Weisser Bildschirm und "please wait while the connection ist being established"

Tyler69 · 21.01.2015, 18:13

Hallo,

ich habe hier einen PC von einem Bekannten mit dem oben genannten Problem.
Einen Scan mit OTLpe habe ich schon gemacht und die OTL.txt angehaengt.

Waere schoen wenn mir jemand helfen koennte.

Danke

Gruss
Tyler

Code:

ATTFilter

OTL logfile created on: 1/21/2015 5:15:17 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
Windows Vista (TM) Ultimate Service Pack 2 (Version = 6.0.6002) - Type = System
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Německo | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 465.76 Gb Total Space | 364.61 Gb Free Space | 78.28% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV - [2012/03/26 10:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand] -- C:\Program Files\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012/03/26 10:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2011/12/13 03:32:32 | 001,527,104 | ---- | M] (TuneUp Software) [Auto] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2011/12/13 03:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- C:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2011/06/06 05:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011/05/01 03:50:12 | 000,311,744 | ---- | M] (CybelSoft) [On_Demand] -- C:\Program Files\ma-config.com\maconfservice.exe -- (maconfservice)
SRV - [2011/04/11 07:44:44 | 000,112,800 | ---- | M] (Intel Corporation) [Auto] -- C:\Windows\System32\IPROSetMonitor.exe -- (Intel(R) PROSet Monitoring Service) Intel(R)
SRV - [2009/01/26 08:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) [Auto] -- C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe -- (SBSDWSCService)
SRV - [2008/01/20 21:21:41 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2008/01/20 21:21:32 | 000,365,568 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2008/01/20 21:21:32 | 000,167,936 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [File_System | On_Demand] --  -- (TSHWMDTCP)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand] --  -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand] --  -- (IpInIp)
DRV - [2012/03/20 13:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2011/06/14 03:19:06 | 000,005,632 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\Windows\System32\drivers\IntelDH.sys -- (IntelDH)
DRV - [2011/06/06 09:03:54 | 000,010,064 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2011/01/27 07:43:20 | 000,007,680 | ---- | M] (MSI) [Kernel | On_Demand] -- C:\Program Files\MSI\MSIWDev\NTIOLib.sys -- (NTIOLib_1_0_8)
DRV - [2010/08/30 05:19:54 | 000,014,336 | ---- | M] (CybelSoft) [Kernel | On_Demand] -- C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys -- (driverhardwarev2)
DRV - [2010/05/10 03:44:42 | 000,025,912 | ---- | M] (Your Corporation) [Kernel | On_Demand] -- C:\Program Files\MSI\MSIWDev\msibios32_100507.sys -- (MSI_MSIBIOS_010507)
DRV - [2009/12/18 04:58:52 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/08/26 04:44:44 | 001,025,920 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009/05/13 06:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2007/05/11 09:40:42 | 000,329,728 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\netr73.sys -- (netr73)
DRV - [2006/11/30 08:18:18 | 000,027,416 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
 
 
========== Standard Registry (All) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =  [binary data]
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\System32\blank.htm
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = *****
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\LocalService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\NetworkService_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
 
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\system32\blank.htm
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Page_Transitions = 0
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.x-start.de/
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CF 5B EE DF 5F 2A CC 01  [binary data]
IE - HKU\*****_ON_C\Software\Microsoft\Internet Explorer\Main,StartPageCache = 1
IE - HKU\*****_ON_C\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\Windows\System32\ieframe.dll (Microsoft Corporation)
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 
IE - HKU\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = *****
 
 
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@ma-config.com/HardwareDetection: C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2011/05/25 07:35:44 | 000,000,000 | ---D | M]
 
 
O1 HOSTS File: ([2011/06/16 03:41:59 | 000,435,149 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O1 - Hosts: 127.0.0.1	www.007guard.com
O1 - Hosts: 127.0.0.1	007guard.com
O1 - Hosts: 127.0.0.1	008i.com
O1 - Hosts: 127.0.0.1	www.008k.com
O1 - Hosts: 127.0.0.1	008k.com
O1 - Hosts: 127.0.0.1	www.00hq.com
O1 - Hosts: 127.0.0.1	00hq.com
O1 - Hosts: 127.0.0.1	010402.com
O1 - Hosts: 127.0.0.1	www.032439.com
O1 - Hosts: 127.0.0.1	032439.com
O1 - Hosts: 127.0.0.1	www.0scan.com
O1 - Hosts: 127.0.0.1	0scan.com
O1 - Hosts: 127.0.0.1	1000gratisproben.com
O1 - Hosts: 127.0.0.1	www.1000gratisproben.com
O1 - Hosts: 127.0.0.1	1001namen.com
O1 - Hosts: 127.0.0.1	www.1001namen.com
O1 - Hosts: 127.0.0.1	100888290cs.com
O1 - Hosts: 127.0.0.1	www.100888290cs.com
O1 - Hosts: 127.0.0.1	www.100sexlinks.com
O1 - Hosts: 127.0.0.1	100sexlinks.com
O1 - Hosts: 127.0.0.1	10sek.com
O1 - Hosts: 127.0.0.1	www.10sek.com
O1 - Hosts: 127.0.0.1	www.1-2005-search.com
O1 - Hosts: 14978 more lines...
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\Windows\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\Windows\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Persistence] C:\Windows\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [RTHDVCPL] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdSync.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\LocalService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_C..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [CarryLaunch] C:\Users\*****\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe ()
O4 - HKU\*****_ON_C..\Run: [ehTray.exe] C:\Windows\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [krj8p0m1wWC5aDZ] C:\Users\*****\AppData\Roaming\game_client.exe ()
O4 - HKU\*****_ON_C..\Run: [Sidebar] C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation)
O4 - HKU\*****_ON_C..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.)
O4 - HKU\*****_ON_C..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: BindDirectlyToPropertySetStorage = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableInstallerDetection = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableSecureUIAPaths = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableVirtualization = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ValidateAdminCodeSignatures = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = 
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: scforceoption = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: FilterAdministratorToken = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableUIADesktopToggle = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_TEXT = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_BITMAP = 2
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_OEMTEXT = 7
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIB = 8
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_PALETTE = 9
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_UNICODETEXT = 13
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\UIPI\Clipboard\ExceptionFormats: CF_DIBV5 = 17
O7 - HKU\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\*****_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\Windows\System32\nlaapi.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\Windows\System32\NapiNSP.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Windows\System32\pnrpnsp.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Windows\System32\winrnr.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000021 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000022 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000023 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000024 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000025 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000026 - C:\Windows\System32\mswsock.dll (Microsoft Corporation)
O13 - gopher Prefix: missing
O16 - DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab (WebSDev Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.200
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\Windows\System32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\Windows\System32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\Windows\System32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\Windows\System32\MSVidCtl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\Windows\System32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\Windows\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\Windows\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\Windows\System32\sysdm.cpl (Microsoft Corporation)
O20 - HKU\*****_ON_C Winlogon: Shell - (C:\Users\*****\AppData\Roaming\game_client.exe) - C:\Users\*****\AppData\Roaming\game_client.exe ()
O20 - HKU\*****_ON_C Winlogon: UserInit - (C:\Users\*****\AppData\Roaming\game_client.exe) - C:\Users\*****\AppData\Roaming\game_client.exe ()
O20 - HKU\*****_ON_C Winlogon: UserInit - (C:\WINDOWS\System32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\Windows\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\Windows\System32\webcheck.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\Windows\System32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {E31004D1-A431-41B8-826F-E902F9D95C81} - Windows DreamScene - C:\Windows\System32\DreamScene.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (credssp.dll) - C:\Windows\System32\credssp.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\Windows\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\Windows\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\Windows\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\Windows\System32\wdigest.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (tspkg) - C:\Windows\System32\tspkg.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/09/18 16:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2015/01/21 10:56:54 | 000,000,000 | ---D | C] -- C:\Windows\LastGood
[2011/06/15 07:14:45 | 000,120,320 | ---- | C] ( ) -- C:\Windows\System32\lagarith.dll
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2015/01/21 10:57:48 | 002,169,750 | ---- | M] () -- C:\Windows\System32\PerfStringBackup.INI
[2015/01/21 10:57:48 | 000,629,782 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2015/01/21 10:57:48 | 000,600,470 | ---- | M] () -- C:\Windows\System32\perfh005.dat
[2015/01/21 10:57:48 | 000,597,486 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2015/01/21 10:57:48 | 000,126,858 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2015/01/21 10:57:48 | 000,118,394 | ---- | M] () -- C:\Windows\System32\perfc005.dat
[2015/01/21 10:57:48 | 000,104,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2015/01/21 10:55:39 | 000,067,584 | ---- | M] () -- C:\Windows\bootstat.dat
[2015/01/21 10:48:50 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 10:48:50 | 000,003,712 | ---- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2015/01/21 10:48:46 | 000,000,006 | -H-- | M] () -- C:\Windows\tasks\SA.DAT
[1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ]
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012/05/23 03:51:55 | 000,273,408 | ---- | C] () -- C:\Users\*****\AppData\Roaming\game_client.exe
[2011/12/18 14:18:14 | 001,542,322 | -H-- | C] () -- C:\Users\*****\AppData\Local\IconCache.db
[2011/08/18 15:37:48 | 000,000,680 | ---- | C] () -- C:\Users\*****\AppData\Local\d3d9caps.dat
[2011/06/24 13:07:18 | 000,000,056 | -H-- | C] () -- C:\Windows\System32\ezsidmv.dat
[2011/06/15 07:25:16 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll
[2011/06/15 07:14:50 | 000,175,616 | ---- | C] () -- C:\Windows\System32\unrar.dll
[2011/06/15 07:14:49 | 000,000,038 | ---- | C] () -- C:\Windows\avisplitter.ini
[2011/06/15 07:14:45 | 002,712,064 | ---- | C] () -- C:\Windows\System32\x264vfw.dll
[2011/06/15 07:14:44 | 000,631,808 | ---- | C] () -- C:\Windows\System32\xvidcore.dll
[2011/06/15 07:14:44 | 000,243,200 | ---- | C] () -- C:\Windows\System32\xvidvfw.dll
[2011/06/15 07:14:43 | 000,080,896 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll
[2011/06/15 07:14:43 | 000,000,590 | ---- | C] () -- C:\Windows\System32\ff_vfw.dll.manifest
[2011/06/14 09:33:23 | 000,000,376 | ---- | C] () -- C:\Windows\ODBC.INI
[2011/06/14 05:56:24 | 000,009,760 | ---- | C] () -- C:\Windows\System32\34CoInstaller.dll
[2011/06/14 03:41:05 | 000,127,184 | ---- | C] () -- C:\Windows\Unwise.exe
[2011/06/14 03:41:04 | 000,149,504 | ---- | C] () -- C:\Windows\unwise32_setup.exe
[2011/05/26 02:47:17 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin
[2011/05/26 02:47:16 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll
[2011/05/26 02:46:50 | 000,368,640 | ---- | C] () -- C:\Windows\System32\msjetoledb40.dll
[2011/05/26 02:46:15 | 000,062,976 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe
[2011/05/25 08:33:00 | 000,629,782 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011/05/25 08:33:00 | 000,290,748 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011/05/25 08:33:00 | 000,126,858 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011/05/25 08:33:00 | 000,036,916 | ---- | C] () -- C:\Windows\System32\perfd007.dat
[2011/05/25 05:24:18 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin
[2011/05/25 01:16:41 | 000,106,568 | ---- | C] () -- C:\Users\*****\AppData\Local\GDIPFONTCACHEV1.DAT
[2008/10/22 11:27:18 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1587.dll
[2008/06/18 06:51:06 | 000,147,456 | ---- | C] () -- C:\Windows\System32\igfxCoIn_v1504.dll
[2008/01/21 01:12:02 | 002,169,750 | ---- | C] () -- C:\Windows\System32\PerfStringBackup.INI
[2008/01/21 01:11:35 | 000,286,912 | ---- | C] () -- C:\Windows\System32\perfi005.dat
[2008/01/21 01:11:34 | 000,600,470 | ---- | C] () -- C:\Windows\System32\perfh005.dat
[2008/01/21 01:11:34 | 000,118,394 | ---- | C] () -- C:\Windows\System32\perfc005.dat
[2008/01/21 01:11:34 | 000,034,724 | ---- | C] () -- C:\Windows\System32\perfd005.dat
[2008/01/20 21:23:41 | 000,081,158 | ---- | C] () -- C:\Windows\System32\manage-bde.ini.en
[2008/01/20 21:22:45 | 000,060,124 | ---- | C] () -- C:\Windows\System32\tcpmon.ini
[2006/11/02 07:55:52 | 000,067,584 | ---- | C] () -- C:\Windows\bootstat.dat
[2006/11/02 07:46:27 | 000,396,552 | ---- | C] () -- C:\Windows\System32\FNTCACHE.DAT
[2006/11/02 07:35:51 | 000,037,665 | ---- | C] () -- C:\Windows\Fonts\GlobalUserInterface.CompositeFont
[2006/11/02 07:35:51 | 000,029,779 | ---- | C] () -- C:\Windows\Fonts\GlobalSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,489 | ---- | C] () -- C:\Windows\Fonts\GlobalSansSerif.CompositeFont
[2006/11/02 07:35:51 | 000,026,040 | ---- | C] () -- C:\Windows\Fonts\GlobalMonospace.CompositeFont
[2006/11/02 07:34:20 | 000,005,632 | ---- | C] () -- C:\Windows\System32\sysprepMCE.dll
[2006/11/02 07:32:34 | 000,197,632 | ---- | C] () -- C:\Windows\System32\ir32_32.dll
[2006/11/02 05:33:01 | 000,597,486 | ---- | C] () -- C:\Windows\System32\perfh009.dat
[2006/11/02 05:33:01 | 000,287,440 | ---- | C] () -- C:\Windows\System32\perfi009.dat
[2006/11/02 05:33:01 | 000,104,460 | ---- | C] () -- C:\Windows\System32\perfc009.dat
[2006/11/02 05:33:01 | 000,030,674 | ---- | C] () -- C:\Windows\System32\perfd009.dat
[2006/11/02 05:24:31 | 000,001,405 | ---- | C] () -- C:\Windows\msdfmap.ini
[2006/11/02 05:23:31 | 000,000,240 | ---- | C] () -- C:\Windows\win.ini
[2006/11/02 05:23:31 | 000,000,219 | ---- | C] () -- C:\Windows\system.ini
[2006/11/02 05:23:21 | 000,215,943 | ---- | C] () -- C:\Windows\System32\dssec.dat
[2006/11/02 03:58:30 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin
[2006/11/02 03:19:00 | 000,000,741 | ---- | C] () -- C:\Windows\System32\NOISE.DAT
[2006/11/02 02:40:29 | 000,013,750 | ---- | C] () -- C:\Windows\System32\pacerprf.ini
[2006/11/02 02:25:31 | 000,673,088 | ---- | C] () -- C:\Windows\System32\mlang.dat
[2006/11/02 02:10:37 | 000,053,536 | ---- | C] () -- C:\Windows\System32\dosx.exe
[2006/11/02 02:10:02 | 000,000,718 | ---- | C] () -- C:\Windows\System32\mscdexnt.exe
[2006/11/02 02:10:00 | 000,002,842 | ---- | C] () -- C:\Windows\System32\redir.exe
[2006/11/02 02:09:59 | 000,069,886 | ---- | C] () -- C:\Windows\System32\edit.com
[2006/11/02 02:09:59 | 000,019,694 | ---- | C] () -- C:\Windows\System32\GRAPHICS.COM
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\share.exe
[2006/11/02 02:09:59 | 000,000,882 | ---- | C] () -- C:\Windows\System32\fastopen.exe
[2006/11/02 02:09:57 | 000,014,710 | ---- | C] () -- C:\Windows\System32\KB16.COM
[2006/11/02 02:09:56 | 000,007,052 | ---- | C] () -- C:\Windows\System32\nlsfunc.exe
[2006/11/02 02:09:55 | 000,039,274 | ---- | C] () -- C:\Windows\System32\mem.exe
[2006/11/02 02:09:55 | 000,001,131 | ---- | C] () -- C:\Windows\System32\LOADFIX.COM
[2006/11/02 02:09:53 | 000,011,753 | ---- | C] () -- C:\Windows\System32\setver.exe
[2006/11/02 02:09:52 | 000,020,634 | ---- | C] () -- C:\Windows\System32\debug.exe
[2006/11/02 02:09:51 | 000,008,424 | ---- | C] () -- C:\Windows\System32\exe2bin.exe
[2006/11/02 02:09:50 | 000,012,642 | ---- | C] () -- C:\Windows\System32\edlin.exe
[2006/11/02 02:09:49 | 000,050,648 | ---- | C] () -- C:\Windows\System32\COMMAND.COM
[2006/11/02 02:09:49 | 000,012,498 | ---- | C] () -- C:\Windows\System32\append.exe
[2006/11/02 02:09:45 | 000,027,097 | ---- | C] () -- C:\Windows\System32\country.sys
[2006/11/02 02:09:44 | 000,042,809 | ---- | C] () -- C:\Windows\System32\KEY01.SYS
[2006/11/02 02:09:44 | 000,042,537 | ---- | C] () -- C:\Windows\System32\KEYBOARD.SYS
[2006/11/02 02:09:42 | 000,009,029 | ---- | C] () -- C:\Windows\System32\ANSI.SYS
[2006/11/02 02:09:41 | 000,004,768 | ---- | C] () -- C:\Windows\System32\HIMEM.SYS
[2006/11/02 02:09:40 | 000,029,274 | ---- | C] () -- C:\Windows\System32\NTDOS412.SYS
[2006/11/02 02:09:38 | 000,029,370 | ---- | C] () -- C:\Windows\System32\NTDOS411.SYS
[2006/11/02 02:09:35 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS404.SYS
[2006/11/02 02:09:31 | 000,029,146 | ---- | C] () -- C:\Windows\System32\NTDOS804.SYS
[2006/11/02 02:09:29 | 000,027,866 | ---- | C] () -- C:\Windows\System32\NTDOS.SYS
[2006/11/02 02:09:26 | 000,035,536 | ---- | C] () -- C:\Windows\System32\NTIO412.SYS
[2006/11/02 02:09:24 | 000,035,776 | ---- | C] () -- C:\Windows\System32\NTIO411.SYS
[2006/11/02 02:09:23 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO404.SYS
[2006/11/02 02:09:22 | 000,034,672 | ---- | C] () -- C:\Windows\System32\NTIO804.SYS
[2006/11/02 02:09:20 | 000,033,952 | ---- | C] () -- C:\Windows\System32\NTIO.SYS
[2006/11/02 01:25:08 | 000,013,312 | ---- | C] () -- C:\Windows\System32\win87em.dll
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\Windows\System32\OUTLPERF.INI
 
========== LOP Check ==========
 
[2011/08/18 15:59:18 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\CoSoSys
[2011/06/24 13:16:35 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\foobar2000
[2011/06/21 03:40:27 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\FreeBurner
[2011/06/15 07:07:49 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\IrfanView
[2011/06/14 09:24:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\OpenOffice.org
[2011/08/28 09:59:31 | 000,000,000 | ---D | M] -- C:\Users\*****\AppData\Roaming\TuneUp Software
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Application Data
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Data aplikací
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Desktop
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Documents
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Dokumenty
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Favorites
[2011/06/14 04:56:42 | 000,000,000 | ---D | M] -- C:\ProgramData\ma-config.com
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Nabídka Start
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Oblíbené položky
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Plocha
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Start Menu
[2006/11/02 08:00:38 | 000,000,000 | ---D | M] -- C:\ProgramData\Templates
[2011/08/28 10:00:32 | 000,000,000 | ---D | M] -- C:\ProgramData\TuneUp Software
[2011/06/28 09:06:51 | 000,000,000 | ---D | M] -- C:\ProgramData\WindowsSearch
[2011/06/14 03:49:14 | 000,000,000 | ---D | M] -- C:\ProgramData\X10 Settings
[2011/08/23 12:16:04 | 000,000,000 | -HSD | M] -- C:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}
[2011/12/18 13:33:21 | 000,000,000 | -HSD | M] -- C:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936}
[2011/05/25 01:12:39 | 000,000,000 | ---D | M] -- C:\ProgramData\Šablony
[2015/01/21 10:47:34 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2011/08/18 15:38:01 | 000,000,362 | ---- | M] () -- C:\Windows\Tasks\{A6500BFB-791B-458F-8B51-134812A0568E}.job
 
========== Purity Check ==========
 
 
< End of report >

schrauber · 21.01.2015, 18:17

Hi,

Logs bitte immer in den Thread posten. Zur Not aufteilen und mehrere Posts nutzen.
Ich kann auf Arbeit keine Anhänge öffnen, danke.

So funktioniert es:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:

Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.

Tyler69 · 21.01.2015, 19:47

Hallo,

habe ich oben noch mal geaendert/eingefuegt.

schrauber · 22.01.2015, 13:00

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

ATTFilter

:OTL
O4 - HKU\*****_ON_C..\Run: [krj8p0m1wWC5aDZ] C:\Users\*****\AppData\Roaming\game_client.exe ()
C:\Users\*****\AppData\Roaming\game_client.exe
O20 - HKU\*****_ON_C Winlogon: Shell - (C:\Users\*****\AppData\Roaming\game_client.exe) - C:\Users\*****\AppData\Roaming\game_client.exe ()
O20 - HKU\*****_ON_C Winlogon: UserInit - (C:\Users\*****\AppData\Roaming\game_client.exe) - C:\Users\*****\AppData\Roaming\game_client.exe ()
:Commands
[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Rechner normal starten.

Tyler69 · 22.01.2015, 19:07

Hallo Schrauber,

danke fuer die schnelle Hilfe.

Hier dass Logfile

Code:

ATTFilter

========== OTL ==========
Registry value HKEY_USERS\*****_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\krj8p0m1wWC5aDZ deleted successfully.
C:\Users\*****\AppData\Roaming\game_client.exe moved successfully.
Registry value HKEY_USERS\*****_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\*****\AppData\Roaming\game_client.exe deleted successfully.
File C:\Users\*****\AppData\Roaming\game_client.exe not found.
Registry value HKEY_USERS\*****_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Users\*****\AppData\Roaming\game_client.exe deleted successfully.
File C:\Users\*****\AppData\Roaming\game_client.exe not found.
========== COMMANDS ==========
 
[EMPTYTEMP]
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
Empty user temp failed. Cannot find local settings folders.
 
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 33280 bytes
Windows Temp folder emptied: 70741973 bytes
 
Total Files Cleaned = 67.00 mb
 
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 01222015_182319

schrauber · 23.01.2015, 12:19

Startet der Rechner wieder normal`?

Tyler69 · 23.01.2015, 12:50

Hallo schrauber,

ja, der PC fährt wieder hoch.
Allerdings startet z.B. der IE nicht.

schrauber · 23.01.2015, 13:19

Dann ab jetzt alles im normalen Modus:

Bitte lade dir die passende Version von Farbar's Recovery Scan Tool auf deinen Desktop:

FRST 32-Bit | FRST 64-Bit
(Wenn du nicht sicher bist: Lade beide Versionen oder unter Start > Computer (Rechtsklick) > Eigenschaften nachschauen)

Starte jetzt FRST.
Ändere ungefragt keine der Checkboxen und klicke auf Untersuchen.
Die Logdateien werden nun erstellt und befinden sich danach auf deinem Desktop.
Poste mir die FRST.txt und nach dem ersten Scan auch die Addition.txt in deinem Thread (#-Symbol im Eingabefenster der Webseite anklicken)

Tyler69 · 25.01.2015, 11:22

Hallo Schrauber,

hier die Addition.txt

Code:

ATTFilter

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 24-01-2015 01
Ran by ***** at 2015-01-25 10:54:08
Running from E:\
Boot Mode: Normal
==========================================================


==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Microsoft Security Essentials (Enabled - Out of date) {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Microsoft Security Essentials (Enabled - Out of date) {2C040BB5-2B06-7275-5A21-2B969A740B4B}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (HKLM\...\7-Zip) (Version:  - )
Adobe Flash Player 11 ActiveX (HKLM\...\Adobe Flash Player ActiveX) (Version: 11.1.102.55 - Adobe Systems Incorporated)
Adobe Reader X (10.1.0) - Czech (HKLM\...\{AC76BA86-7AD7-1029-7B44-AA1000000001}) (Version: 10.1.0 - Adobe Systems Incorporated)
Anglický překladový slovník Lingea pro MS Office 2003 (HKLM\...\{10627FCE-B1C9-4E78-AFCA-5AAE11774442}) (Version: 1.00.0000 - Lingea s.r.o.)
Compatibility Pack for the 2007 Office system (HKLM\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
foobar2000 v1.1.6 (HKLM\...\foobar2000) (Version: 1.1.6 - Peter Pawlowski)
Free Easy Burner V 4.4.1 (HKLM\...\Free Easy Burner_is1) (Version: 4.4.1.0 - Koyote soft)
Intel(R) Graphics Media Accelerator Driver (HKLM\...\HDMI) (Version:  - Intel Corporation)
Intel(R) Network Connections 16.3.48.0 (HKLM\...\PROSetDX) (Version: 16.3.48.0 - Intel)
Intel(R) Processor ID Utility (HKLM\...\{A92A4DB0-CD37-42D1-BE1D-603D53C24328}) (Version: 4.31.0000 - Intel(R) Corporation)
IrfanView (remove only) (HKLM\...\IrfanView) (Version: 4.28 - Irfan Skiljan)
Java(TM) 6 Update 26 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F83216025FF}) (Version: 6.0.260 - Oracle)
K-Lite Mega Codec Pack 7.1.8 (HKLM\...\KLiteCodecPack_is1) (Version: 7.1.8 - )
Kontrola české gramatiky pro sadu Microsoft Office 2003 (HKLM\...\{A62392EE-03CB-4FA8-8E79-B5F95A346FB3}) (Version: 1.0.0 - Microsoft Corporation)
Ma-Config.com (HKLM\...\{C54E86AA-7B18-4AB6-84EA-D74A85A5BAE8}) (Version: 5.1.050 - Cybelsoft)
Microsoft .NET Framework 3.5 SP1 – jazyková sada – CSY (HKLM\...\Microsoft .NET Framework 3.5 Language Pack SP1 - csy) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 3.5 SP1 (HKLM\...\Microsoft .NET Framework 3.5 SP1) (Version:  - Microsoft Corporation)
Microsoft .NET Framework 4 Client Profile (HKLM\...\Microsoft .NET Framework 4 Client Profile) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft Office 2003 Czech User Interface Pack (HKLM\...\{901E0405-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office 2003 German User Interface Pack (HKLM\...\{901E0407-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Office File Validation Add-In (HKLM\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional Edition 2003 (HKLM\...\{90110409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2005 (HKLM\...\Microsoft Report Viewer Redistributable 2005) (Version:  - Microsoft Corporation)
Microsoft Report Viewer Redistributable 2008 SP1 (HKLM\...\Microsoft Report Viewer Redistributable 2008 (KB971119)) (Version:  - Microsoft Corporation)
Microsoft ReportViewer 2010 SP1 Redistributable (KB2549864) (HKLM\...\{1282C0BC-3B22-33D4-B72E-62922415DDCA}) (Version: 10.0.40220 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.0.1526.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 4.1.10329.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 (HKLM\...\{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}) (Version: 9.0.30729.5570 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.30319 (HKLM\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Windows Media Video 9 VCM (HKLM\...\WMV9_VCM) (Version:  - )
MSXML 4.0 SP2 (KB927978) (HKLM\...\{37477865-A3F1-4772-AD43-AAFC6BCFF99F}) (Version: 4.20.9841.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Německý překladový slovník Lingea pro MS Office 2003 (HKLM\...\{70E42F24-B920-4CDE-BB99-7B9CE881ED6A}) (Version: 1.00.0000 - Lingea s.r.o.)
OpenOffice.org 3.3 (HKLM\...\{D5B94160-4A07-4956-9C73-8C5EEFEF180F}) (Version: 3.3.9567 - OpenOffice.org)
PDFCreator (HKLM\...\{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}) (Version: 1.2.1 - Frank Heindörfer, Philip Chinery)
Picasa 3 (HKLM\...\Picasa 3) (Version: 3.8 - Google, Inc.)
QuickTime Alternative 3.2.2 (HKLM\...\QuicktimeAlt_is1) (Version: 3.2.2 - )
Realtek High Definition Audio Driver (HKLM\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6383 - Realtek Semiconductor Corp.)
Skype™ 5.5 (HKLM\...\{AA59DDE4-B672-4621-A016-4C248204957A}) (Version: 5.5.124 - Skype Technologies S.A.)
Spybot - Search & Destroy (HKLM\...\{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1) (Version: 1.6.2 - Safer Networking Limited)
System Requirements Lab for Intel (HKLM\...\{CD41B576-4787-4D5C-95EE-24A4ABD89CD3}) (Version: 4.4.24.0 - Husdawg, LLC)
Total Commander (Remove or Repair) (HKLM\...\Totalcmd) (Version: 7.56a - Ghisler Software GmbH)
TuneUp Utilities 2011 (HKLM\...\TuneUp Utilities 2011) (Version: 10.0.4600.4 - TuneUp Software)
TuneUp Utilities 2011 (Version: 10.0.4600.4 - TuneUp Software) Hidden
TuneUp Utilities Language Pack (de-DE) (Version: 10.0.4600.4 - TuneUp Software) Hidden
Ultimate Extras sounds from Microsoft® Tinker™ (HKLM\...\UltSounds2) (Version:  - Microsoft Corporation)
Windows Media Encoder 9 Series (HKLM\...\Windows Media Encoder 9) (Version:  - )
Zvuková schémata systému Windows (HKLM\...\UltSounds) (Version:  - Microsoft Corporation)

==================== Custom CLSID (selected items): ==========================

(If an entry is included in the fixlist, it will be removed from registry. Any eventual file will not be moved.)


==================== Restore Points  =========================

22-09-2011 22:30:03 Windows Update
24-09-2011 12:20:58 Windows Update
24-09-2011 13:13:44 Microsoft Antimalware Checkpoint
25-09-2011 08:48:23 Geplanter Prüfpunkt
25-09-2011 18:25:20 Windows Update
26-09-2011 18:20:13 Windows Update
27-09-2011 17:53:26 Geplanter Prüfpunkt
27-09-2011 18:10:38 Windows Update
18-12-2011 20:11:23 Windows Update
24-12-2011 11:09:33 Windows Update
26-12-2011 20:12:44 Windows Update
27-12-2011 21:29:35 Windows Update
01-01-2012 16:42:48 Windows Update
02-01-2012 20:15:01 Windows Update
22-01-2012 15:08:45 Windows Update
22-01-2012 20:00:14 Windows Update
28-01-2012 21:15:57 Windows Update
28-01-2012 23:04:00 Windows Update
29-01-2012 18:55:14 Windows Update
05-02-2012 16:40:12 Windows Update
12-02-2012 15:20:34 Windows Update
15-02-2012 11:21:07 Windows Update
25-02-2012 16:50:19 Windows Update
31-03-2012 19:22:43 Windows Update
31-03-2012 19:40:48 Windows Update
31-03-2012 21:14:09 Windows Update
18-05-2012 21:55:29 Windows Update
18-05-2012 23:55:51 Windows Update
23-05-2012 09:48:51 Windows Update
24-05-2012 21:52:17 Microsoft Antimalware Checkpoint
28-10-2012 19:45:38 Microsoft Antimalware Checkpoint
28-10-2012 19:48:02 Windows Update
18-12-2012 13:07:44 Microsoft Antimalware Checkpoint
18-12-2012 13:09:38 Windows Update
20-12-2012 00:00:03 Geplanter Prüfpunkt
21-12-2012 00:00:01 Geplanter Prüfpunkt
21-12-2012 13:38:08 Geplanter Prüfpunkt
21-01-2015 16:46:22 Microsoft Antimalware Checkpoint
22-01-2015 19:38:44 Geplanter Prüfpunkt

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2006-11-02 11:23 - 2011-06-16 09:41 - 00435149 ____R C:\Windows\system32\Drivers\etc\hosts
127.0.0.1       localhost
127.0.0.1	www.007guard.com
127.0.0.1	007guard.com
127.0.0.1	008i.com
127.0.0.1	www.008k.com
127.0.0.1	008k.com
127.0.0.1	www.00hq.com
127.0.0.1	00hq.com
127.0.0.1	010402.com
127.0.0.1	www.032439.com
127.0.0.1	032439.com
127.0.0.1	www.0scan.com
127.0.0.1	0scan.com
127.0.0.1	1000gratisproben.com
127.0.0.1	www.1000gratisproben.com
127.0.0.1	1001namen.com
127.0.0.1	www.1001namen.com
127.0.0.1	100888290cs.com
127.0.0.1	www.100888290cs.com
127.0.0.1	www.100sexlinks.com
127.0.0.1	100sexlinks.com
127.0.0.1	10sek.com
127.0.0.1	www.10sek.com
127.0.0.1	www.1-2005-search.com
127.0.0.1	1-2005-search.com
127.0.0.1	123fporn.info
127.0.0.1	www.123fporn.info
127.0.0.1	123haustiereundmehr.com
127.0.0.1	www.123haustiereundmehr.com

There are 1000 more lines.


==================== Scheduled Tasks (whitelisted) =============

(If an entry is included in the fixlist, it will be removed from registry. Any associated file could be listed separately to be moved.)

Task: {31A53BB7-466E-44F3-A879-2583864DC82C} - System32\Tasks\Java Update Scheduler => C:\Program Files\Common Files\Java\Java Update\jusched.exe [2011-04-08] (Sun Microsystems, Inc.)
Task: {94A9E4B9-62FC-4692-9655-98D87E4D629C} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2011 => C:\Program Files\TuneUp Utilities 2011\OneClick.exe [2011-12-13] (TuneUp Software)
Task: {A801A3C0-B514-49B5-9D5D-DFDCB7F44CF0} - System32\Tasks\Adobe-Online-Aktualisierungsprogramm => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2011-06-06] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\{A6500BFB-791B-458F-8B51-134812A0568E}.job => C:\Program Files\Internet Explorer\iexplore.exe

==================== Loaded Modules (whitelisted) =============

2011-06-15 13:25 - 2001-10-28 16:42 - 00116224 _____ () C:\Windows\System32\pdfcmnnt.dll
2011-08-18 21:59 - 2008-12-02 10:40 - 00172032 _____ () C:\Users\*****\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe

==================== Alternate Data Streams (whitelisted) =========

(If an entry is included in the fixlist, only the Alternate Data Streams will be removed.)


==================== Safe Mode (whitelisted) ===================

(If an item is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (whitelisted) =============

(If an entry is included in the fixlist, the default will be restored. None default entries will be removed.)


==================== MSCONFIG/TASK MANAGER disabled items =========

(Currently there is no automatic fix for this section.)


========================= Accounts: ==========================

Administrator (S-1-5-21-84979143-2537804966-3357750443-500 - Administrator - Disabled)
Guest (S-1-5-21-84979143-2537804966-3357750443-501 - Limited - Disabled)
***** (S-1-5-21-84979143-2537804966-3357750443-1000 - Administrator - Enabled) => C:\Users\*****

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (01/25/2015 10:49:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 07:10:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/22/2015 07:10:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/22/2015 07:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 06:26:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:57:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:48:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:46:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7443b3ad-e575-4693-bcff-832530801520}

Error: (01/21/2015 04:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2012 01:07:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volumeschattenkopie-Dienstfehler: Beim Abfragen nach der Schnittstelle "IVssWriterCallback" ist ein unerwarteter Fehler aufgetreten. hr = 0x80070005.
Die Ursache hierfür ist oft eine falsche Sicherheitseinstellung im Schreib- oder Anfrageprozess.


Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d79853b-44d0-4760-a859-58955e6b58b3}


System errors:
=============
Error: (01/25/2015 10:51:00 AM) (Source: Microsoft-Windows-LanguagePackSetup) (EventID: 1001) (User: NT-AUTORITÄT)
Description: 0x80070032

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT51

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\NETZWERKDIENST

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608

Error: (01/22/2015 07:19:44 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT-AUTORITÄT60 has encountered an error trying to update signatures.

	New Signature Version: 

	Previous Signature Version: 1.127.224.0

	Update Source: %NT-AUTORITÄT59

	Update Stage: 4.0.1526.00

	Source Path: 4.0.1526.01

	Signature Type: %NT-AUTORITÄT602

	Update Type: %NT-AUTORITÄT604

	User: NT-AUTORITÄT\SYSTEM

	Current Engine Version: %NT-AUTORITÄT605

	Previous Engine Version: %NT-AUTORITÄT606

	Error code: %NT-AUTORITÄT607

	Error description: %NT-AUTORITÄT608


Microsoft Office Sessions:
=========================
Error: (01/25/2015 10:49:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 07:10:57 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/22/2015 07:10:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 11) (User: )
Description: hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cabEin erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.

Error: (01/22/2015 07:00:04 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/22/2015 06:26:24 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:57:06 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:48:57 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (01/21/2015 04:46:18 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {7443b3ad-e575-4693-bcff-832530801520}

Error: (01/21/2015 04:44:48 PM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (12/18/2012 01:07:37 PM) (Source: VSS) (EventID: 8194) (User: )
Description: 0x80070005

Vorgang:
   Generatordaten werden gesammelt

Kontext:
   Generatorklassen-ID: {e8132975-6f93-4464-a53e-1050253ae220}
   Generatorname: System Writer
   Generatorinstanz-ID: {6d79853b-44d0-4760-a859-58955e6b58b3}


CodeIntegrity Errors:
===================================
  Date: 2015-01-25 10:53:45.627
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 10:53:45.417
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 10:53:45.196
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2015-01-25 10:53:44.964
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Windows\System32\drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:21.331
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:21.114
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:20.895
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:20.677
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:16.199
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.

  Date: 2012-05-19 01:07:15.983
  Description: Die Abbildintegrität der Datei "\Device\HarddiskVolume1\Program Files\Microsoft Security Client\Antimalware\Drivers\NisDrvWFP.sys" konnte nicht überprüft werden, da der Satz seitenbezogener Abbildhashes auf dem System nicht gefunden wurde.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM)2 CPU 4300 @ 1.80GHz
Percentage of memory in use: 43%
Total physical RAM: 2037.77 MB
Available physical RAM: 1143.68 MB
Total Pagefile: 4320.8 MB
Available Pagefile: 3258.01 MB
Total Virtual: 2047.88 MB
Available Virtual: 1899.43 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:465.76 GB) (Free:361.44 GB) NTFS ==>[Drive with boot components (obtained from BCD)]
Drive e: () (Removable) (Total:1.92 GB) (Free:1.89 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 9C25441F)
Partition 1: (Active) - (Size=465.8 GB) - (Type=07 NTFS)

========================================================
Disk: 1 (Size: 1.9 GB) (Disk ID: 0020F272)
Partition 1: (Active) - (Size=1.9 GB) - (Type=0B)

==================== End Of Log ============================

und die FRST.txt

FRST Logfile:

FRST Logfile:

Code:

ATTFilter

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 24-01-2015 01
Ran by ***** (administrator) on ***** on 25-01-2015 10:53:09
Running from E:\
Loaded Profiles: ***** (Available profiles: *****)
Platform: Microsoft® Windows Vista™ Ultimate  Service Pack 2 (X86) OS Language: Tschechisch (Tschechische Republik)
Internet Explorer Version 9 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: hxxp://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\SLsvc.exe
(Intel Corporation) C:\Windows\System32\IPROSetMonitor.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\VS7DEBUG\MDM.EXE
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesService32.exe
(Safer Networking Ltd.) C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe
(Microsoft Corporation) C:\Windows\WindowsMobile\wmdSync.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Program Files\Windows Sidebar\sidebar.exe
(Microsoft Corporation) C:\Windows\ehome\ehtray.exe
() C:\Users\*****\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe
(Skype Technologies S.A.) C:\Program Files\Skype\Phone\Skype.exe
(Microsoft Corporation) C:\Program Files\Windows Media Player\wmpnscfg.exe
(TuneUp Software) C:\Program Files\TuneUp Utilities 2011\TuneUpUtilitiesApp32.exe
(Microsoft Corporation) C:\Windows\System32\wbem\unsecapp.exe
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Microsoft Corporation) C:\Windows\ehome\ehmsas.exe
(Microsoft Corporation) C:\Windows\System32\conime.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Windows Defender] => C:\Program Files\Windows Defender\MSASCui.exe [1008184 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe [10082920 2011-05-31] (Realtek Semiconductor)
HKLM\...\Run: [Windows Mobile-based device management] => C:\Windows\WindowsMobile\wmdSync.exe [215552 2008-01-21] (Microsoft Corporation)
HKLM\...\Run: [MSC] => c:\Program Files\Microsoft Security Client\msseces.exe [931200 2012-03-26] (Microsoft Corporation)
HKU\S-1-5-19\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-20\...\Run: [WindowsWelcomeCenter] => rundll32.exe oobefldr.dll,ShowWelcomeCenter
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Run: [ehTray.exe] => C:\Windows\ehome\ehTray.exe [125952 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Run: [CarryLaunch] => C:\Users\*****\AppData\Roaming\CoSoSys\CarryItEasy\CarryLaunch.exe [172032 2008-12-02] ()
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [17351304 2011-10-13] (Skype Technologies S.A.)
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Run: [WMPNSCFG] => C:\Program Files\Windows Media Player\WMPNSCFG.exe [202240 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Policies\system: [DisableTaskMgr] 1
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Policies\system: [DisableRegistryTools] 1
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Policies\Explorer: [NoDesktop] 1
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Policies\Explorer: [NoDesktop] 1 <===== ATTENTION
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Winlogon: [Userinit] c:\windows\system32\userinit.exe, [25088 2008-01-21] (Microsoft Corporation)
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\...\Winlogon: [Shell] 

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyServer: [HKLM] => ******
ProxyEnable: [S-1-5-21-84979143-2537804966-3357750443-1000] => Internet Explorer proxy is enabled.
ProxyServer: [S-1-5-21-84979143-2537804966-3357750443-1000] => ******
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.x-start.de/
HKU\S-1-5-21-84979143-2537804966-3357750443-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> DefaultScope {878887F9-4F4C-42BF-A88C-7B8AFCC56EEB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {02B124E6-DBDE-4855-8521-FBEB3A838D74} URL = hxxp://www.neckermann.de/link_go.mb1?link_id=9Ge-EQFCEeURZlvlw_WNk1DLjPzHz7&suchtext={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {1871B750-D127-4671-9469-3C39F416A692} URL = hxxp://de.search.yahoo.com/search?p={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {21425FB7-02BD-4A13-9C2E-840FA1595A2D} URL = hxxp://suche.freenet.de/suche?query={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {2F7A5E37-5D02-47B5-9CEC-279212B2DB45} URL = hxxp://www.otto.de/extern/?AffiliateID=41609564&IWL=599&campid=5203&search_query_query_text={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {42E232DF-84CD-4A18-99F0-BA3318C9037B} URL = hxxp://www.amazon.de/gp/search?search-alias=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {6783E56B-0C4A-4CD5-BD2E-C0A5FA3B5E12} URL = hxxp://search.microsoft.com/results.aspx?mkt=de-DE&setlang=de-DE&q={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {878887F9-4F4C-42BF-A88C-7B8AFCC56EEB} URL = hxxp://www.google.de/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {913D9261-9CD8-49B3-B46D-68644876487A} URL = hxxp://suche.web.de/search/web/?su={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {9706A42F-04CF-437C-89D6-1EEF551EA4DB} URL = hxxp://suche.aol.de/suche/web/search.jsp?q={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {A4273244-B68B-4F59-9CE0-82F0BF084189} URL = hxxp://www.rtl.de/websuche.php?kw={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {C252BF75-D455-4DCD-B36E-7A61FEDA02F8} URL = hxxp://rover.ebay.com/rover/1/707-37276-23097-0/4?satitle={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {C58BDB03-ECFD-4D93-ABA7-184FA4F76CEC} URL = hxxp://de.wikipedia.org/wiki/Spezial:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {D7DC2B20-BC25-4224-A08E-BDFCE5D319DC} URL = hxxp://www.tchibo.de/is-bin/INTERSHOP.enfinity/eTS/Store/-/-/-/TdTchPartnerLink-Search?BannerID=3390&SourceID=908&search_query_keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {F141ACFA-416D-4EBD-9D07-ACD3DB9F99A8} URL = hxxp://suche.lycos.de/cgi-bin/pursuit?query={searchTerms}
SearchScopes: HKU\S-1-5-21-84979143-2537804966-3357750443-1000 -> {FD803AA0-C9C7-458C-A86F-21620435057F} URL = hxxp://suche.t-online.de/cgi-bin/swl?br=ie7&q={searchTerms}
BHO: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
BHO: Spybot-S&D IE Protection -> {53707962-6F74-2D53-2644-206D7942484F} -> C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
DPF: {8167C273-DF59-4416-B647-C8BB2C7EE83E} hxxp://liveupdate.msi.com.tw/autobios/LOnline/RELEASECAB/install.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Handler: ms-itss - {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.200

FireFox:
========
FF Plugin: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF Plugin: @java.com/JavaPlugin -> C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF Plugin: @ma-config.com/HardwareDetection -> C:\Program Files\ma-config.com\nphardwaredetection.dll (Cybelsoft)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF Plugin: @microsoft.com/WPF,version=3.5 -> c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{20a82645-c095-46ed-80e3-08825760534b}] - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension
FF Extension: Microsoft .NET Framework Assistant - c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension [2011-05-25]

========================== Services (Whitelisted) =================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R2 Intel(R) PROSet Monitoring Service; C:\Windows\system32\IProsetMonitor.exe [112800 2011-04-11] (Intel Corporation)
S3 maconfservice; C:\Program Files\ma-config.com\maconfservice.exe [311744 2011-05-01] (CybelSoft)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [11552 2012-03-26] (Microsoft Corporation)
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [214952 2012-03-26] (Microsoft Corporation)
R2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.)
S2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [272952 2008-01-21] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, the service will be removed from the registry. The file will not be moved unless listed separately.)

R3 3xHybrid; C:\Windows\System32\DRIVERS\3xHybrid.sys [1025920 2009-08-26] (NXP Semiconductors Germany GmbH)
S3 cpudrv; C:\Program Files\SystemRequirementsLab\cpudrv.sys [11336 2009-12-18] ()
S3 driverhardwarev2; C:\Program Files\ma-config.com\Drivers\driverhardwarev2.sys [14336 2010-08-30] (CybelSoft)
S3 IntelDH; C:\Windows\System32\Drivers\IntelDH.sys [5632 2011-06-14] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [171064 2012-03-20] (Microsoft Corporation)
S3 MSI_MSIBIOS_010507; C:\Program Files\MSI\MSIWDev\msibios32_100507.sys [25912 2010-05-10] (Your Corporation)
S3 NTIOLib_1_0_8; C:\Program Files\MSI\MSIWDev\NTIOLib.sys [7680 2011-01-27] (MSI) [File not signed]
S3 X10Hid; C:\Windows\System32\Drivers\x10hid.sys [13720 2009-05-13] (X10 Wireless Technology, Inc.)
R3 XUIF; C:\Windows\System32\Drivers\x10ufx2.sys [27416 2006-11-30] (X10 Wireless Technology, Inc.)
S3 IpInIp; system32\DRIVERS\ipinip.sys [X]
S3 NwlnkFlt; system32\DRIVERS\nwlnkflt.sys [X]
S3 NwlnkFwd; system32\DRIVERS\nwlnkfwd.sys [X]
S3 TSHWMDTCP; \??\C:\Program Files\Intel\IntelDH\Intel Media Server\Media Server\bin\TSHWMDTCP.sys [X]

==================== NetSvcs (Whitelisted) ===================


(If an item is included in the fixlist, it will be removed from the registry. Any associated file could be listed separately to be moved.)


==================== One Month Created Files and Folders ========

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:53 - 2015-01-25 10:53 - 00000000 ____D () C:\FRST
2015-01-23 00:23 - 2015-01-23 00:23 - 00000000 ____D () C:\_OTL
2015-01-21 23:17 - 2015-01-21 23:58 - 00078058 _____ () C:\OTL.Txt
2015-01-21 23:17 - 2015-01-21 23:23 - 00017666 _____ () C:\Extras.Txt

==================== One Month Modified Files and Folders =======

(If an entry is included in the fixlist, the file\folder will be moved.)

2015-01-25 10:52 - 2008-01-21 02:37 - 01349077 _____ () C:\Windows\WindowsUpdate.log
2015-01-25 10:52 - 2006-11-02 13:51 - 00116834 _____ () C:\Windows\setupact.log
2015-01-25 10:50 - 2006-11-02 13:46 - 00003712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:50 - 2006-11-02 13:46 - 00003712 _____ () C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
2015-01-25 10:49 - 2006-11-02 14:00 - 00000006 ____H () C:\Windows\Tasks\SA.DAT
2015-01-22 21:12 - 2006-11-02 14:00 - 00032640 _____ () C:\Windows\Tasks\SCHEDLGU.TXT
2015-01-22 21:10 - 2011-06-15 12:59 - 00000000 ____D () C:\Users\*****\AppData\Roaming\Skype
2015-01-22 19:13 - 2008-01-21 07:12 - 02169750 _____ () C:\Windows\system32\PerfStringBackup.INI
2015-01-21 23:14 - 2011-05-25 07:16 - 00000000 ____D () C:\Users\*****

==================== Files in the root of some directories =======

2011-08-18 21:37 - 2011-12-18 19:34 - 0000680 _____ () C:\Users\*****\AppData\Local\d3d9caps.dat
2008-02-05 13:28 - 2008-02-05 13:28 - 0000051 _____ () C:\Users\*****\AppData\Local\setup.txt

Files to move or delete:
====================
C:\Users\*****\TuneUpUtilities2011_de-DE.exe
C:\Windows\Tasks\{A6500BFB-791B-458F-8B51-134812A0568E}.job


Some content of TEMP:
====================
C:\Users\*****\AppData\Local\Temp\1d2sdfsd90oipoipo3470.exe
C:\Users\*****\AppData\Local\Temp\2d2sdfsd90oipoipo3470.exe
C:\Users\*****\AppData\Local\Temp\SkypeSetup.exe


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\explorer.exe => File is digitally signed
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-01-25 10:56

==================== End Of Log ============================

--- --- ---

--- --- ---

Gruß
Tyler

schrauber · 25.01.2015, 12:42

hi,

Scan mit Combofix

WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link

WICHTIG: Speichere Combofix auf deinem Desktop.

Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.

Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!

Wenn Combofix fertig ist, wird es ein Logfile erstellen.

Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).

Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.

Tyler69 · 25.01.2015, 19:27

Hallo Schrauber,

Combofix startet mit der Suche und hängt sich auf.

Gruß
Tyler

schrauber · 26.01.2015, 09:23

Bist Du im AdminAccount? AV Programm ist aus?

Combofix löschen und neu laden, nochmal versuchen bitte.

Tyler69 · 27.01.2015, 22:00

Hallo Schrauber,

User ist Admin, AV-Programme sind aus.
Neuste Version von Combofix ist drauf und hängt sich nach ca. 10 Minuten auf.
Hast du noch eine Idee?
Ansonsten würde ich das Gerät neu installieren.

Gruß
Tyler

schrauber · 28.01.2015, 10:49

Downloade Dir bitte

Malwarebytes Anti-Malware

Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
Starte Malwarebytes' Anti-Malware (MBAM).
Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.

Downloade Dir bitte

AdwCleaner auf deinen Desktop.

Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
Starte die AdwCleaner.exe mit einem Doppelklick.
Stimme den Nutzungsbedingungen zu.
Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
- "Tracing" Schlüssel löschen
- Winsock Einstellungen zurücksetzen
- Proxy Einstellungen zurücksetzen
- Internet Explorer Richtlinien zurücksetzen
- Chrome Richtlinien zurücksetzen
- Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
Drücke eine beliebige Taste, um das Tool zu starten.
Je nach System kann der Scan eine Weile dauern.
Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.

und ein frisches FRST log bitte.

Tyler69 · 29.01.2015, 20:58

Hallo Schrauber,

hier die Dateien.

mbam.txt:

Code:

ATTFilter

 Malwarebytes Anti-Malware 
www.malwarebytes.org

Scan Date: 29.01.2015
Scan Time: 18:33:07
Logfile: mbam.txt
Administrator: Yes

Version: 2.00.4.1028
Malware Database: v2015.01.29.08
Rootkit Database: v2015.01.14.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows Vista Service Pack 2
CPU: x86
File System: NTFS
User: *****

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 298891
Time Elapsed: 6 min, 5 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 1
PUM.Hidden.Desktop, HKU\S-1-5-21-84979143-2537804966-3357750443-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER|NoDesktop, 1, Good: (0), Bad: (1),Replaced,[f53734c9622751e5b1b1b3f129dc0af6]

Folders: 0
(No malicious items detected)

Files: 1
Trojan.Zbot, C:\Users\*****\AppData\Local\Temp\1d2sdfsd90oipoipo3470.exe, Quarantined, [2705c33a54353cfae010fcbcee1239c7], 

Physical Sectors: 0
(No malicious items detected)


(end)

AdwCleaner.txt:

Code:

ATTFilter

# AdwCleaner v4.109 - Report created 29/01/2015 at 20:23:42
# Updated 24/01/2015 by Xplode
# Database : 2015-01-24.3 [Local]
# Operating System : Windows Vista (TM) Ultimate Service Pack 2 (32 bits)
# Username : ***** - *****
# Running from : E:\AdwCleaner_4.109.exe
# Option : Clean

***** [ Services ] *****


***** [ Files / Folders ] *****

Folder Deleted : C:\Users\*****\AppData\Local\eSupport.com

***** [ Scheduled Tasks ] *****


***** [ Shortcuts ] *****


***** [ Registry ] *****

Key Deleted : HKCU\Software\YahooPartnerToolbar

Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyServer] - *****
Data Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings [ProxyEnable] - 1

***** [ Browsers ] *****

-\\ Internet Explorer v9.0.8112.16421


*************************

AdwCleaner[R0].txt - [1307 octets] - [29/01/2015 18:59:47]
AdwCleaner[S0].txt - [1238 octets] - [29/01/2015 20:23:42]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [1298 octets] ##########

jrt.txt:

Code:

ATTFilter

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 6.4.1 (12.28.2014:1)
OS: Windows Vista (TM) Ultimate x86
Ran by Robert on 29.01.2015 at 20:29:47,75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchScopes\{F141ACFA-416D-4EBD-9D07-ACD3DB9F99A8}



~~~ Files



~~~ Folders



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.01.2015 at 20:32:06,44
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Gruß
Tyler

23.01.2015, 12:19	#6
schrauber /// the machine /// TB-Ausbilder	Weisser Bildschirm und "please wait while the connection ist being established" Startet der Rechner wieder normal`? __________________ --> Weisser Bildschirm und "please wait while the connection ist being established"

26.01.2015, 09:23	#12
schrauber /// the machine /// TB-Ausbilder	Weisser Bildschirm und "please wait while the connection ist being established" Bist Du im AdminAccount? AV Programm ist aus? Combofix löschen und neu laden, nochmal versuchen bitte. __________________ gruß, schrauber *Proud Member of UNITE and ASAP since 2009* Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM!

Weisser Bildschirm und "please wait while the connection ist being established"

Log-Analyse und Auswertung: Weisser Bildschirm und "please wait while the connection ist being established"