Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)
-   -   GVU Trojaner (https://www.trojaner-board.de/133465-gvu-trojaner.html)

SKanisch 09.04.2013 19:17
GVU Trojaner
 
Hallo,

auch ich habe mir heute den o.g. Trojaner eingefangen, habe auch schon OTL installiert wie in anderen Beiträgen den Fix Scan durchgeführt.
Was muss ich nun tun? Kenn mich nicht gut aus... Könnt ihr mir BITTE schnell helfen?!


DANKE schon mal!

t'john 09.04.2013 23:59
:hallo:

wo sind die Logfiles?

SKanisch 10.04.2013 08:41
Hi t'john, guten Morgen.
Ich habe es hiermit wieder hin bekommen:

hxxp://www.chip.de/news/GVU-Trojaner-entfernen-So-entsperren-Sie-Windows_54761623.html

Vielen dank für deine Antwort.

t'john 10.04.2013 12:24
Gut, damit ist noch nichts erreicht.

Downloade Dir bitte Malwarebytes Anti-Malware
  • Installiere das Programm in den vorgegebenen Pfad. (Bebilderte Anleitung zu MBAM)
  • Starte Malwarebytes' Anti-Malware (MBAM).
  • Klicke im Anschluss auf Scannen, wähle den Bedrohungssuchlauf aus und klicke auf Suchlauf starten.
  • Lass am Ende des Suchlaufs alle Funde (falls vorhanden) in die Quarantäne verschieben. Klicke dazu auf Auswahl entfernen.
  • Lass deinen Rechner ggf. neu starten, um die Bereinigung abzuschließen.
  • Starte MBAM, klicke auf Verlauf und dann auf Anwendungsprotokolle.
  • Wähle das neueste Scan-Protokoll aus und klicke auf Export. Wähle Textdatei (.txt) aus und speichere die Datei als mbam.txt auf dem Desktop ab. Das Logfile von MBAM findest du hier.
  • Füge den Inhalt der mbam.txt mit deiner nächsten Antwort hinzu.



dann:

Systemscan mit OTL (bebilderte Anleitung)

Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop ( falls noch nicht vorhanden)- Doppelklick auf die OTL.exe

  • Vista und Win7 User: Rechtsklick auf die OTL.exe und "als Administrator ausführen" wählen
  • Wähle Scanne Alle Benuzer
  • Oben findest Du ein Kästchen mit Ausgabe. Wähle bitte Minimale Ausgabe
  • Unter Extra Registrierung, wähle bitte Benutze SafeList
  • Klicke nun auf Scan links oben
  • Wenn der Scan beendet wurde werden 2 Logfiles erstellt
  • Poste die Logfiles hier in den Thread.

SKanisch 10.04.2013 13:33
Hi, ich kann Malwarebytes Anti-Malware 1.75 zwar herunter laden, aber nicht starten, da ich keine Admin-Rechte habe - ist ein Firmenlaptop. Was kann ich tun?

Gruß

... OTL funktioniert!

OTL Logfile:
Code:
OTL logfile created on: 10.04.2013 14:35:25 - Run 1
OTL by OldTimer - Version 3.2.69.0    Folder = C:\Users\skanisch\Downloads
64bit- Professional  (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,94 Gb Total Physical Memory | 1,45 Gb Available Physical Memory | 36,78% Memory free
7,87 Gb Paging File | 5,39 Gb Available in Paging File | 68,45% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 433,05 Gb Total Space | 393,76 Gb Free Space | 90,93% Space Free | Partition Type: NTFS
Drive D: | 24,80 Gb Total Space | 11,32 Gb Free Space | 45,64% Space Free | Partition Type: NTFS
Drive E: | 7,79 Gb Total Space | 4,94 Gb Free Space | 63,35% Space Free | Partition Type: FAT32
Drive F: | 311,46 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive G: | 931,28 Gb Total Space | 893,87 Gb Free Space | 95,98% Space Free | Partition Type: FAT32
 
Computer Name: MATIS-PORT-1236 | User Name: skanisch | NOT logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\skanisch\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Users\skanisch\AppData\Local\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
PRC - C:\Program Files (x86)\OCS Inventory Agent\OcsSystray.exe (OCS Inventory NG)
PRC - C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH)
PRC - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
PRC - C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
PRC - C:\Program Files\WIDCOMM\Bluetooth Software\BluetoothHeadsetProxy.exe (Broadcom Corporation.)
PRC - C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Users\skanisch\AppData\Local\Mozilla Firefox\mozjs.dll ()
MOD - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\Win32RenderingEngine.dll ()
MOD - C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\2df79ab909c782d3796e4107d040327d\System.Web.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\0a894f77b9aa64acbd3ce791916357d8\System.Runtime.Remoting.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\ff30db6905f8ec024fc808ed8779c0f3\System.Windows.Forms.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\a09ee392fa90849f2e9313a1ebbe0279\System.Drawing.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\585ac5899ab444221c8b41df13b194bc\WindowsBase.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d49f4cb0755ccc34cd35ff96dc2ef9e3\System.Xml.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\15742b3597258ce67cbe219005c197e5\System.Configuration.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\1f14b3e1ee0847f8662f513e67f92547\System.ni.dll ()
MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\1b31ced9bb880d94fff1c6d47c16a81e\mscorlib.ni.dll ()
MOD - C:\Program Files (x86)\OCS Inventory Agent\zlib1.dll ()
MOD - C:\Program Files (x86)\NCP\SecureClient\rsussl.dll ()
MOD - C:\Program Files (x86)\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF ()
MOD - C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (mfevtp) -- C:\Windows\SysNative\mfevtps.exe (McAfee, Inc.)
SRV:64bit: - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe ()
SRV:64bit: - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe ()
SRV:64bit: - (wltrysvc) -- C:\Program Files\Broadcom\Broadcom 802.11\WLTRYSVC.EXE (Broadcom Corporation)
SRV:64bit: - (hpsrv) -- C:\Windows\SysNative\hpservice.exe (Hewlett-Packard Company)
SRV:64bit: - (STacSV) -- C:\Program Files\IDT\WDM\stacsv64.exe (IDT, Inc.)
SRV:64bit: - (vcsFPService) -- C:\Windows\SysNative\vcsFPService.exe (Validity Sensors, Inc.)
SRV:64bit: - (btwdins) -- C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV:64bit: - (AgereModemAudio) -- C:\Program Files\LSI SoftModem\agr64svc.exe (LSI Corporation)
SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation)
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV:64bit: - (nsi) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (NlaSvc) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (lmhosts) -- C:\Windows\SysNative\svchost.exe (Microsoft Corporation)
SRV:64bit: - (AESTFilters) -- C:\Program Files\IDT\WDM\AESTSr64.exe (Andrea Electronics Corporation)
SRV - (RumorServer) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (myAgtSvc) -- C:\Program Files (x86)\McAfee\Managed VirusScan\Agent\myAgtSvc.exe (McAfee, Inc.)
SRV - (ncprwsnt) -- C:\Program Files (x86)\NCP\SecureClient\ncprwsnt.exe (NCP Engineering GmbH)
SRV - (OCS Inventory Service) -- C:\Program Files (x86)\OCS Inventory Agent\OcsService.exe (OCS Inventory NG)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (rwsrsu) -- C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH)
SRV - (ncpclcfg) -- C:\Program Files (x86)\NCP\SecureClient\ncpclcfg.exe (NCP engineering GmbH)
SRV - (NcpSec) -- C:\Program Files (x86)\NCP\SecureClient\NCPSEC.EXE ()
SRV - (hpHotkeyMonitor) -- C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\hpHotkeyMonitor.exe (Hewlett-Packard Company)
SRV - (IAStorDataMgrSvc) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation)
SRV - (vcsFPService) -- C:\Windows\SysWOW64\vcsFPService.exe (Validity Sensors, Inc.)
SRV - (HPDrvMntSvc.exe) -- C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe (Hewlett-Packard Company)
SRV - (UNS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation)
SRV - (LMS) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (mfewfpk) -- C:\Windows\SysNative\drivers\mfewfpk.sys (McAfee, Inc.)
DRV:64bit: - (mferkdet) -- C:\Windows\SysNative\drivers\mferkdet.sys (McAfee, Inc.)
DRV:64bit: - (mfehidk) -- C:\Windows\SysNative\drivers\mfehidk.sys (McAfee, Inc.)
DRV:64bit: - (mfefirek) -- C:\Windows\SysNative\drivers\mfefirek.sys (McAfee, Inc.)
DRV:64bit: - (mfeavfk) -- C:\Windows\SysNative\drivers\mfeavfk.sys (McAfee, Inc.)
DRV:64bit: - (mfeapfk) -- C:\Windows\SysNative\drivers\mfeapfk.sys (McAfee, Inc.)
DRV:64bit: - (ncplelhp) -- C:\Windows\SysNative\drivers\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (ncpfilt) -- C:\Windows\SysNative\drivers\ncplelhp.sys (NCP Engineering GmbH)
DRV:64bit: - (BCM43XX) -- C:\Windows\SysNative\drivers\BCMWL664.SYS (Broadcom Corporation)
DRV:64bit: - (BCM42RLY) -- C:\Windows\SysNative\drivers\bcm42rly.sys (Broadcom Corporation)
DRV:64bit: - (mfenlfk) -- C:\Windows\SysNative\drivers\mfenlfk.sys (McAfee, Inc.)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (hpdskflt) -- C:\Windows\SysNative\drivers\hpdskflt.sys (Hewlett-Packard Company)
DRV:64bit: - (Accelerometer) -- C:\Windows\SysNative\drivers\Accelerometer.sys (Hewlett-Packard Company)
DRV:64bit: - (STHDA) -- C:\Windows\SysNative\drivers\stwrt64.sys (IDT, Inc.)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (johci) -- C:\Windows\SysNative\drivers\johci.sys (JMicron Technology Corp.)
DRV:64bit: - (SzCCID) -- C:\Windows\SysNative\drivers\SzCCID.sys (Generic)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (SPUVCbv) -- C:\Windows\SysNative\drivers\SPUVCBv_x64.sys (Sunplus Technology)
DRV:64bit: - (JMCR) -- C:\Windows\SysNative\drivers\jmcr.sys (JMicron Technology Corporation)
DRV:64bit: - (HpqKbFiltr) -- C:\Windows\SysNative\drivers\HpqKbFiltr.sys (Hewlett-Packard Company)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (IntcDAud) -- C:\Windows\SysNative\drivers\IntcDAud.sys (Intel(R) Corporation)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwampfl) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (AgereSoftModem) -- C:\Windows\SysNative\drivers\agrsm64.sys (LSI Corporation)
DRV:64bit: - (sdbus) -- C:\Windows\SysNative\drivers\sdbus.sys (Microsoft Corporation)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (StillCam) -- C:\Windows\SysNative\drivers\serscan.sys (Microsoft Corporation)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
 
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 34 CC 72 32 46 08 CE 01  [binary data]
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_1_102.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{D19CA586-DD6C-4a0a-96F8-14644F340D60}: C:\Program Files (x86)\Common Files\McAfee\SystemCore [2013.03.28 23:45:40 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Users\skanisch\AppData\Local\Mozilla Firefox\components [2013.03.08 10:36:35 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Users\skanisch\AppData\Local\Mozilla Firefox\plugins
 
[2013.02.11 13:20:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\skanisch\AppData\Roaming\mozilla\Extensions
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20130306113954.dll (McAfee, Inc.)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files (x86)\Common Files\McAfee\SystemCore\ScriptSn.20130306113954.dll (McAfee, Inc.)
O4:64bit: - HKLM..\Run: [Broadcom Wireless Manager UI] C:\Program Files\Broadcom\Broadcom 802.11\WLTRAY.EXE (Broadcom Corporation)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe (IDT, Inc.)
O4 - HKLM..\Run: [googletalk] C:\Program Files (x86)\Google\Google Talk\googletalk.exe (Google)
O4 - HKLM..\Run: [HP HD Webcam [Fixed]_Monitor] C:\Program Files (x86)\HP HD Webcam [Fixed]\Monitor.exe ()
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [MVS Splash] C:\Program Files (x86)\McAfee\Managed VirusScan\DesktopUI\XTray.exe ()
O4 - HKLM..\Run: [NcpBudgetGui] C:\Program Files (x86)\NCP\SecureClient\NcpBudgetGui.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpMonitor] C:\Program Files (x86)\NCP\SecureClient\ncpmon.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpPopup] C:\Program Files (x86)\NCP\SecureClient\ncppopup.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [NcpRsuGui] C:\Program Files (x86)\NCP\SecureClient\rwsrsu.exe (NCP engineering GmbH)
O4 - HKLM..\Run: [QLBController] C:\Program Files (x86)\Hewlett-Packard\HP HotKey Support\QLBController.exe (Hewlett-Packard Company)
O4 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128..\Run: [Skype] "C:\Users\skanisch\AppData\Local\Skype\Phone\Skype.exe" /minimized /regrun File not found
O4 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128..\Run: [Sysyem Cleaner] C:\Users\skanisch\AppData\Local\Temp\0.4171816970148574.exe File not found
O4:64bit: - HKLM..\RunOnce: [*WerKernelReporting] C:\Windows\SysNative\WerFault.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDeletePrinter = 0
O8:64bit: - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Send image to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Send page to &Bluetooth Device... - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O1364bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - ..Trusted Domains: matis-group.corp ([bebruinf01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([demuninf01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([frbdxadc01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([frblginf01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([frcasadc01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([frlyoinf01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([frptxbefs01] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([srv-share] * in Sites de confiance)
O15:64bit: - ..Trusted Domains: matis-group.corp ([srv-stuttgart] * in Sites de confiance)
O15 - HKLM\..Trusted Domains: //about.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Exclude.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //LanguageSelection.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Message.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryCmd.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyAgttryNag.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //MyNotification.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //NOCLessUpdate.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //quarantine.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //ScanNow.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //strings.vbs/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Template.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //Update.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: //VirFound.htm/ ([]myui in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafee.com ([*] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([betavscan] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([vs] https in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] http in Trusted sites)
O15 - HKLM\..Trusted Domains: mcafeeasap.com ([www] https in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([bebruinf01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([demuninf01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([frbdxadc01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([frblginf01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([frcasadc01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([frlyoinf01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([frptxbefs01] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([srv-share] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Domains: matis-group.corp ([srv-stuttgart] * in Trusted sites)
O15 - HKU\.DEFAULT\..Trusted Ranges: Range1 ([https] in Local intranet)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([bebruinf01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([demuninf01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([frbdxadc01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([frblginf01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([frcasadc01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([frlyoinf01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([frptxbefs01] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([srv-share] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Domains: matis-group.corp ([srv-stuttgart] * in Trusted sites)
O15 - HKU\S-1-5-18\..Trusted Ranges: Range1 ([https] in Local intranet)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([bebruinf01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([demuninf01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([frbdxadc01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([frblginf01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([frcasadc01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([frlyoinf01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([frptxbefs01] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([srv-share] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Domains: matis-group.corp ([srv-stuttgart] * in Trusted sites)
O15 - HKU\S-1-5-21-2737715144-2812445894-812300142-3128\..Trusted Ranges: Range1 ([https] in Local intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.63.20 192.168.111.12 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = matis-group.corp
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A7B03F9-4CEF-446B-8289-DEC27BE9E3EE}: DhcpNameServer = 192.168.63.20 192.168.111.12 208.67.222.222
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{38000F51-6877-439E-AC85-768C5C9655B0}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help - No CLSID value found
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010.11.17 02:01:57 | 000,000,131 | R--- | M] () - F:\Autorun.inf -- [ CDFS ]
O33 - MountPoints2\{850be34c-66ec-11e2-83c2-806e6f6e6963}\Shell - "" = AutoRun
O33 - MountPoints2\{850be34c-66ec-11e2-83c2-806e6f6e6963}\Shell\AutoRun\command - "" = F:\Setup.exe -- [2010.11.17 02:01:57 | 000,297,832 | R--- | M] (Hewlett-Packard Co.)
O33 - MountPoints2\{c79626f9-7439-11e2-a347-402cf4c92ba5}\Shell - "" = AutoRun
O33 - MountPoints2\{c79626f9-7439-11e2-a347-402cf4c92ba5}\Shell\AutoRun\command - "" = G:\AutoRun.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.03 10:46:39 | 000,000,000 | ---D | C] -- C:\Users\skanisch\AppData\Local\CutePDF Writer
[2013.03.28 16:58:22 | 000,000,000 | ---D | C] -- C:\Users\skanisch\AppData\Local\Microsoft Help
[2013.03.26 13:48:58 | 000,000,000 | ---D | C] -- C:\Users\skanisch\4.0
[2013.03.26 13:48:56 | 000,000,000 | ---D | C] -- C:\Users\skanisch\.tfo4
[2013.03.19 09:26:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Skype
[2013.03.19 09:26:44 | 000,000,000 | ---D | C] -- C:\Users\skanisch\AppData\Local\Skype
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.10 14:32:00 | 000,001,126 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.04.10 14:32:00 | 000,001,122 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.04.10 14:28:13 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.10 13:49:59 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592236111-117601028-3546815005-1000UA.job
[2013.04.10 13:49:59 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-592236111-117601028-3546815005-1000Core.job
[2013.04.10 13:37:00 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 13:37:00 | 000,010,256 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.10 08:52:35 | 000,778,834 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.10 08:52:35 | 000,652,148 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.10 08:52:35 | 000,121,080 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.09 20:54:25 | 3169,599,488 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.08 13:16:00 | 000,121,607 | ---- | M] () -- C:\Users\skanisch\Documents\MATIS Profil_EvB_SKA.pdf
[2013.04.04 17:36:40 | 512,172,572 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.04.04 09:02:25 | 001,698,573 | ---- | M] () -- C:\Users\skanisch\Desktop\Bachelorzeugnis Karsten Ziemann.pdf
[2013.04.03 10:51:47 | 000,011,458 | RHS- | M] () -- C:\ProgramData\ntuser.pol
[2013.03.28 14:55:37 | 000,002,646 | RHS- | M] () -- C:\Users\skanisch\ntuser.pol
[2013.03.20 19:24:15 | 000,246,293 | ---- | M] () -- C:\Users\skanisch\Desktop\Zusatzvereinbarung_Steddin.pdf
[2013.03.18 12:40:32 | 000,115,621 | ---- | M] () -- C:\Users\skanisch\Desktop\Projektbeschreibung.pdf
 
========== Files Created - No Company Name ==========
 
[2013.04.08 13:16:00 | 000,121,607 | ---- | C] () -- C:\Users\skanisch\Documents\MATIS Profil_EvB_SKA.pdf
[2013.04.04 09:02:25 | 001,698,573 | ---- | C] () -- C:\Users\skanisch\Desktop\Bachelorzeugnis Karsten Ziemann.pdf
[2013.03.20 19:24:15 | 000,246,293 | ---- | C] () -- C:\Users\skanisch\Desktop\Zusatzvereinbarung_Steddin.pdf
[2013.03.18 12:40:32 | 000,115,621 | ---- | C] () -- C:\Users\skanisch\Desktop\Projektbeschreibung.pdf
[2013.01.25 15:56:24 | 000,002,646 | RHS- | C] () -- C:\Users\skanisch\ntuser.pol
[2013.01.25 15:47:37 | 000,011,458 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2012.03.20 13:34:08 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2012.03.20 13:34:08 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2012.03.20 13:34:08 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2012.03.20 13:29:55 | 000,094,776 | ---- | C] () -- C:\Windows\un_dext.exe
[2012.03.20 13:29:55 | 000,087,928 | ---- | C] () -- C:\Windows\SPRemove_x64.exe
[2012.03.20 13:29:55 | 000,014,409 | ---- | C] () -- C:\Windows\TWAIN2080.ini
[2012.03.20 13:29:55 | 000,003,926 | ---- | C] () -- C:\Windows\Dext_12.ini
[2012.03.20 13:29:55 | 000,003,892 | ---- | C] () -- C:\Windows\Dext_27.ini
[2012.03.20 13:29:55 | 000,003,884 | ---- | C] () -- C:\Windows\Dext_25.ini
[2012.03.20 13:29:55 | 000,003,882 | ---- | C] () -- C:\Windows\Dext_21.ini
[2012.03.20 13:29:55 | 000,003,820 | ---- | C] () -- C:\Windows\Dext_11.ini
[2012.03.20 13:29:55 | 000,003,802 | ---- | C] () -- C:\Windows\Dext_14.ini
[2012.03.20 13:29:55 | 000,003,802 | ---- | C] () -- C:\Windows\Dext_05.ini
[2012.03.20 13:29:55 | 000,003,704 | ---- | C] () -- C:\Windows\Dext_10.ini
[2012.03.20 13:29:55 | 000,003,700 | ---- | C] () -- C:\Windows\Dext_16.ini
[2012.03.20 13:29:55 | 000,003,682 | ---- | C] () -- C:\Windows\Dext_08.ini
[2012.03.20 13:29:55 | 000,003,672 | ---- | C] () -- C:\Windows\Dext_31.ini
[2012.03.20 13:29:55 | 000,003,648 | ---- | C] () -- C:\Windows\Dext_36.ini
[2012.03.20 13:29:55 | 000,003,624 | ---- | C] () -- C:\Windows\Dext_1046.ini
[2012.03.20 13:29:55 | 000,003,622 | ---- | C] () -- C:\Windows\Dext_20.ini
[2012.03.20 13:29:55 | 000,003,588 | ---- | C] () -- C:\Windows\Dext_06.ini
[2012.03.20 13:29:55 | 000,003,586 | ---- | C] () -- C:\Windows\Dext_22.ini
[2012.03.20 13:29:55 | 000,003,550 | ---- | C] () -- C:\Windows\Dext_19.ini
[2012.03.20 13:29:55 | 000,003,550 | ---- | C] () -- C:\Windows\Dext_07.ini
[2012.03.20 13:29:55 | 000,003,522 | ---- | C] () -- C:\Windows\Dext_02.ini
[2012.03.20 13:29:55 | 000,003,492 | ---- | C] () -- C:\Windows\Dext_24.ini
[2012.03.20 13:29:55 | 000,003,450 | ---- | C] () -- C:\Windows\Dext_29.ini
[2012.03.20 13:29:55 | 000,003,416 | ---- | C] () -- C:\Windows\Dext_01.ini
[2012.03.20 13:29:55 | 000,003,342 | ---- | C] () -- C:\Windows\Dext_30.ini
[2012.03.20 13:29:55 | 000,003,220 | ---- | C] () -- C:\Windows\Dext_09.ini
[2012.03.20 13:29:55 | 000,003,174 | ---- | C] () -- C:\Windows\Dext_13.ini
[2012.03.20 13:29:55 | 000,002,850 | ---- | C] () -- C:\Windows\Dext_04.ini
[2012.03.20 13:29:55 | 000,002,750 | ---- | C] () -- C:\Windows\Dext_17.ini
[2012.03.20 13:29:55 | 000,002,674 | ---- | C] () -- C:\Windows\Dext_18.ini
[2012.03.20 13:29:55 | 000,002,638 | ---- | C] () -- C:\Windows\Dext_2052.ini
[2012.03.20 13:29:54 | 000,002,153 | ---- | C] () -- C:\Windows\remove.ini
[2012.03.20 13:23:59 | 007,022,810 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.01.04 11:59:19 | 014,164,480 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.01.04 11:03:45 | 012,868,096 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.07.14 03:15:20 | 000,605,696 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
--- --- ---

t'john 10.04.2013 15:37
Der Eintrag im Autostart ist natuerlich geblieben:
Zitat:
C:\Users\skanisch\AppData\Local\Temp\0.4171816970148574.exe
Wende dich an den Admin.

t'john 29.05.2013 13:34
Fehlende Rückmeldung

Gibt es Probleme beim Abarbeiten obiger Anleitung?

Um Kapazitäten für andere Hilfesuchende freizumachen, lösche ich dieses Thema aus meinen Benachrichtigungen.

Solltest Du weitermachen wollen, schreibe mir eine PN oder eröffne ein neues Thema.
http://www.trojaner-board.de/69886-a...-beachten.html


Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner sauber ist.


Alle Zeitangaben in WEZ +1. Es ist jetzt 07:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19