe
(Cisco Systems, Inc.) C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RtHDVCpl] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [11613288 2010-11-19] (Realtek Semiconductor)
HKLM\...\Run: [HotKeysCmds] - C:\Windows\system32\hkcmd.exe [ ] ()
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKCU\...\Run: [iPhone PC Suite] - C:\Program Files (x86)\NetDragon\91 Mobile\iPhone\iPhone PC Suite.exe /start
HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\n. ATTENTION! ====> ZeroAccess?
MountPoints2: {55e3a614-fbf6-11e0-ab03-806e6f6e6963} - D:\reatogoMenu.exe
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [958576 2013-04-04] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [APSDaemon] - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59280 2012-08-27] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avast] - C:\Program Files\AVAST Software\Avast\AvastUI.exe [4282728 2012-08-21] (AVAST Software)
HKLM-x32\...\Run: [iTunesHelper] - C:\Program Files (x86)\iTunes\iTunesHelper.exe [421776 2012-09-09] (Apple Inc.)
HKLM-x32\...\Run: [Sweetpacks Communicator] - C:\Program Files (x86)\SweetIM\Communicator\SweetPacksUpdateManager.exe
HKLM-x32\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [684024 2012-10-17] (Cisco Systems, Inc.)
==================== Internet (Whitelisted) ====================
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.searchgol.com/?babsrc=HP_ss&mntrId=3C8714DAE9D63517&affID=125035&tsp=5030
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 0xF568518A5293CC01
HKCU\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
URLSearchHook: HKCU - (No Name) - {ba14329e-9550-4989-b3f2-9732e92d17cc} - No File
SearchScopes: HKLM-x32 - DefaultScope {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={38CBD5C4-25E2-11E2-9CA2-14DAE9D63517}
SearchScopes: HKLM-x32 - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={38CBD5C4-25E2-11E2-9CA2-14DAE9D63517}
SearchScopes: HKCU - DefaultScope {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=3C8714DAE9D63517&affID=121564&tsp=4959
SearchScopes: HKCU - {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} URL = hxxp://www.golsearch.com/?q={searchTerms}&babsrc=SP_ss_Btisdt6&mntrId=3C8714DAE9D63517&affID=121564&tsp=4959
SearchScopes: HKCU - {483830EE-A4CD-4b71-B0A3-3D82E62A6909} URL =
SearchScopes: HKCU - {EEE6C360-6118-11DC-9C72-001320C79847} URL = hxxp://search.sweetim.com/search.asp?src=6&q={searchTerms}&crg=3.1010000.10011&barid={38CBD5C4-25E2-11E2-9CA2-14DAE9D63517}
BHO: avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
BHO-x32: avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
BHO-x32: Microsoft-Konto-Anmelde-Hilfsprogramm - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
BHO-x32: Office Document Cache Handler - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
BHO-x32: delta Helper Object - {C1AF5FA5-852C-4C90-812E-A7F75E011D87} - C:\Program Files (x86)\Delta\delta\1.8.22.0\bh\delta.dll (Delta-search.com)
BHO-x32: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
BHO-x32: kikin Plugin - {E601996F-E400-41CA-804B-CD6373A7EEE2} - C:\Program Files (x86)\kikin\ie_kikin.dll (kikin)
BHO-x32: SweetPacks Browser Helper - {EEE6C35C-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
BHO-x32: Yontoo - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo\YontooIEClient.dll (Yontoo LLC)
Toolbar: HKLM - avast! WebRep - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software)
Toolbar: HKLM-x32 - avast! WebRep - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
Toolbar: HKLM-x32 - SweetPacks Toolbar for Internet Explorer - {EEE6C35B-6118-11DC-9C72-001320C79847} - C:\Program Files (x86)\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)
Toolbar: HKLM-x32 - Delta Toolbar - {82E1477C-B154-48D3-9891-33D83C26BCD3} - C:\Program Files (x86)\Delta\delta\1.8.22.0\deltaTlbr.dll (Delta-search.com)
Toolbar: HKCU - No Name - {EEE6C35B-6118-11DC-9C72-001320C79847} - No File
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
FireFox:
========
FF ProfilePath: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default
FF user.js: detected! => C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\user.js
FF SelectedSearchEngine: user_pref("browser.search.selectedEngine", "");
FF Homepage: https://www.google.de/
FF Plugin: @adobe.com/FlashPlayer - C:\Windows\system32\Macromed\Flash\NPSWF64_11_0_1.dll ()
FF Plugin: @java.com/JavaPlugin - C:\Program Files\Java\jre7\bin\new_plugin\npjp2.dll (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE - disabled No File
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF Plugin-x32: @adobe.com/ShockwavePlayer - C:\Windows\SysWOW64\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 - C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll ()
FF Plugin-x32: @java.com/JavaPlugin - C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin-x32: @microsoft.com/GENUINE - disabled No File
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 - c:\Program Files (x86)\Microsoft Silverlight\5.1.20913.0\npctrl.dll ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 - C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3508.0205 - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=3 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.bdupdater.com/BonanzaDealsLive Update;version=9 - C:\Program Files (x86)\BonanzaDealsLive\Update\1.3.23.0\npGoogleUpdate3.dll No File
FF Plugin-x32: @tools.google.com/Google Update;version=3 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 - C:\Program Files (x86)\Google\Update\1.3.22.3\npGoogleUpdate3.dll (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.0 - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF Plugin-x32: Adobe Reader - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\babylon.xml
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\BrowserProtect.xml
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\delta.xml
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\search.xml
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\searchgol.xml
FF SearchPlugin: C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\searchplugins\sweetim.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
FF Extension: Delta Toolbar - C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\Extensions\ffxtlbr@delta.com
FF Extension: kikin plugin (NO23 Edition) - C:\Users\Benutzer01\AppData\Roaming\Mozilla\Firefox\Profiles\v4gejj7m.default\Extensions\{AA994882-F391-4d2e-806F-8908DA4814ED}
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: avast! WebRep - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF HKCU\...\Firefox\Extensions: [{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}] - C:\Users\Benutzer01\AppData\Roaming\14001.019
FF Extension: Java Link Helper - C:\Users\Benutzer01\AppData\Roaming\14001.019
Chrome:
=======
CHR Extension: (Search-Gol Toolbar) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\aipfmkinhleccnodemkoofnnofpbbpac\1.0
CHR Extension: (Delta Toolbar) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\eooncjejnppfjjklapaamhcdmjbilmde\1.4
CHR Extension: (avast! WebRep) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0
CHR Extension: (SweetIM for Facebook) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcdgjdiieiljkfkdcloehkohchhpekkn\1.1.0.1_0
CHR Extension: (Yontoo) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc\1.0.2_0
CHR Extension: (SweetPacks Chrome Extension) - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\Extensions\ogccgbmabaphcakpiclgcnmcnimhokcj\1.0.0.1_0
CHR HKLM-x32\...\Chrome\Extension: [eooncjejnppfjjklapaamhcdmjbilmde] - C:\Users\Benutzer01\AppData\Roaming\BabSolution\CR\Delta.crx
CHR HKLM-x32\...\Chrome\Extension: [icmlaeflemplmjndnaapfdbbnpncnbda] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx
CHR HKLM-x32\...\Chrome\Extension: [jbpkiefagocgkmemidfngdkamloieekf] - C:\Program Files (x86)\TornTV.com\torn10.crx
CHR HKLM-x32\...\Chrome\Extension: [jcdgjdiieiljkfkdcloehkohchhpekkn] - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetFB.crx
CHR HKLM-x32\...\Chrome\Extension: [niapdbllcanepiiimjjndipklodoedlc] - C:\Program Files (x86)\Yontoo\YontooLayers.crx
CHR HKLM-x32\...\Chrome\Extension: [ogccgbmabaphcakpiclgcnmcnimhokcj] - C:\Users\Benutzer01\AppData\Local\Google\Chrome\User Data\Default\External Extensions\{EEE6C373-6118-11DC-9C72-001320C79847}\SweetNT.crx
==================== Services (Whitelisted) =================
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [44808 2012-08-21] (AVAST Software)
S3 aspnet_state; %SystemRoot%\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe [x]
==================== Drivers (Whitelisted) ====================
R2 aswFsBlk; C:\Windows\System32\Drivers\aswFsBlk.sys [25232 2012-08-21] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [71600 2012-08-21] (AVAST Software)
R1 aswRdr; C:\Windows\System32\Drivers\aswrdr2.sys [54072 2012-08-21] (AVAST Software)
R1 aswSnx; C:\Windows\System32\Drivers\aswSnx.sys [969200 2012-08-21] (AVAST Software)
R1 aswSP; C:\Windows\System32\Drivers\aswSP.sys [359464 2012-08-21] (AVAST Software)
R1 aswTdi; C:\Windows\System32\Drivers\aswTdi.sys [59728 2012-08-21] (AVAST Software)
U4 bonanzadealslive;
U4 bonanzadealslivem;
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-05 00:56 - 2013-12-05 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-12-05 00:42 - 2013-12-05 00:42 - 00002247 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-05 00:41 - 2013-12-05 00:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-05 00:41 - 2013-12-05 00:42 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-05 00:40 - 2013-12-06 00:10 - 00000000 ____D C:\Users\Administrator
2013-12-05 00:40 - 2013-12-05 00:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-05 00:40 - 2013-10-09 14:09 - 00002124 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft SkyDrive.lnk
2013-12-05 00:40 - 2011-10-25 07:21 - 00000000 ____D C:\Users\Administrator\AppData\Local\Microsoft Help
2013-12-05 00:40 - 2009-07-14 05:54 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2013-12-05 00:40 - 2009-07-14 05:49 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2013-12-04 01:11 - 2013-12-04 01:11 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-03 20:01 - 2013-10-14 18:00 - 00028368 _____ (Microsoft Corporation) C:\Windows\system32\IEUDINIT.EXE
2013-12-03 19:58 - 2013-12-03 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 19:56 - 2013-12-03 20:01 - 00011247 _____ C:\Windows\IE11_main.log
2013-12-03 18:18 - 2013-12-05 17:48 - 00000000 ____D C:\Users\Benutzer01\Desktop\Referat
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\_OTL
2013-11-26 22:29 - 2013-12-06 00:13 - 00117070 _____ C:\OTL.Txt
2013-11-26 13:06 - 2013-11-26 13:06 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
2013-11-26 12:58 - 2013-11-26 12:58 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
2013-11-26 12:56 - 2013-11-26 12:56 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
2013-11-24 20:51 - 2013-11-24 20:55 - 00000000 ____D C:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
2013-11-23 17:45 - 2013-11-24 20:50 - 00000000 ____D C:\Users\Benutzer01\Desktop\zz
2013-11-22 22:25 - 2013-11-24 20:52 - 00000000 ____D C:\Users\Benutzer01\Desktop\gute
2013-11-13 19:23 - 2013-10-12 03:30 - 00830464 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2013-11-13 19:23 - 2013-10-12 03:29 - 00859648 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2013-11-13 19:23 - 2013-10-12 03:29 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2013-11-13 19:23 - 2013-10-12 03:03 - 00656896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2013-11-13 19:23 - 2013-10-12 03:01 - 00216576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2013-11-13 19:23 - 2013-10-05 21:25 - 01474048 _____ (Microsoft Corporation) C:\Windows\system32\crypt32.dll
2013-11-13 19:23 - 2013-10-05 20:57 - 01168384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2013-11-13 19:23 - 2013-10-04 03:28 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\SmartcardCredentialProvider.dll
2013-11-13 19:23 - 2013-10-04 03:25 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\credui.dll
2013-11-13 19:23 - 2013-10-04 03:24 - 01930752 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2013-11-13 19:23 - 2013-10-04 02:58 - 00152576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SmartcardCredentialProvider.dll
2013-11-13 19:23 - 2013-10-04 02:56 - 01796096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2013-11-13 19:23 - 2013-10-04 02:56 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credui.dll
2013-11-13 19:23 - 2013-10-03 03:23 - 00404480 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2013-11-13 19:23 - 2013-10-03 03:00 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2013-11-13 19:23 - 2013-09-28 02:09 - 00497152 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2013-11-13 19:23 - 2013-09-25 03:26 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2013-11-13 19:23 - 2013-09-25 03:26 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2013-11-13 19:23 - 2013-09-25 03:23 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2013-11-13 19:23 - 2013-09-25 03:23 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2013-11-13 19:23 - 2013-09-25 03:23 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2013-11-13 19:23 - 2013-09-25 03:22 - 00340992 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2013-11-13 19:23 - 2013-09-25 03:21 - 01447936 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2013-11-13 19:23 - 2013-09-25 03:21 - 00307200 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2013-11-13 19:23 - 2013-09-25 02:58 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2013-11-13 19:23 - 2013-09-25 02:57 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2013-11-13 19:23 - 2013-09-25 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2013-11-13 19:23 - 2013-09-25 02:56 - 00220160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2013-11-13 19:23 - 2013-09-25 02:03 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2013-11-13 19:23 - 2013-07-04 13:18 - 00458712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
==================== One Month Modified Files and Folders =======
2013-12-06 00:13 - 2013-11-26 22:29 - 00117070 _____ C:\OTL.Txt
2013-12-06 00:10 - 2013-12-05 00:40 - 00000000 ____D C:\Users\Administrator
2013-12-05 22:39 - 2012-06-30 23:51 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2013-12-05 22:39 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2013-12-05 22:39 - 2009-07-14 05:51 - 00132459 _____ C:\Windows\setupact.log
2013-12-05 22:37 - 2011-10-21 16:17 - 00000000 ___RD C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-05 18:55 - 2013-12-05 18:55 - 00000000 ____D C:\FRST
2013-12-05 17:48 - 2013-12-03 18:18 - 00000000 ____D C:\Users\Benutzer01\Desktop\Referat
2013-12-05 17:42 - 2011-10-21 16:17 - 01695700 _____ C:\Windows\WindowsUpdate.log
2013-12-05 15:46 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:46 - 2009-07-14 05:45 - 00022064 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2013-12-05 15:45 - 2012-06-30 23:51 - 00001118 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2013-12-05 00:56 - 2013-12-05 00:56 - 00000000 ____D C:\Users\Administrator\AppData\Local\Apple
2013-12-05 00:56 - 2013-10-09 13:56 - 00000308 _____ C:\Windows\Tasks\DigitalSite.job
2013-12-05 00:46 - 2011-10-21 17:28 - 00003970 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{30B69E26-FAE9-48AA-93B4-0A553DBBA7BE}
2013-12-05 00:42 - 2013-12-05 00:42 - 00002247 _____ C:\Users\Administrator\Desktop\Google Chrome.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00001421 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2013-12-05 00:42 - 2013-12-05 00:42 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2013-12-05 00:42 - 2013-12-05 00:41 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2013-12-05 00:42 - 2013-12-05 00:41 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2013-12-05 00:40 - 2013-12-05 00:40 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Vorlagen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Startmenü
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Netzwerkumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Lokale Einstellungen
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Eigene Dateien
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Druckumgebung
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Musik
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Documents\Eigene Bilder
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programme
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Verlauf
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\AppData\Local\Anwendungsdaten
2013-12-05 00:40 - 2013-12-05 00:40 - 00000000 _SHDL C:\Users\Administrator\Anwendungsdaten
2013-12-04 18:45 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-04 17:11 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\system32\NDF
2013-12-04 01:11 - 2013-12-04 01:11 - 00001922 _____ C:\Users\Public\Desktop\avast! Internet Security.lnk
2013-12-03 22:10 - 2011-10-21 16:17 - 00001425 _____ C:\Users\Benutzer01\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2013-12-03 22:09 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\PolicyDefinitions
2013-12-03 20:01 - 2013-12-03 19:56 - 00011247 _____ C:\Windows\IE11_main.log
2013-12-03 19:58 - 2013-12-03 19:58 - 23212032 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 17142784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 12995584 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 11220992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 05765120 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 04240384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02764288 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2013-12-03 19:58 - 2013-12-03 19:58 - 02332160 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 02166272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01993728 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01926656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2013-12-03 19:58 - 2013-12-03 19:58 - 01818112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01394176 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01228800 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01156608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 01051136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00942592 _____ (Microsoft Corporation) C:\Windows\system32\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00940032 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00774144 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00708608 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00703488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00645120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsIntl.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00626176 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00616104 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dat
2013-12-03 19:58 - 2013-12-03 19:58 - 00610304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00574976 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00548352 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00523776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00440832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00413696 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00367104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00337408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2013-12-03 19:58 - 2013-12-03 19:58 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00263376 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00247808 _____ (Microsoft Corporation) C:\Windows\system32\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00244736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00243200 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00238288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00233472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00218624 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00208384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00195584 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00194048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\elshyph.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00182272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msls31.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00167424 _____ (Microsoft Corporation) C:\Windows\system32\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00164864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00151552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iexpress.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wextract.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00139264 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00131072 _____ (Microsoft Corporation) C:\Windows\system32\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00127488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00112128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IEAdvpack.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00105984 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00101376 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00090112 _____ (Microsoft Corporation) C:\Windows\system32\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00084992 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00081408 _____ (Microsoft Corporation) C:\Windows\system32\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00077312 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00074240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SetIEInstalledDate.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00069120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\icardie.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2013-12-03 19:58 - 2013-12-03 19:58 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00056832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\pngfilt.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00051200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\mshtmler.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00048128 _____ (Microsoft Corporation) C:\Windows\system32\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedsbs.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00040448 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\imgutil.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00034816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00033792 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00032768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00024576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\licmgr10.dll
2013-12-03 19:58 - 2013-12-03 19:58 - 00013824 _____ (Microsoft Corporation) C:\Windows\system32\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshta.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00012800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeedssync.exe
2013-12-03 19:58 - 2013-12-03 19:58 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2013-12-03 19:45 - 2013-07-17 22:50 - 00001304 _____ C:\Users\Benutzer01\Desktop\Pharma.txt
2013-12-03 17:47 - 2013-02-24 15:35 - 00000000 ____D C:\Users\Benutzer01\Downloads\wtvClient0.97.02
2013-11-30 19:41 - 2013-02-17 12:26 - 00000000 ____D C:\Program Files (x86)\Warcraft III
2013-11-26 23:25 - 2013-11-26 23:25 - 00000000 ____D C:\_OTL
2013-11-26 22:25 - 2011-10-21 16:17 - 00000000 ____D C:\Users\Benutzer01
2013-11-26 13:06 - 2013-11-26 13:06 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9178D3F0-A3E0-4B08-BA93-6DBE39D93821}
2013-11-26 12:58 - 2013-11-26 12:58 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{9BCE1748-FD3B-4EC6-A84C-9B2C6E56966E}
2013-11-26 12:56 - 2013-11-26 12:56 - 00000000 _____ C:\Users\Benutzer01\AppData\Local\{F40D3051-530A-4347-9270-C3C50CA4356F}
2013-11-25 14:26 - 2013-10-09 14:56 - 00000097 _____ C:\Users\Benutzer01\AppData\Roaming\WB.CFG
2013-11-25 14:26 - 2013-10-09 14:56 - 00000006 _____ C:\Users\Benutzer01\AppData\Roaming\WBPU-TTL.DAT
2013-11-24 20:55 - 2013-11-24 20:51 - 00000000 ____D C:\Users\Benutzer01\Desktop\Sedcard Fragezeichen
2013-11-24 20:52 - 2013-11-22 22:25 - 00000000 ____D C:\Users\Benutzer01\Desktop\gute
2013-11-24 20:50 - 2013-11-23 17:45 - 00000000 ____D C:\Users\Benutzer01\Desktop\zz
2013-11-24 20:39 - 2012-06-30 23:51 - 00004114 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2013-11-24 20:39 - 2012-06-30 23:51 - 00003862 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2013-11-22 11:35 - 2011-10-25 21:15 - 00000000 ____D C:\Users\Benutzer01\Documents\Training
2013-11-20 23:42 - 2010-11-21 07:50 - 00664764 _____ C:\Windows\system32\perfh007.dat
2013-11-20 23:42 - 2010-11-21 07:50 - 00134932 _____ C:\Windows\system32\perfc007.dat
2013-11-20 23:42 - 2009-07-14 06:13 - 01528340 _____ C:\Windows\system32\PerfStringBackup.INI
2013-11-19 19:45 - 2012-02-24 00:59 - 00001527 _____ C:\Users\Benutzer01\Desktop\httpallmyvideos.net7j0ql1ra3m2f.txt
2013-11-13 20:14 - 2011-10-25 07:06 - 00000000 ____D C:\ProgramData\Microsoft Help
2013-11-13 20:13 - 2013-07-15 07:39 - 00000000 ____D C:\Windows\system32\MRT
2013-11-13 20:12 - 2011-10-21 17:47 - 82896128 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2013-11-13 17:07 - 2011-10-25 21:14 - 00000000 ____D C:\Users\Benutzer01\Desktop\Medizin
2013-11-11 05:50 - 2010-11-21 04:27 - 00267936 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2013-11-05 18:01 - 2013-09-29 20:08 - 00000000 ____D C:\Users\Benutzer01\Desktop\Profilbilder
2013-11-05 18:01 - 2013-07-10 23:18 - 00000000 ____D C:\Users\Benutzer01\Desktop\Stipendium
ZeroAccess:
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\U\00000008.@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\L\00000004.@
Files to move or delete:
====================
C:\ProgramData\l_u0_0.pad
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\ras_0oed.pad
Some content of TEMP:
====================
C:\Users\Benutzer01\AppData\Local\Temp\20120412053054267jniverify.dll
C:\Users\Benutzer01\AppData\Local\Temp\20120420095450663jniverify.dll
C:\Users\Benutzer01\AppData\Local\Temp\5rin.dll
C:\Users\Benutzer01\AppData\Local\Temp\BackupSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\CmdLineExt02.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrelay32.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrelay64.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrjavaloader32.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrjavaloader64.dll
C:\Users\Benutzer01\AppData\Local\Temp\csvrxul32.dll
C:\Users\Benutzer01\AppData\Local\Temp\filnx.exe
C:\Users\Benutzer01\AppData\Local\Temp\FP_PL_PFS_INSTALLER.exe
C:\Users\Benutzer01\AppData\Local\Temp\i4jdel0.exe
C:\Users\Benutzer01\AppData\Local\Temp\ICReinstall_ZipExtractorSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\InstallFlashPlayer.exe
C:\Users\Benutzer01\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Benutzer01\AppData\Local\Temp\ose00000.exe
C:\Users\Benutzer01\AppData\Local\Temp\Owq5.dll
C:\Users\Benutzer01\AppData\Local\Temp\setup_fsu_cid.exe
C:\Users\Benutzer01\AppData\Local\Temp\Shockwave_Installer_FF.exe
C:\Users\Benutzer01\AppData\Local\Temp\Shortcut_SimDSetup.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIMEEI2Installer.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIMEEIInstaller.exe
C:\Users\Benutzer01\AppData\Local\Temp\SIntf16.dll
C:\Users\Benutzer01\AppData\Local\Temp\SIntf32.dll
C:\Users\Benutzer01\AppData\Local\Temp\SIntfNT.dll
C:\Users\Benutzer01\AppData\Local\Temp\tbVuze.dll
C:\Users\Benutzer01\AppData\Local\Temp\uninst1.exe
C:\Users\Benutzer01\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Benutzer01\AppData\Local\Temp\Vuze_Installer.exe
C:\Users\Benutzer01\AppData\Local\Temp\war3_Install.exe
C:\Users\Benutzer01\AppData\Local\Temp\WZ9334_OEM_Bunndle_20110706_wrapped.exe
C:\Users\Benutzer01\AppData\Local\Temp\Xilisoft FileBulldog.exe
C:\Users\Benutzer01\AppData\Local\Temp\YontooSetup-S.exe
C:\Users\Benutzer01\AppData\Local\Temp\yylF.dll
C:\Users\Benutzer01\AppData\Local\Temp\_is5ACC.exe
C:\Users\Benutzer01\AppData\Local\Temp\_isF4CA.exe
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
LastRegBack: 2013-12-01 22:58
==================== End Of Log ============================
|
|
06.12.2013, 08:13
| #15 |
| /// Malwareteam | GVU Trojaner - abgesicherter Modus startet nicht so da sitzt noch deutlich mehr im System Schritt 1: Drücke bitte die Windowstaste + R Taste und schreibe notepad in das Ausführen Fenster. Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument Code:
ATTFilter HKCU\...0c966feabec1\InprocServer32: [Default-shell32] C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\n. ATTENTION! ====> ZeroAccess?
U4 bonanzadealslive;
U4 bonanzadealslivem;
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\U\00000008.@
C:\Users\Benutzer01\AppData\Local\{02720220-4a4e-89bb-297d-ad00ff5671dc}\L\00000004.@
C:\ProgramData\l_u0_0.pad
C:\ProgramData\PKP_DLbz.DAT
C:\ProgramData\ras_0oed.pad
Speichere diese bitte als Fixlist.txt auf deinem Desktop (oder dem Verzeichnis in dem sich FRST befindet).
Schritt 2: Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Schritt 3: erstelle bitte ein neues FRST Logfile und poste es hier |
|
| Themen zu GVU Trojaner - abgesicherter Modus startet nicht |
| adobe, antivirus, autorun, avast, bho, bonjour, defender, download, error, explorer, firefox, format, helper, home, logfile, microsoft, mozilla, object, plug-in, realtek, registry, scan, secure, software, tarma, trojaner, winlogon |
Textbox. 
Gruß Aneri 
Linear-Darstellung
