Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   Programme starten extrem langsam! (https://www.trojaner-board.de/129574-programme-starten-extrem-langsam.html)

aramys 15.01.2013 11:36
Programme starten extrem langsam!
 
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo, seit längerer Zeit starten meine Programme und Browser extrem langsam. Beim Programmstart kommt fast immer die Meldung: keine Rückmeldung.

In der Anlage die gezippte OTL.txt, es wurde leider keine Extra.txt erstellt und die Gmer.txt.

Für Eure Hilfe wäre ich dankbar!

cosinus 17.01.2013 16:46
Hallo und :hallo:

Mal eine kurze Frage, das ist jetzt nichts speziell gegen dich, ich hätte auch jeden anderen fragen können der die Logs so postet - wo bitte steht, dass die Logs in den Anhang gelegt werden sollen bzw. wo genau hast du das herausgelesen?

Logfiles im Anhang erschweren die Auswertung massivst

Bitte um Erläuterung damit man die Textstelle in der Anleitung für alle Neulinge mal gezielt ändern/verbessern kann. Danke.

Lesestoff:
Posten in CODE-Tags
Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
  • Markiere das gesamte Logfile (geht meist mit STRG+A) und kopiere es in die Zwischenablage mit STRG+C.
  • Klicke im Editor auf das #-Symbol. Es erscheinen zwei Klammerausdrücke [CODE] [/CODE].
  • Setze den Curser zwischen die CODE-Tags und drücke STRG+V.
  • Klicke auf Erweitert/Vorschau, um so prüfen, ob du es richtig gemacht hast. Wenn alles stimmt ... auf Antworten.
http://www.trojaner-board.de/picture...&pictureid=307

aramys 17.01.2013 20:36
Liste der Anhänge anzeigen (Anzahl: 1)
Hallo vielen Dank für die Rückmeldung.

Ich habe beim post die files nicht in die Codeklammern gesetzt. Aber auch jetzt habe ich es wieder versucht und die Meldung bekommen,

Die folgenden Fehler traten bei der Verarbeitung auf:

Der Text, den Sie eingegeben haben, besteht aus 165894 Zeichen und ist damit zu lang. Bitte kürzen Sie den Text auf die maximale Länge von 120000 Zeichen.

Logs bitte als Archiv an den Beitrag anhängen!

Sorry, ich bin ein Newbie, dann habe ich in der Anleitung gelesen was ich machen soll und nach dem Punkt 4, habe aber den Satz übersehen:
Bitte nur machen wenn vom Helfer gefordert

Logfiles als Anhang posten

Bitte nur machen wenn vom Helfer gefordert

Zippe die EXTRAS.txt und Gmer.txt und poste diese als Anhang.

7-ZiP (Freeware) herunterladen.

1. Logfiles Zippen

Hier sende ich jetzt meine OTL.7z weil die OTL.txt mit 255,1 kb zu groß ist und gmer.txt files im Anhang ungezippt.

Sorry für die Mehrarbeit, kommt nicht wieder vor.
aramys

cosinus 18.01.2013 12:27
Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner?
Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520

Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!

aramys 19.01.2013 19:36
Hi, ich habe noch einen hijackthis log
Code:
Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 17:07:31, on 10.12.2012
Platform: Windows 7 SP1 (WinNT 6.00.3505)
MSIE: Internet Explorer v9.00 (9.00.8112.16455)
Boot mode: Normal

Running processes:
C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Windows\system32\Dwm.exe
C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\trend micro\RUBotted\RUBottedGUI.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Wallpaper Changer\EvJOWall.exe
C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Tools&More\Instant Sound Off\Instant Sound Off.exe
C:\Program Files\Browser-Anonymisierer\BrowserMaulkorb.exe
C:\Windows\System32\mobsync.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\Program Files\TuneUp Utilities 2012\TUAutoReactivator32.exe
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE
C:\Program Files\SpeedProject\SpeedCommander 14\SpeedCommander.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Windows\explorer.exe
C:\Program Files\Microsoft Office\Office12\POWERPNT.EXE
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe
C:\HiJackThis204\HiJackThis204.exe
C:\Windows\system32\notepad.exe
C:\Windows\system32\NOTEPAD.EXE

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = about:blank
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O1 - Hosts: 
O2 - BHO: WsSVRIEHelper - {133232D2-DAE3-4B6F-AAC2-17CD87495682} - C:\Program Files\Wondershare\AllMyTube\SVRIEPlugin.dll
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Babylon toolbar helper - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.8.4.9\bh\BabylonToolbar.dll
O2 - BHO: Increase performance and video formats for your HTML5 <video> - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: YouTube To ALLPlayer - {61DB16C5-B733-43F4-872E-B20DC9E72740} - C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: G Data BankGuard - {BA3295CF-17ED-4F49-9E95-D999A0ADBFDC} - C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
O2 - BHO: preispilotBHO - {C4415769-1588-4AD6-9624-B2E69DB78D1A} - C:\Program Files\preispilot\Internet Explorer\preispilot.dll
O2 - BHO: Free Download Manager - {CC59E0F9-7E43-44FA-9FAA-8377850BF205} - C:\Program Files\Free Download Manager\iefdm2.dll
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O2 - BHO: Soda PDF 2012 Helper - {ebe8b562-cba0-40d8-b920-af7cfe0c9d94} - C:\Program Files\Soda PDF 2012\PDFIEHelper.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
O3 - Toolbar: Perfect PDF 5 - {9DE41FB9-ACA7-4847-982B-D984042588FC} - C:\Program Files\Perfect PDF 5\PDF4ie.dll
O3 - Toolbar: Soda PDF 2012 Toolbar - {a8c9d542-fd91-4834-a2e8-adb9ae692b8b} - C:\Program Files\Soda PDF 2012\PDFIEPlugin.dll
O4 - HKLM\..\Run: [G Data AntiVirus Tray Application] C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
O4 - HKLM\..\Run: [GDFirewallTray] C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
O4 - HKLM\..\Run: [Trend Micro RUBotted V2.0 Beta] C:\Program Files\Trend Micro\RUBotted\RUBottedGUI.exe
O4 - HKLM\..\Run: [Startup Defender] C:\Windows\startupdefender.exe -silent
O4 - HKLM\..\Run: [Mamutu Guard] "C:\Program Files\Mamutu\mamutu.exe" /silent                                                                                                                                                                                                                           
O4 - HKCU\..\Run: [COMPUTERBILD-Cloud] "C:\Program Files\COMPUTERBILD-Cloud\CGCClient.exe" /autostart                                                                                                                                                                                                         
O4 - HKCU\..\Run: [CAF32836AB5FBE9CA6986F80B37BF73944DDFB6F._service_run] "C:\Users\UR\AppData\Local\Google\Chrome\Application\chrome.exe" --type=service
O4 - HKCU\..\Run: [TweakRAM] C:\Program Files\TweakRAM\TweakRAM.exe
O4 - HKCU\..\Run: [EvJOWall] C:\Program Files\Wallpaper Changer\EvJOWall.exe
O4 - HKCU\..\Run: [BrowserMask] "C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [Instant Sound Off] "C:\Program Files\Tools&More\Instant Sound Off\Instant Sound Off.exe" /AUTOSTART
O4 - Startup: Browser-Anonymisierer.lnk = C:\Program Files\Browser-Anonymisierer\BrowserMaulkorb.exe
O4 - Startup: Mediencenter Assistent.lnk = C:\Program Files\Telekom Mediencenter\Mediencenter\MediencenterSoftware.exe
O8 - Extra context menu item: &Alles mit BitComet herunterladen - res://C:\Program Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Alles mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlall.htm
O8 - Extra context menu item: An vorhandenes PDF anfügen - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Auswahl mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlselected.htm
O8 - Extra context menu item: Datei mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dllink.htm
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Free YouTube Download - C:\Users\UR\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\UR\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: In Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Mit BitComet herunter&laden - res://C:\Program Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: Mit FRITZ!Box Anrufen - C:\Program Files\FRITZ!Box\AddOn (IE)\fb_addon_dial_ie.htm
O8 - Extra context menu item: Sothink Flash Downloader For IE - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O8 - Extra context menu item: Verknüpfungsziel in Adobe PDF konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Verknüpfungsziel in vorhandene PDF-Datei konvertieren - res://C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Videos mit FDM herunterladen - file://C:\Program Files\Free Download Manager\dlfvideo.htm
O9 - Extra button: (no name) - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - (no file)
O9 - Extra button: IE-Spuren löschen - {6C7C0C9A-B51D-4ADB-A74D-C4E33744F866} - C:\Program Files\TraXEx\Integration\TraXEx Internet Explorer.lnk
O9 - Extra button: Löschautomat - {8DA7743F-9274-4BE8-899E-C0FF6ED61B00} - C:\Program Files\TraXEx\Integration\TraXEx Löschautomat.lnk
O9 - Extra button: (no name) - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - (no file)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - (no file)
O9 - Extra button: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O9 - Extra 'Tools' menuitem: Sothink Flash Downloader For IE - {E19ADC6E-3909-43E4-9A89-B7B676377EE3} - C:\Program Files\Common Files\SourceTec\SWF Catcher\InternetExplorer.htm
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - (no file)
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - AppInit_DLLs: acaptuser32.dll
O23 - Service: SAS Core Service (!SASCORE) - SUPERAntiSpyware.com - C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
O23 - Service: ArcSoft Exchange Service (ADExchange) - ArcSoft Inc. - C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
O23 - Service: AMD External Events Utility - AMD - C:\Windows\system32\atiesrxx.exe
O23 - Service: G Data AntiVirus Proxy (AVKProxy) - G Data Software AG - C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
O23 - Service: G Data Scheduler (AVKService) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
O23 - Service: G Data Filesystem Monitor (AVKWCtl) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
O23 - Service: BrowserProtect Anti-Hijack Service (BpSvc) - Web Eight LLC. - C:\Program Files\BrowserProtect\BpSvc.exe
O23 - Service: CyberGhost VPN Client (CGVPNCliSrvc) - mobile concepts GmbH - C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
O23 - Service: Firefox Service - Unknown owner - C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\startup.service@mozilla.com\svc.exe
O23 - Service: G Data Personal Firewall (GDFwSvc) - G Data Software AG - C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
O23 - Service: G Data Scanner (GDScan) - G Data Software AG - C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
O23 - Service: IMF Service (IMFservice) - IObit - C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
O23 - Service: MBAMScheduler - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes Corporation - C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
O23 - Service: NitroPDFReaderDriverCreatorReadSpool (NitroReaderDriverReadSpool) - Nitro PDF Software - C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe
O23 - Service: OpenVPN Service (OpenVPNService) - Unknown owner - C:\Program Files\OpenVPN\bin\openvpnserv.exe
O23 - Service: OKI Local Port Manager (OpLclSrv) - Oki Data Corporation - C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
O23 - Service: Trend Micro RUBotted Service (RUBotSrv) - Trend Micro Inc. - C:\Program Files\Trend Micro\RUBotted\RUBotSrv.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: Secunia PSI Agent - Secunia - C:\Program Files\Secunia\PSI\PSIA.exe
O23 - Service: Secunia Update Agent - Secunia - C:\Program Files\Secunia\PSI\sua.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe
O23 - Service: TuneUp Utilities Service (TuneUp.UtilitiesSvc) - TuneUp Software - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe

--
End of file - 12809 bytes
Weitere logs habe ich nicht. Virenscannner GData.

aramys

cosinus 20.01.2013 19:42
Zitat:
Weitere logs habe ich nicht. Virenscannner GData.

Wurde denn jemals etwas gefunden von irgendeinem Scanner?! :wtf:

Und wegen Hijackthis diese Info lesen:

Lesestoff:
Bitte keine Hijackthis-Logfiles posten!!!

Zitat:
Zitat von Larusso (Beitrag 614538)
Uns ist klar, dass HijackThis wahrscheinlich eines der bekanntesten Analysetools ist.
Jedoch scannt es nur noch sehr oberflächlich und gibt uns für eine genaue Analyse eures Systems zu wenig Informationen.

Darum, bitte keine HijackThis Logfiles posten, sondern folgendes lesen und abarbeiten.

http://www.trojaner-board.de/69886-a...-beachten.html

Nur mit diesen Informationen können wir euch helfen.

Danke :daumenhoc

aramys 03.02.2013 16:19
Sorry, war jetzt längere Zeit krank. Ich habe ein neueres Logfile von GData
HTML-Code:
Virenprüfung mit G Data InternetSecurity 2012
Version 23.0.5.9 (17.09.2012)
Virensignaturen vom 19.01.2013
Job: Lokale Festplatten
Startzeit: 19.01.2013 22:00:41
Engine(s): Engine A (AVA 22.7486), Engine B (AVL 22.1481)
Heuristik: Ein
Archive: Ein
Systembereiche: Ein
RootKits prüfen: Ein

Prüfung der Systembereiche...
Prüfung aller im Speicher befindlichen Prozesse und Verweise im Autostart...
Prüfung auf RootKits...
Prüfung aller lokalen Festplatten...
Analyse vollständig durchgeführt: 20.01.2013 11:50:09
    428110 Dateien überprüft
    11 infizierte Dateien gefunden
    0 verdächtige Dateien gefunden


–Archiv: A0194554.exe
    Pfad: E:\System Volume Information\_restore{CA01AD95-EE07-47C5-898A-E56A2A8DC07C}\RP264
    Status: Virus gefunden
    Virus: Win32:Spyware-gen [Spy] (Engine B)
Objekt: MahjongQuest3.exe
    In Archiv: E:\System Volume Information\_restore{CA01AD95-EE07-47C5-898A-E56A2A8DC07C}\RP264\A0194554.exe
    Status: Virus gefunden
    Virus: Win32:Spyware-gen [Spy] (Engine B)

–Archiv: f_00c253
    Pfad: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache
    Status: Virus gefunden
    Virus: Gen:Application.Heur.nq0@beOSiUkO, Gen:Application.Heur.eq0@bS2DBJjO, Gen:Application.Heur.cmKfbWuUv3fO, Gen:Application.Heur.emKfbCGfykjO, Gen:Application.Heur.cmKfb8DZCRjO, Gen:Application.Heur.fq0@b4YzcgfO, Gen:Application.Heur.cmKfbiBPZXoO, Application.Nirsoft.RDPassView.A, Gen:Application.Heur.eq0@bSODfwlO, Application.Nirsoft.VNCPassView.A, Gen:Application.Heur.fq1@bm6lgKkO (Engine A)
Objekt: NirSoft/chromepass.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.nq0@beOSiUkO (Engine A)
Objekt: NirSoft/dialupass.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.eq0@bS2DBJjO (Engine A)
Objekt: NirSoft/iepv.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfbWuUv3fO (Engine A)
Objekt: NirSoft/mspass.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.emKfbCGfykjO (Engine A)
Objekt: NirSoft/netpass.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfb8DZCRjO (Engine A)
Objekt: NirSoft/passwordfox.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.fq0@b4YzcgfO (Engine A)
Objekt: NirSoft/pstpassword.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfbiBPZXoO (Engine A)
Objekt: NirSoft/rdpv.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Application.Nirsoft.RDPassView.A (Engine A)
Objekt: NirSoft/sniffpass.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.eq0@bSODfwlO (Engine A)
Objekt: NirSoft/vncpassview.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Application.Nirsoft.VNCPassView.A (Engine A)
Objekt: NirSoft/wirelesskeyview.exe
    In Archiv: C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Cache\f_00c253
    Status: Virus gefunden
    Virus: Gen:Application.Heur.fq1@bm6lgKkO (Engine A)

–Archiv: A0194556.exe
    Pfad: E:\System Volume Information\_restore{CA01AD95-EE07-47C5-898A-E56A2A8DC07C}\RP264
    Status: Virus gefunden
    Virus: Win32:Spyware-gen [Spy] (Engine B)
Objekt: MahjongQuest3.exe
    In Archiv: E:\System Volume Information\_restore{CA01AD95-EE07-47C5-898A-E56A2A8DC07C}\RP264\A0194556.exe
    Status: Virus gefunden
    Virus: Win32:Spyware-gen [Spy] (Engine B)

–Archiv: lzjkfkx4.zip
    Pfad: C:\Users\UR\Documents\UseNeXT\wizard\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)
Objekt: Linezer0.part1.rar=>keymaker.exe
    In Archiv: C:\Users\UR\Documents\UseNeXT\wizard\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4.zip
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)

–Archiv: Linezer0.part1.rar
    Pfad: C:\Users\UR\Documents\UseNeXT\wizard\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)
Objekt: keymaker.exe
    In Archiv: C:\Users\UR\Documents\UseNeXT\wizard\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4\Linezer0.part1.rar
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)

–Archiv: nirsoft_package_1.16.05.zip
    Pfad: C:\Users\UR\Downloads
    Status: Virus gefunden
    Virus: Gen:Application.Heur.nq0@beOSiUkO, Gen:Application.Heur.eq0@bS2DBJjO, Gen:Application.Heur.cmKfbWuUv3fO, Gen:Application.Heur.emKfbCGfykjO, Gen:Application.Heur.cmKfb8DZCRjO, Gen:Application.Heur.fq0@b4YzcgfO, Gen:Application.Heur.cmKfbiBPZXoO, Application.Nirsoft.RDPassView.A, Gen:Application.Heur.eq0@bSODfwlO, Application.Nirsoft.VNCPassView.A, Gen:Application.Heur.dmKfb4@P@6oO (Engine A)
Objekt: NirSoft/chromepass.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.nq0@beOSiUkO (Engine A)
Objekt: NirSoft/dialupass.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.eq0@bS2DBJjO (Engine A)
Objekt: NirSoft/iepv.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfbWuUv3fO (Engine A)
Objekt: NirSoft/mspass.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.emKfbCGfykjO (Engine A)
Objekt: NirSoft/netpass.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfb8DZCRjO (Engine A)
Objekt: NirSoft/passwordfox.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.fq0@b4YzcgfO (Engine A)
Objekt: NirSoft/pstpassword.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.cmKfbiBPZXoO (Engine A)
Objekt: NirSoft/rdpv.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Application.Nirsoft.RDPassView.A (Engine A)
Objekt: NirSoft/sniffpass.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.eq0@bSODfwlO (Engine A)
Objekt: NirSoft/vncpassview.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Application.Nirsoft.VNCPassView.A (Engine A)
Objekt: NirSoft/wirelesskeyview.exe
    In Archiv: C:\Users\UR\Downloads\nirsoft_package_1.16.05.zip
    Status: Virus gefunden
    Virus: Gen:Application.Heur.dmKfb4@P@6oO (Engine A)

–Archiv: RemoveWAT-2.2.6.rar
    Pfad: C:\Users\UR\Downloads
    Status: Virus gefunden
    Virus: Application.Hacktool.RemoveWAT.A (Engine A)
Objekt: RemoveWAT 2.2.6\RemoveWAT 2.2.6.exe
    In Archiv: C:\Users\UR\Downloads\RemoveWAT-2.2.6.rar
    Status: Virus gefunden
    Virus: Application.Hacktool.RemoveWAT.A (Engine A)

Objekt: RemoveWAT 2.2.6.exe
    Pfad: C:\Users\UR\Downloads\RemoveWAT-2.2.6\RemoveWAT 2.2.6
    Status: Virus entfernt
    Virus: Application.Hacktool.RemoveWAT.A (Engine A)

–Archiv: Linezer0.part1.rar
    Pfad: C:\Users\UR\Downloads\Wondershare
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)
Objekt: keymaker.exe
    In Archiv: C:\Users\UR\Downloads\Wondershare\Linezer0.part1.rar
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)

–Archiv: Linezer0.part1.rar
    Pfad: C:\Users\UR\Downloads\Wondershare\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)
Objekt: keymaker.exe
    In Archiv: C:\Users\UR\Downloads\Wondershare\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4\Linezer0.part1.rar
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)

–Archiv: lzjkfkx4.zip
    Pfad: C:\Users\UR\Downloads\Wondershare\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)
Objekt: Linezer0.part1.rar=>keymaker.exe
    In Archiv: C:\Users\UR\Downloads\Wondershare\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh\lzjkfkx4.zip
    Status: Virus gefunden
    Virus: Trojan.Generic.7976716 (Engine A)

–Der Zugriff auf die folgenden Dateien wurde verweigert:
C:\Program Files\BrowserProtect\conf.db
C:\Program Files\BrowserProtect\svc.log
C:\Program Files\G Data\InternetSecurity\Firewall\LiveStrm.dat
C:\Program Files\G Data\InternetSecurity\Firewall\GdFwSvc.dat
C:\Program Files\G Data\InternetSecurity\Firewall\Modules.dat
C:\Windows\WindowsUpdate.log
C:\Windows\CSC\v2.0.6\pq
C:\Windows\debug\PASSWD.LOG
C:\Windows\ServiceProfiles\LocalService\ntuser.dat
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f741ea68-72c0-11e1-9899-806e6f6e6963}.TM.blf
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f741ea68-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
C:\Windows\ServiceProfiles\LocalService\ntuser.dat{f741ea68-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\ServiceProfiles\LocalService\AppData\Local\Microsoft\Windows\WindowsUpdate.log
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f741ea6d-72c0-11e1-9899-806e6f6e6963}.TM.blf
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f741ea6d-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
C:\Windows\ServiceProfiles\NetworkService\ntuser.dat{f741ea6d-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\SoftwareDistribution\ReportingEvents.log
C:\Windows\System32\config\default
C:\Windows\System32\config\sam
C:\Windows\System32\config\security
C:\Windows\System32\config\software
C:\Windows\System32\config\system
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Windows\System32\config\TxR\{f741ea5c-72c0-11e1-9899-806e6f6e6963}.TxR.0.regtrans-ms
C:\Windows\System32\config\TxR\{f741ea5c-72c0-11e1-9899-806e6f6e6963}.TxR.1.regtrans-ms
C:\Windows\System32\config\TxR\{f741ea5c-72c0-11e1-9899-806e6f6e6963}.TxR.2.regtrans-ms
C:\Windows\System32\config\TxR\{f741ea5c-72c0-11e1-9899-806e6f6e6963}.TxR.blf
C:\Windows\System32\config\TxR\{f741ea5d-72c0-11e1-9899-806e6f6e6963}.TM.blf
C:\Windows\System32\config\TxR\{f741ea5d-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
C:\Windows\System32\config\TxR\{f741ea5d-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Windows\System32\wbem\repository\INDEX.BTR
C:\Windows\System32\wbem\repository\MAPPING1.MAP
C:\Windows\System32\wbem\repository\MAPPING2.MAP
C:\Windows\System32\wbem\repository\MAPPING3.MAP
C:\Windows\System32\wbem\repository\OBJECTS.DATA
C:\Windows\System32\wdi\LogFiles\WdiContextLog.etl.001
C:\Windows\System32\wfp\wfpdiag.etl
C:\Windows\System32\winevt\Logs\ACEEventLog.evtx
C:\Windows\System32\winevt\Logs\Application.evtx
C:\Windows\System32\winevt\Logs\HardwareEvents.evtx
C:\Windows\System32\winevt\Logs\Internet Explorer.evtx
C:\Windows\System32\winevt\Logs\Key Management Service.evtx
C:\Windows\System32\winevt\Logs\Media Center.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Bits-Client%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-BranchCacheSMB%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-CodeIntegrity%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcp-Client%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Dhcpv6-Client%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-DPS%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Diagnosis-Scheduled%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-DriverFrameworks-UserMode%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-GroupPolicy%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-HomeGroup Provider Service%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-EventTracing%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-Power%4Thermal-Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Errors.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Kernel-WHEA%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Known Folders API Service.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NCSI%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkAccessProtection%4WHC.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-NetworkProfile%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-OfflineFiles%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-ReadyBoost%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Resource-Exhaustion-Detector%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Admin.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-TerminalServices-LocalSessionManager%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-User Profile Service%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4WHC.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Windows Firewall With Advanced Security%4Firewall.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsBackup%4ActionCenter.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WindowsUpdateClient%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-Winlogon%4Operational.evtx
C:\Windows\System32\winevt\Logs\Microsoft-Windows-WLAN-AutoConfig%4Operational.evtx
C:\Windows\System32\winevt\Logs\ODiag.evtx
C:\Windows\System32\winevt\Logs\OSession.evtx
C:\Windows\System32\winevt\Logs\Security.evtx
C:\Windows\System32\winevt\Logs\Spybot - Search and Destroy.evtx
C:\Windows\System32\winevt\Logs\System.evtx
C:\Windows\System32\winevt\Logs\TuneUp.evtx
C:\Windows\System32\winevt\Logs\Windows PowerShell.evtx
C:\Windows\Tasks\SCHEDLGU.TXT
C:\Windows\Temp\tmp00004fb6\tmp00000000
C:\TLDTH
C:\Boot\BCD
C:\Boot\BCD.LOG
C:\ProgramData\BlueStacks\Logs\Hypervisor.log
C:\ProgramData\FLEXnet\OMCD_002d6e00_tsf.data
C:\ProgramData\G Data\AVK\Log\AVKLog\0000009597.log
C:\ProgramData\Microsoft\Network\Downloader\qmgr0.dat
C:\ProgramData\Microsoft\Network\Downloader\qmgr1.dat
C:\ProgramData\TuneUp Software\TuneUp Utilities\TUProgMan.10.tudb
C:\ProgramData\TuneUp Software\TuneUp Utilities\TUUtilitiesSvc.12.tudb
C:\ProgramData\TuneUp Software\TuneUp Utilities\Program Statistics\ProgramStatistics.10.tudb
C:\Users\UR\ntuser.dat
C:\Users\UR\ntuser.dat{f741ea72-72c0-11e1-9899-806e6f6e6963}.TM.blf
C:\Users\UR\ntuser.dat{f741ea72-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms
C:\Users\UR\ntuser.dat{f741ea72-72c0-11e1-9899-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms
C:\Users\UR\AppData\Local\Microsoft\Internet Explorer\MSIMGSIZ.DAT
C:\Users\UR\AppData\Local\Microsoft\Windows\WindowsUpdate.log
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_1024.db
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_256.db
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_32.db
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_96.db
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_idx.db
C:\Users\UR\AppData\Local\Microsoft\Windows\Explorer\thumbcache_sr.db
C:\Users\UR\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
C:\Users\UR\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012013011920130120\index.dat
C:\Users\UR\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
C:\Users\UR\AppData\Local\Nokia\Nokia Data Store\DataBase\MDataStore.db3
C:\Users\UR\AppData\Local\Nokia\Nokia Data Store\Thumbnail\DataBase\MDataStore.db3
C:\Users\UR\AppData\Local\Nokia\Nokia Suite\Messages\Database\msg_db.sqlite
C:\Users\UR\AppData\Local\Nokia\Nokia Suite\Photos\Database\photo_markers_db.sqlite
C:\Users\UR\AppData\Local\SlimWare Utilities Inc\SlimDrivers\settings.db
C:\Users\UR\AppData\Local\SlimWare Utilities Inc\SlimDrivers\supdates.db
C:\Users\UR\AppData\Local\SlimWare Utilities Inc\SlimDrivers\Logs\2013-01-19 21-48-56 0.log
C:\Users\UR\AppData\Local\Temp\FXSAPIDebugLogFile.txt
C:\Users\UR\AppData\Local\Temp\ICACHE-04044202.tmp
C:\Users\UR\AppData\Local\Temp\ICACHE-19EE2C4D.tmp
C:\Users\UR\AppData\Local\Temp\ILIST-00000000.tmp
C:\Users\UR\AppData\Local\Temp\ILIST-6E36D60E.tmp
C:\Users\UR\AppData\Local\Temp\qtsingleapp-NokiaO-b889-1-lockfile
C:\Users\UR\AppData\Local\Temp\~DF7A72B2C6BA605D44.TMP
C:\Users\UR\AppData\Roaming\Dropbox\shellext\l\50fb06a6
C:\Users\UR\AppData\Roaming\Dropbox\shellext\l\50fb0731
C:\Users\UR\AppData\Roaming\Dropbox\shellext\l\50fb076c
C:\Users\UR\AppData\Roaming\Dropbox\shellext\l\50fb07a8
C:\Users\UR\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
C:\Users\UR\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
C:\Users\UR\AppData\Roaming\ProcessLasso\.pg-active
C:\Users\UR\AppData\Roaming\Skype\DbTemp\temp-54jdo9nktIh27oVNL05rIEdx
C:\Users\UR\AppData\Roaming\Skype\DbTemp\temp-H2nUxfNe1Da1EWgqQj4jqAUK
C:\Users\UR\AppData\Roaming\Skype\mecino\bistats.db
C:\Users\UR\AppData\Roaming\Skype\mecino\bistats.lock
C:\Users\UR\AppData\Roaming\Skype\mecino\dc.db
C:\Users\UR\AppData\Roaming\Skype\mecino\keyval.db
C:\Users\UR\AppData\Roaming\Skype\mecino\keyval.lock
C:\Users\UR\AppData\Roaming\Skype\mecino\main.db
C:\Users\UR\AppData\Roaming\Skype\mecino\main.lock
C:\Users\UR\AppData\Roaming\Skype\shared_dynco\dc.db
C:\Users\UR\AppData\Roaming\Skype\shared_dynco\dc.lock
C:\Users\UR\AppData\Roaming\Skype\shared_httpfe\queue.db
C:\Users\UR\AppData\Roaming\Skype\shared_httpfe\queue.lock

–Die folgenden Dateien sind Passwortgeschützt:
C:\Program Files\CCFinder\abtranslate.data
C:\Program Files\Games\Franzis\Windows 7 Games\autorun.cdd
C:\Program Files\JetAudio\jetUpdate.dat
E:\Backup C\Office\Outlook.pst
E:\Backup C\Office\Outlook\Outlook.pst
E:\Desktop\Outlook.pst
C:\Program Files\MyKeyFinder\Settings.dll
C:\Program Files\MyKeyFinder\Settings2.dll
E:\Desktop\Audio\Das Wasserauto - Das nur mit Wasser angetrieben wird - Bauanleitungen German 2008\Wasserauto.rar
C:\Program Files\pCon.planner 6\data\egr\bib2d\1\egr_bib2d_1.alb
C:\Program Files\pCon.planner 6\data\egr\found\1\egr_found_1.alb
C:\Program Files\pCon.planner 6\data\egr\mchair\1\egr_mchair_1.alb
C:\Program Files\pCon.planner 6\data\egr\mcontainer\1\egr_mcontainer_1.alb
C:\Program Files\pCon.planner 6\data\egr\mcupboard\1\egr_mcupboard_1.alb
C:\Program Files\pCon.planner 6\data\egr\mpchair\1\egr_mpchair_1.alb
C:\Program Files\pCon.planner 6\data\egr\mpcupboard\1\egr_mpcupboard_1.alb
C:\Program Files\pCon.planner 6\data\egr\mptable\1\egr_mptable_1.alb
C:\Program Files\pCon.planner 6\data\egr\mtable\1\egr_mtable_1.alb
C:\Program Files\pCon.planner 6\data\ofml\go\1\ofml_go_1.alb
C:\Program Files\pCon.planner 6\data\ofml\np2d\1\ofml_np2d_1.alb
C:\Program Files\pCon.planner 6\data\ofml\oi\1\ofml_oi_1.alb
C:\Program Files\pCon.planner 6\data\ofml\xoi\1\ofml_xoi_1.alb
C:\Program Files\pCon.planner 6\etc\gfx\common.gfx
C:\Program Files\pCon.planner 6\etc\gfx\images.gfx
C:\Program Files\pCon.planner 6\etc\gfx\shader.gfx
C:\Program Files\pCon.planner 6\etc\profiles\planner_std.profile
E:\Desktop\Download\2011\bigloa03\ExpTe\Ama\NuBah\rikpafiles.com_-_Nude_Beach_Big_017_1319_017.rar
C:\Program Files\Recovery Toolbox for Word\settings.bin
E:\Desktop\Download\2011\Bilder\fru_7steps.pdf
E:\Desktop\Download\2011\Desktoptools\omnimo_4_1_for_rainmeter_by_fediafedia-d2mhn7l.zip
E:\Desktop\Download\2011\Free_Tools\ElcorPowerKey.zip
C:\Program Files\Spiele\Kartenspiele\autorun.cdd
E:\Desktop\Download\2011\Free_Tools\install_flashplayer11x32_mssa_aih.exe
E:\Desktop\Download\2011\Free_Tools\mykeyfinder.exe
E:\Desktop\Download\2011\Free_Tools\RecoveryToolboxForWordInstall.exe
E:\Desktop\Download\2011\Free_Tools\ysd.exe
E:\Desktop\Download\2011\Free_Tools\ElcorPowerKey\Setup.exe
C:\Program Files\WashAndGo\Cleaner.dat
E:\Desktop\Download\2011\Free_Tools\TweakRAM71\Setup.exe
E:\Desktop\Download\2011\Free_Tools\TweakRAM71\TweakRAM71.zip
E:\Desktop\Download\2011\Systemtools\Chew-WGA_0.9\CW.eXe
C:\Program Files\Zoner Photo Studio 14\pack.dat
C:\Program Files\Zoner Photo Studio 14\Program32\zcl.dat
C:\Windows\CleverPrint\PrtSetupX.exe
E:\Desktop\Ecologic-Energy-Group\Biogasanlagen-Standorte\Ecologic Energy-doc.zip
E:\Desktop\Ecologic-Energy-Group\Biogasanlagen-Standorte\Ecologic Energy-xls.zip
E:\Desktop\Geschäft\ARI\Website aramys\FlashSite\sources_Z828zrN0Z1.zip
E:\Desktop\Geschäft\ARI\Website aramys\Flashsite_Orginal\Source\sources_Z828zrN0Z1.zip
E:\Desktop\Geschäft\GFE\Antragsbegleitschein.pdf
E:\Desktop\Geschäft\GFE\gfe_bhkw_2010_2501.pdf
E:\Desktop\Geschäft\GFE\Musterkunde.pdf
E:\Desktop\Geschäft\GFE\Vermittlerdatenblatt.pdf
E:\Desktop\Geschäft\GFE\Ablage\bhkw_2010_2801_1-4.pdf
E:\Desktop\Geschäft\GFE\Ablage\bhkw_2010_2801_blubox.pdf
E:\Desktop\Geschäft\GFE\Ablage\bhkw_2010_2801_EWIV.pdf
E:\Desktop\Geschäft\GFE\Ablage\bhkw_2010_2801_FAQ_Schluss.pdf
E:\Desktop\Geschäft\GFE\Ablage\bhkw_Marketingplan_2501.pdf
E:\Desktop\Medien\Grafik\Adobe CS3\FlashSite\sources_Z828zrN0Z1.zip
E:\Desktop\Medien\Grafik\Adobe CS3\Flashsite_Orginal\Source\sources_Z828zrN0Z1.zip
E:\Desktop\Medien\Grafik\FlashSite\sources_Z828zrN0Z1.zip
E:\Desktop\Medien\Grafik\Flashsite_Orginal\Source\sources_Z828zrN0Z1.zip
E:\Desktop\Movies\cd1774f8-63c5-4fac-b222-589d292b7870
C:\Program File\Wise Care 365\BootPack.wpk
C:\Program File\Wise Care 365\skins\default.wsk
C:\Program File\Wise Care 365\skins\f001_Cloud.wsk
C:\Program File\Wise Care 365\skins\f002_Biscuit.wsk
C:\Program File\Wise Care 365\skins\f003_Brush.wsk
C:\Program File\Wise Care 365\skins\v0010_kids.wsk
C:\Program File\Wise Care 365\skins\v0011_Sunset.wsk
C:\Program File\Wise Care 365\skins\v0013_StarWars.wsk
C:\Program File\Wise Care 365\skins\v001_bridge.wsk
C:\Program File\Wise Care 365\skins\v002_Drop.wsk
E:\Desktop\Office\Website aramys\FlashSite\sources_Z828zrN0Z1.zip
C:\Program File\Wise Care 365\skins\v003_Earth.wsk
C:\Program File\Wise Care 365\skins\v004_Kitty.wsk
C:\Program File\Wise Care 365\skins\v005_Lotus.wsk
C:\Program File\Wise Care 365\skins\v006_Gril.wsk
C:\Program File\Wise Care 365\skins\v007_Star.wsk
C:\Program File\Wise Care 365\skins\v008_Giraffe.wsk
C:\Program File\Wise Care 365\skins\v009_Robot.wsk
E:\Desktop\Office\Website aramys\Flashsite_Orginal\Source\sources_Z828zrN0Z1.zip
C:\ProgramData\ActMask EMF Virtual Printer SDK\PrtSetupX.exe
C:\ProgramData\Spybot - Search & Destroy\Quarantine\AdRevolver-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\AdRevolver-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\AdRevolver-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\AdRevolver-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adviva-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adviva-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adviva-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Adviva-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Alcohol 120%-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Babylon.Toolbar-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\BurstMedia-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cache-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CasaleMedia-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Clickbank-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Cookie-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\CoreMetrics-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\DoubleClick-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\FastClick-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\HitBox-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\HitBox-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\HitBox-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\HitBox-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\IncrediBar-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Internet Explorer-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Log-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MediaPlex-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Microsoft.Windows.Security.InternetExplorer-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Microsoft.WindowsSecurityCenter_disabled-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Microsoft.WindowsSecurityCenter_disabled-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Direct3D-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectDraw-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS DirectInput-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Media Player-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\MS Regedit-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\SexTracker-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Statcounter-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Tradedoubler-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Tradedoubler-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Tradedoubler-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Tradedoubler-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Verlauf-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\W3i.IQ5.fraud-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\W3i.IQ5.fraud-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WebTrends live-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows Media SDK-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0004.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows-0005.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Windows.OpenWith-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\WinRAR-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0000.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0001.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0002.zip
C:\ProgramData\Spybot - Search & Destroy\Quarantine\Zedo-0003.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\MicrosoftWindowsSecurityCenterdisabled1.zip
C:\ProgramData\Spybot - Search & Destroy\Recovery\SearchExplorer.zip
E:\Desktop\Privat\PDFS + ebooks\Magazin - PCgo - Gesammelte Tipps Und Tricks.rar
E:\Desktop\Privat\PDFS + ebooks\Windows XP perfektioniert - Tips & Tricks.zip
C:\Users\UR\AppData\Local\Abelssoft\.data
E:\Documents\FalkData\{1BA4421E-4A47-4AE0-93B4-D0FC36CA8F69}.zip
E:\Documents\FalkData\{3464FCFA-1A4D-40B9-909F-DE40676C387C}.zip
E:\Documents\FalkData\{3C5FB882-57F4-4320-BDB8-E382227D75D0}.zip
E:\Documents\FalkData\{4D11BFBE-ADB8-4053-B2F4-A53ABC758141}.zip
E:\Documents\FalkData\{8061B2E2-CBC4-4D35-BFD2-780310E3C5AA}.zip
E:\Documents\FalkData\{8A473988-9E61-49E6-BE2B-A3A35B9C30A6}.zip
E:\Documents\FalkData\{AC4B9926-2B54-447D-AB20-7A7EB66FB673}.zip
E:\Documents\FalkData\{EA5C64B9-913A-43BE-95E7-C56B57D14079}.zip
E:\Documents\FalkData\{EB564212-460A-4BA4-A702-AAC17CD00C8E}.zip
E:\Documents\Rainmeter\Skins\WP7\Common\Config\SourceCode.zip
E:\Documents\UseNeXT\alt.binaries.e-book\Das Wasserauto - Das nur mit Wasser angetrieben wird - Bauanleitungen German 2008\Wasserauto.rar
C:\Users\UR\AppData\Local\Microsoft\Outlook\archive.pst
C:\Users\UR\AppData\Local\Recovery Toolbox for Word\settings.bin
C:\Users\UR\Desktop\Ecologic-Energy-Group\Biogasanlagen-Standorte\Ecologic Energy-doc.zip
C:\Users\UR\Desktop\Ecologic-Energy-Group\Biogasanlagen-Standorte\Ecologic Energy-xls.zip
C:\Users\UR\Documents\FalkData\{1BA4421E-4A47-4AE0-93B4-D0FC36CA8F69}.zip
C:\Users\UR\Documents\FalkData\{3464FCFA-1A4D-40B9-909F-DE40676C387C}.zip
C:\Users\UR\Documents\FalkData\{3C5FB882-57F4-4320-BDB8-E382227D75D0}.zip
C:\Users\UR\Documents\FalkData\{4D11BFBE-ADB8-4053-B2F4-A53ABC758141}.zip
C:\Users\UR\Documents\FalkData\{8061B2E2-CBC4-4D35-BFD2-780310E3C5AA}.zip
C:\Users\UR\Documents\FalkData\{8A473988-9E61-49E6-BE2B-A3A35B9C30A6}.zip
C:\Users\UR\Documents\FalkData\{AC4B9926-2B54-447D-AB20-7A7EB66FB673}.zip
C:\Users\UR\Documents\FalkData\{EB564212-460A-4BA4-A702-AAC17CD00C8E}.zip
C:\Users\UR\Documents\FalkData\{EA5C64B9-913A-43BE-95E7-C56B57D14079}.zip
C:\Users\UR\Documents\Rainmeter\Skins\@Backup\WP7\Common\Config\SourceCode.zip
C:\Users\UR\Downloads\ccfinder.exe
C:\Users\UR\Downloads\mykeyfinder.exe
C:\Users\UR\Downloads\Myriad_Pro_Adobe_OTF.rar
C:\Users\UR\Downloads\ysd.exe
C:\Users\UR\Downloads\Myriad_Pro_Adobe_OTF\Myriad Pro (Adobe) OTF.rar
und ein ganz neues
von freefixer
HTML-Code:
FreeFixer v1.02 log
hxxp://www.freefixer.com/
Operating system: Windows 7 Service Pack 1
Log dated 2013-02-03 16:05


AppInit_DLLs (1 whitelisted)
C:\Windows\system32\acaptuser32.dll

Browser Helper Objects (2 whitelisted)
{133232D2-DAE3-4B6F-AAC2-17CD87495682}, Wondershare YouTube Downloader, C:\Program Files\Wondershare\AllMyTube\SVRIEPlugin.dll
{326E768D-4182-46FD-9C16-1449A49795F4}, DivX Plus Web Player HTML5 <video>, C:\Program Files\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll
{39F7E362-828A-4B5A-BCAF-5B79BFDFEA60}, BitComet Helper, C:\Program Files\BitComet\tools\BitCometBHO_1.5.4.11.dll
{61DB16C5-B733-43F4-872E-B20DC9E72740}, YouTube To ALLPlayer, C:\PROGRA~1\ALLPLA~1\YOUTUB~1.DLL
{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}, Java(tm) Plug-In SSV Helper, C:\Program Files\Java\jre7\bin\ssv.dll
{BA3295CF-17ED-4F49-9E95-D999A0ADBFDC}, G Data BankGuard, C:\Program Files\Common Files\G Data\AVKProxy\BanksafeBHO.dll
{CC59E0F9-7E43-44FA-9FAA-8377850BF205}, Free Download Manager, C:\Program Files\Free Download Manager\iefdm2.dll
{DBC80044-A445-435b-BC74-9C25C1C588A9}, Java(tm) Plug-In 2 SSV Helper, C:\Program Files\Java\jre7\bin\jp2ssv.dll
{ebe8b562-cba0-40d8-b920-af7cfe0c9d94}, Soda PDF 2012 Helper, C:\Program Files\Soda PDF 2012\PDFIEHelper.dll

Internet Explorer toolbars (1 whitelisted)
HKLM\..\Toolbar\{9DE41FB9-ACA7-4847-982B-D984042588FC} - Perfect PDF 5 - C:\Program Files\Perfect PDF 5\PDF4ie.dll
HKLM\..\Toolbar\{a8c9d542-fd91-4834-a2e8-adb9ae692b8b} - Soda PDF 2012 Toolbar - C:\Program Files\Soda PDF 2012\PDFIEPlugin.dll

Basic Internet Explorer settings
HKLM\..\Main, Start Page = hxxp://www.google.com

Registry Startups (7 whitelisted)
HKLM\..\Run, G Data AntiVirus Tray Application = C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
HKLM\..\Run, GDFirewallTray = C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
HKLM\..\Run, BTMTrayAgent = rundll32.exe "C:\Program Files\Motorola\Bluetooth\btmshell.dll",TrayApp
HKLM\..\Run, AntiLogger = "C:\Program Files\AntiLogger\AntiLogger.exe" /minimized
HKCU\..\Run, COMPUTERBILD-Cloud = "C:\Program Files\COMPUTERBILD-Cloud\CGCClient.exe" /autostart                                                                                                                                                                                                         
HKCU\..\Run, TweakRAM = C:\Program Files\TweakRAM\TweakRAM.exe
HKCU\..\Run, EvJOWall = C:\Program Files\Wallpaper Changer\EvJOWall.exe
HKCU\..\Run, BrowserMask = "C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe" -delayed
HKCU\..\Run, Free Download Manager = "C:\Program Files\Free Download Manager\fdm.exe" -autorun

Autostart shortcuts
O&O Defrag Tray.lnk, , C:\Windows\Installer\{EE5845DF-8F69-4AAD-817A-BAD41A1A52B0}\DefragIcon.exe
Mediencenter Assistent.lnk, Mediencenter Assistent starten, C:\Program Files\Telekom Mediencenter\Mediencenter\MediencenterSoftware.exe

HOSTS file


Processes (70 whitelisted)
C:\Program Files\Common Files\G Data\GDScan\GDScan.exe
C:\Program Files\G Data\InternetSecurity\AVK\AVKWCtl.exe
C:\Program Files\BrowserProtect\BpSvc.exe
C:\Program Files\Common Files\G Data\AVKProxy\AVKProxy.exe
C:\Program Files\G Data\InternetSecurity\AVK\AVKService.exe
C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\startup.service@mozilla.com\svc.exe
C:\Program Files\Okidata\Common\Extend3\portmgrsrv.exe
C:\Program Files\Soda PDF 2012\ConversionService.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFwSvc.exe
C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
C:\Program Files\G Data\InternetSecurity\AVKTray\AVKTray.exe
C:\Program Files\G Data\InternetSecurity\Firewall\GDFirewallTray.exe
C:\Program Files\AntiLogger\AntiLogger.exe
C:\Program Files\Wallpaper Changer\EvJOWall.exe
C:\Program Files\AntiBrowserSpy\AntiBrowserSpyBrowserMaske.exe
C:\Program Files\Free Download Manager\fdm.exe
C:\Program Files\CyberGhost VPN\CyberGhost.exe
C:\Program Files\CyberGhost VPN\CGVPNCliService.exe
C:\Program Files\CyberGhost VPN\OpenVPN\openvpn.exe
C:\Program Files\G Data\InternetSecurity\AVK\AVK.exe
C:\Program Files\FreeFixer\freefixer.exe

Services (52 whitelisted)
ADExchange, ArcSoft Exchange Service, c:\program (file is missing)
AVKProxy, G Data AntiVirus Proxy, c:\program files\common files\g data\avkproxy\avkproxy.exe
AVKService, G Data Scheduler, c:\program files\g data\internetsecurity\avk\avkservice.exe
AVKWCtl, G Data Filesystem Monitor, c:\program files\g data\internetsecurity\avk\avkwctl.exe
Bluetooth OBEX Service, Bluetooth OBEX Service, c:\program files\motorola\bluetooth\obexsrv.exe (file is missing)
BpSvc, BrowserProtect Anti-Hijack Service, c:\program files\browserprotect\bpsvc.exe
Firefox Service, Firefox Service, c:\users\ur\appdata\roaming\mozilla\firefox\profiles\2el6povu.default\extensions\startup.service@mozilla.com\svc.exe
OpLclSrv, OKI Local Port Manager, c:\program files\okidata\common\extend3\portmgrsrv.exe
Soda PDF 2012 Service, Soda PDF 2012 Service, c:\program files\soda pdf 2012\conversionservice.exe
TuneUp.UtilitiesSvc, TuneUp Utilities Service, c:\program files\tuneup utilities 2012\tuneuputilitiesservice32.exe

Svchost.exe Modules (269 whitelisted)
C:\Windows\system32\VBoxNetFltNotify.dll

Explorer.exe Modules (201 whitelisted)
C:\Program Files\COMPUTERBILD-Cloud\ShellExt32.dll
C:\Users\UR\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll
C:\Users\UR\AppData\Roaming\Dropbox\bin\MSVCP71.dll
C:\Users\UR\AppData\Roaming\Dropbox\bin\MSVCR71.dll
C:\Program Files\Google\Drive\googledrivesync32.dll
C:\Program Files\G Data\InternetSecurity\Shredder\Reisswlf.dll
C:\Program Files\TeraCopy\TeraCopyExt.dll
C:\Program Files\ESTsoft\ALZip\AZCTM.dll
C:\Program Files\ESTsoft\ALZip\ctm_en-US.dll
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiacmxx.dll
C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\atiamdeu.dll
C:\Program Files\Unlocker\UnlockerCOM.dll
C:\Program Files\JetAudio\JetFlExt.dll
C:\Windows\system32\DTAG.Mediencenter.ShellExtension.dll
C:\Program Files\IObit\IObit Malware Fighter\IMFShellExt.dll
C:\Users\UR\AppData\Local\Google\Chrome\User Data\Default\Extensions\odoegbfnimkkocjoeoelkonmlfpbhlnc\2.2.0_0\flashhook.dll

Rundll Modules (50 whitelisted)
C:\Program Files\Motorola\Bluetooth\btmshell.dll
C:\Program Files\Motorola\Bluetooth\Resources\deu.dll

Shell services
WebCheck, {E6FB5E20-DE35-11CF-9C87-00AA005127ED}, (no file specified)

Drivers (75 whitelisted)
aflfile, AFLFile, C:\Windows\system32\drivers\aflfile.sys
AntiLog32, AntiLog32, c:\program files\antilogger\antilog32.sys
BstHdDrv, BlueStacks Hypervisor, c:\program files\bluestacks\hd-hypervisor-x86.sys
DCR, DCR, C:\Windows\system32\drivers\dcr.sys
dcrypt, , C:\Windows\system32\drivers\dcrypt.sys
DCVP, DCVP, C:\Windows\system32\drivers\dcvp.sys
Dokan, Dokan, c:\windows\system32\drivers\dokan.sys
dtsoftbus01, DAEMON Tools Virtual Bus Driver, C:\Windows\system32\drivers\dtsoftbus01.sys
GDBehave, GDBehave, C:\Windows\system32\drivers\gdbehave.sys
GDMnIcpt, GDMnIcpt, c:\windows\system32\drivers\miniicpt.sys
gdwfpcd, G DATA WFP CD, C:\Windows\system32\drivers\gdwfpcd32.sys
GRD, G Data Rootkit Detector Driver, c:\windows\system32\drivers\grd.sys
HookCentre, HookCentre, c:\windows\system32\drivers\hookcentre.sys
ISODrive, ISO DVD/CD-ROM Device Driver, c:\program files\ultraiso\drivers\isodrive.sys
JRAID, , C:\Windows\system32\drivers\jraid.sys
NPF, NetGroup Packet Filter Driver, C:\Windows\system32\drivers\npf.sys
SASDIFSV, SASDIFSV, c:\program files\superantispyware\sasdifsv.sys
SASKUTIL, SASKUTIL, c:\program files\superantispyware\saskutil.sys
ShredderVolumeDriver, Helper driver for shredding volume, C:\Windows\system32\drivers\shredderdriver32.sys
truecrypt, truecrypt, C:\Windows\system32\drivers\truecrypt.sys
UnlockerDriver5, , c:\program files\unlocker\unlockerdriver5.sys
VBoxDrv, VirtualBox Service, C:\Windows\system32\drivers\vboxdrv.sys
VBoxUSBMon, VirtualBox USB Monitor Driver, C:\Windows\system32\drivers\vboxusbmon.sys
VEDDevice, FileStream Secure Disk, C:\Windows\system32\drivers\ved.sys

Firefox Extensions
Fast Dial, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\fastdial@telega.phpnet.us\install.rdf
VWC Cocoon, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\firefox-support@vworldc.com\install.rdf
Ghostery, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\firefox@ghostery.com\install.rdf
Iplex to ALLPlayer, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\IplextoALL@ALLPlayer.org\install.rdf
Awesome screenshot: Capture and Annotate, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\jid0-GXjLLfbCoAx0LcltEdFrEkQdQPI@jetpack\install.rdf
NetVideoHunter, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\netvideohunter@netvideohunter.com\install.rdf
startup.service, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\startup.service@mozilla.com\install.rdf
WEB.DE Toolbar, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\toolbar@web.de\install.rdf
YouTube to ALLPlayer, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\YouTubetoALL@ALLPlayer.org\install.rdf
TV-Fox, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}\install.rdf
WOT, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\install.rdf
Free YouTube Download (Free Studio) Menu, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}\install.rdf
BitComet Video Downloader, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{B042753D-F57E-4e8e-A01B-7379A6D4CEFB}\install.rdf
DownloadHelper, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\install.rdf
BabelFish, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{ca0849e8-2c76-42ae-9abe-34e14d337acf}\install.rdf
Memory Fox, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\install.rdf
FoxLingo, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\2el6povu.default\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\install.rdf
BYTubeD - Bulk YouTube video Downloader, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\bytubed@cs213.cse.iitk.ac.in\install.rdf
Click&amp;Clean, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\clickclean@hotcleaner.com\install.rdf
Fast Dial, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\fastdial@telega.phpnet.us\install.rdf
FRITZ!Box AddOn, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\fb_add_on@avm.de\install.rdf
Free Download Manager plugin, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\fdm_ffext@freedownloadmanager.org\install.rdf
FireJump, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\firejump@firejump.net\install.rdf
ProxTube - Unblock YouTube, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\ich@maltegoetz.de\install.rdf
TimeLineRemove.Com, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\jid0-YxzrUsJ0WOiOaU89TngAzLcIs18@jetpack\install.rdf
Firefox Synchronisation Extension, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\synchronize@nokia.suite\install.rdf
TV-Fox, C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\{2f17f610-5e97-4fed-828f-9940b7b577a4}\install.rdf
G Data BankGuard, C:\Program Files\Mozilla Firefox\extensions\{906305f7-aafc-45e9-8bbd-941950a84dad}\install.rdf

Recently created/modified files (28 whitelisted)
2 hours, c:\Program Files\Common Files\G Data\AVKScanP\Avast5\defs\13020300\algo.dll
2 hours, c:\Program Files\Common Files\G Data\AVKScanP\Avast5\defs\13020300\swhealthex.dll

History
-C:\Program Files\IObit\IObit Malware Fighter\IMFsrv.exe
-C:\Program Files\Common Files\ArcSoft\esinter\Bin\eservutil.exe
-C:\Program Files\Motorola\Bluetooth\devmgrsrv.exe
-C:\Program Files\Motorola\Bluetooth\obexsrv.exe
-C:\Program Files\Motorola\Bluetooth\audiosrv.exe
-C:\Program Files\Motorola\Bluetooth\btplayerctrl.exe
-HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{C4415769-1588-4AD6-9624-B2E69DB78D1A}
-HKLM\SOFTWARE\Classes\CLSID\{C4415769-1588-4AD6-9624-B2E69DB78D1A}
-C:\Program Files\preispilot\Internet Explorer\preispilot.dll
-HKLM\SYSTEM\CurrentControlSet\Services\IMFservice
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\2020Player_IKEA@2020Technologies.com\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\firefox-support@vworldc.com\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\firefox@ghostery.com\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\https-everywhere@eff.org\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\mail@shopping-preise.de\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\{E173B749-DB5B-4fd2-BA0E-94ECEA0CA55B}\install.rdf
-C:\Users\UR\AppData\Roaming\Mozilla\Firefox\Profiles\gnlumuph.tarnfox\extensions\{ef62e1ce-d2a4-4cdd-b7ec-92b120366b66}\install.rdf

The following errors occurred during the scan:
Problems opening folder 'c:\System Volume Information\WindowsImageBackup' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'c:\Windows\CSC\v2.0.6' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'c:\Windows\System32\LogFiles\WMI\RtBackup' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'e:\Backup C\System\c0f1c59bcf6c2414a1\amd64' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'e:\Backup C\System\c0f1c59bcf6c2414a1\i386' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'e:\Backup C\System\f6098aa080f4ad019c5e7890cc380a\amd64' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
Problems opening folder 'e:\Backup C\System\f6098aa080f4ad019c5e7890cc380a\i386' to enumerate files. FindFirstFile failed. System error message: Zugriff verweigert. Error code: 5.
An unexpected exception occurred in the Csrss.exe Memory Scan Plugin:
QueryFullProcessImageName failed while trying to get a process full path. Process handle: 000006DC. System error message: Ein an das System angeschlossenes Gerät funktioniert nicht. Error code: 31.

End of FreeFixer log
die Hostdatei sieht mir sehr komisch aus: HOSTS file .

cosinus 03.02.2013 22:35
Zitat:
–Archiv: lzjkfkx4.zip
Pfad: C:\Users\UR\Documents\UseNeXT\wizard\Wondershare.PDF.Password.Remover.v1.3.0. (Wondersh
Status: Virus gefunden
Virus: Trojan.Generic.7976716 (Engine A)
Objekt: Linezer0.part1.rar=>keymaker.exe
Deine Probleme wundern mich nicht wenn man sieht, dass du keygenuser bist :pfui:

Siehe auch => http://www.trojaner-board.de/95393-c...-software.html

Falls wir Hinweise auf illegal erworbene Software finden, werden wir den Support ohne jegliche Diskussion beenden.

Cracks/Keygens sind zu 99,9% gefährliche Schädlinge, mit denen man nicht spaßen sollte. Ausserdem sind diese illegal und wir unterstützen die Verwendung von geklauter Software nicht. Somit beschränkt sich der Support auf Anleitung zur kompletten Neuinstallation!!

Dass illegale Cracks und Keygens im Wesentlichen dazu dienen, Malware zu verbreiten ist kein Geheimnis und muss jedem klar sein!


In Zukunft Finger weg von: Softonic, Registry-Bereinigern und illegalem Zeugs Cracks/Keygens/Serials


Alle Zeitangaben in WEZ +1. Es ist jetzt 15:44 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131