Trojaner-Board - GVU Trojaner Windows 7 32 bit

Trojaner-Board (https://www.trojaner-board.de/)

- Log-Analyse und Auswertung (https://www.trojaner-board.de/log-analyse-auswertung/)

- - GVU Trojaner Windows 7 32 bit (https://www.trojaner-board.de/136780-gvu-trojaner-windows-7-32-bit.html)

GVU Trojaner Windows 7 32 bit

Hallo zusammen,

habe mich eben erst angemeldet und schon ein wenig gelesen.......zuerst einmal bin ich sehr positiv überrascht....hier sind Könner am Werk:daumenhoc

Habe hier den Rechner meiner Schwester, den ich eigentlich neu aufsetzen könnte, aber ich brauche dringend erst ein paar Ordner gesichert(Onlinebanking, .pst usw.)
Habe nun die otl.txt erstellt:

Code:

OTL logfile created on: 6/17/2013 10:34:45 PM - Run 

OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE

Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System

Internet Explorer (Version = 9.10.9200.16614)

Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

 

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free

Paging file location(s): ?:\pagefile.sys [binary data]

 

%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files

Drive C: | 100.00 Mb Total Space | 74.05 Mb Free Space | 74.05% Space Free | Partition Type: NTFS

Drive D: | 488.18 Gb Total Space | 433.99 Gb Free Space | 88.90% Space Free | Partition Type: NTFS

Drive E: | 488.28 Gb Total Space | 483.76 Gb Free Space | 99.08% Space Free | Partition Type: NTFS

Drive F: | 420.70 Gb Total Space | 411.01 Gb Free Space | 97.70% Space Free | Partition Type: NTFS

Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

 

Computer Name: REATOGO | User Name: SYSTEM

Boot Mode: Normal | Scan Mode: All users

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

Using ControlSet: ControlSet001

 
 ========== Win32 Services (SafeList) ==========

 

SRV - File not found [Auto] --  -- (TuneUp.UtilitiesSvc)

SRV - [2013/06/11 15:49:27 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)

SRV - [2012/12/21 08:48:10 | 000,699,680 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- D:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 8.0 OnlineUpdate)

SRV - [2011/12/13 04:29:16 | 000,029,504 | ---- | M] (TuneUp Software) [Auto] -- D:\Windows\System32\uxtuneup.dll -- (UxTuneUp)

SRV - [2011/07/22 02:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto] -- D:\Windows\System32\cjpcsc.exe -- (cjpcsc)

SRV - [2011/05/05 11:30:46 | 000,549,384 | ---- | M] (Star Finanz - Software Entwicklung und Vertriebs GmbH) [Auto] -- D:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe -- (StarMoney 7.0 OnlineUpdate)

SRV - [2011/04/16 20:45:11 | 000,130,008 | R--- | M] (Symantec Corporation) [Auto] -- D:\Program Files\Norton Internet Security\Engine\18.7.2.3\ccSvcHst.exe -- (NIS)

SRV - [2010/04/06 11:30:38 | 000,031,272 | ---- | M] () [On_Demand] -- D:\Windows\System32\AppleChargerSrv.exe -- (AppleChargerSrv)

SRV - [2010/01/18 22:31:26 | 000,072,304 | R--- | M] () [Auto] -- D:\Windows\System32\XSrvSetup.exe -- (JMB36X)

SRV - [2009/08/24 09:38:06 | 000,068,136 | ---- | M] () [Disabled] -- D:\Program Files\Gigabyte\EasySaver\ESSVR.EXE -- (ES lite Service)

SRV - [2009/08/04 12:29:54 | 000,219,360 | ---- | M] (DeviceVM, Inc.) [Auto] -- D:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe -- (BCUService)

SRV - [2009/07/20 07:28:10 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand] -- D:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)

SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc)

SRV - [2009/07/13 21:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc)

 

 
 ========== Driver Services (SafeList) ==========

 

DRV - File not found [Kernel | On_Demand] --  -- (VGPU)

DRV - File not found [Kernel | On_Demand] --  -- (TuneUpUtilitiesDrv)

DRV - File not found [Kernel | On_Demand] --  -- (tsusbhub)

DRV - File not found [Kernel | On_Demand] --  -- (Synth3dVsc)

DRV - [2013/06/01 15:20:16 | 001,611,992 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVEX15.SYS -- (NAVEX15)

DRV - [2013/06/01 15:20:16 | 000,093,272 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVENG.SYS -- (NAVENG)

DRV - [2013/05/31 12:58:19 | 001,002,072 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx86.sys -- (BHDrvx86)

DRV - [2013/05/31 09:46:32 | 000,386,720 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130614.001\IDSvix86.sys -- (IDSVix86)

DRV - [2013/03/29 04:27:11 | 000,106,656 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys -- (EraserUtilRebootDrv)

DRV - [2013/02/03 04:13:19 | 000,017,488 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand] -- D:\Windows\gdrv.sys -- (gdrv)

DRV - [2012/08/23 10:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)

DRV - [2012/08/23 10:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)

DRV - [2012/08/18 02:49:55 | 000,376,480 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys -- (eeCtrl)

DRV - [2011/05/16 12:47:27 | 000,126,584 | ---- | M] (Symantec Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\SYMEVENT.SYS -- (SymEvent)

DRV - [2011/04/20 21:37:49 | 000,299,640 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS -- (SymNetS)

DRV - [2011/03/30 23:00:09 | 000,516,216 | ---- | M] (Symantec Corporation) [File_System | On_Demand] -- D:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS -- (SRTSP)

DRV - [2011/03/30 23:00:09 | 000,050,168 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS -- (SRTSPX) Symantec Real Time Storage Protection (PEL)

DRV - [2011/03/29 06:08:08 | 000,028,144 | ---- | M] (REINER SCT) [Kernel | On_Demand] -- D:\Windows\System32\drivers\cjusb.sys -- (cjusb)

DRV - [2011/03/14 22:31:23 | 000,744,568 | ---- | M] (Symantec Corporation) [File_System | Boot] -- D:\Windows\System32\drivers\NIS\1207020.003\symefa.sys -- (SymEFA)

DRV - [2011/01/27 02:47:10 | 000,340,088 | ---- | M] (Symantec Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\NIS\1207020.003\symds.sys -- (SymDS)

DRV - [2011/01/27 01:07:05 | 000,136,312 | ---- | M] (Symantec Corporation) [Kernel | System] -- D:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS -- (SymIRON)

DRV - [2011/01/09 13:02:01 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt)

DRV - [2011/01/09 13:02:01 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt)

DRV - [2010/11/20 08:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmbus.sys -- (vmbus)

DRV - [2010/11/20 08:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt)

DRV - [2010/11/20 08:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc)

DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb)

DRV - [2010/11/20 05:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID)

DRV - [2010/11/20 05:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap)

DRV - [2010/04/06 11:30:24 | 000,018,984 | ---- | M] () [Kernel | System] -- D:\Windows\System32\drivers\AppleCharger.sys -- (AppleCharger)

DRV - [2010/01/27 04:58:32 | 000,098,928 | ---- | M] (JMicron Technology Corp.) [Kernel | Boot] -- D:\Windows\System32\drivers\jraid.sys -- (JRAID)

DRV - [2009/12/21 21:26:36 | 000,030,392 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbfilter.sys -- (usbfilter)

DRV - [2009/11/20 07:15:18 | 000,137,728 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3xhc.sys -- (nusb3xhc)

DRV - [2009/11/20 07:15:16 | 000,058,880 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nusb3hub.sys -- (nusb3hub)

DRV - [2009/09/30 21:22:08 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)

DRV - [2009/07/13 20:18:07 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)

DRV - [2009/07/13 18:09:17 | 004,194,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- D:\Windows\system32\drivers\atikmdag.sys -- (atikmdag)

DRV - [2009/06/17 12:56:32 | 000,028,560 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LUsbFilt.sys -- (LUsbFilt)

DRV - [2009/06/17 12:56:16 | 000,037,392 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LMouFilt.Sys -- (LMouFilt)

DRV - [2009/06/17 12:56:06 | 000,035,472 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\LHidFilt.Sys -- (LHidFilt)

DRV - [2009/06/17 12:55:18 | 000,020,240 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L8042Kbd.sys -- (L8042Kbd)

DRV - [2009/05/04 21:00:28 | 000,014,392 | ---- | M] (Advanced Micro Devices Inc.) [Kernel | Boot] -- D:\Windows\System32\drivers\AtiPcie.sys -- (AtiPcie) AMD PCI Express (3GIO)

DRV - [2007/05/31 02:38:16 | 000,014,949 | ---- | M] (franson.biz) [Kernel | System] -- D:\Windows\System32\drivers\bizVSerialNT.sys -- (bizVSerial)

 

 
 ========== Standard Registry (SafeList) ==========

 

 
 ========== Internet Explorer ==========

 

 

 

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

 

IE - HKU\franke_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/

IE - HKU\franke_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp

IE - HKU\franke_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de

IE - HKU\franke_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\franke_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

 

 

 

 

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:  

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0:  File not found

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

FF - HKLM\Software\MozillaPlugins\@divx.com/DivX OVS Helper,version=1.0.0: D:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)

FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)

FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.)

FF - HKLM\Software\MozillaPlugins\Adobe Reader:  File not found

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Users\franke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Users\franke\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

 

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\IPSFFPlgn\ [2013/03/28 15:32:00 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\coFFPlgn_2011_7_13_2 [2013/06/17 15:01:49 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/01/30 12:00:03 | 000,000,000 | ---D | M]

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: C:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/01/30 12:00:03 | 000,000,000 | ---D | M]

 

 

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts

O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)

O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - D:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - D:\Program Files\Norton Internet Security\Engine\18.7.2.3\ips\ipsbho.dll (Symantec Corporation)

O2 - BHO: (SweetPacks Browser Helper) - {EEE6C35C-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O3 - HKLM\..\Toolbar: (SweetPacks Toolbar for Internet Explorer) - {EEE6C35B-6118-11DC-9C72-001320C79847} - D:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll (SweetIM Technologies Ltd.)

O3 - HKU\franke_ON_D\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - D:\Program Files\Norton Internet Security\Engine\18.7.2.3\coieplg.dll (Symantec Corporation)

O4 - HKLM..\Run: []  File not found

O4 - HKLM..\Run: [BCU] D:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe (DeviceVM, Inc.)

O4 - HKLM..\Run: [JMB36X IDE Setup] D:\Windows\RaidTool\xInsIDE.exe ()

O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] D:\Windows\KHALMNPR.Exe (Logitech, Inc.)

O4 - HKLM..\Run: [Sweetpacks Communicator] D:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe (SweetIM Technologies Ltd.)

O4 - HKU\franke_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\franke\AppData\Local\Temp\ofi3jZF.exe (Mozilla Foundation)

O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation)

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0

O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O13 - gopher Prefix: missing

O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)

O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} hxxp://download.divx.com/player/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} hxxp://games.bigfishgames.com/de_dinerdashfloontheg/online/ddfotg.1.0.0.33.cab (CPlayFirstddfotgControl Object)

O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} hxxp://game.zylom.com/activex/zylomgamesplayer.cab (Zylom Games Player)

O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27)

O16 - DPF: Microsoft XML Parser for Java file:///C:/Windows/Java/classes/xmldso.cab (Reg Error: Key error.)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found

O20 - HKU\franke_ON_D Winlogon: Shell - (cmd.exe) - D:\Windows\System32\cmd.exe (Microsoft Corporation)

O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - D:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.

O27 - HKLM IFEO\eslite.exe: Debugger - "D:\Program Files\TUAutoReactivator32.exe" File not found

O27 - HKLM IFEO\hpcustpartic.exe: Debugger - "D:\Program Files\TUAutoReactivator32.exe" File not found

O27 - HKLM IFEO\photoproduct.exe: Debugger - "D:\Program Files\TUAutoReactivator32.exe" File not found

O27 - HKLM IFEO\uninst.exe: Debugger - "D:\Program Files\TUAutoReactivator32.exe" File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]

O34 - HKLM BootExecute: (autocheck autochk *) -  File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

 
 ========== Files/Folders - Created Within 30 Days ==========

 

[2013/06/12 14:31:41 | 002,706,432 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb

[2013/06/12 14:31:41 | 000,391,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll

[2013/06/12 14:26:35 | 000,690,688 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript.dll

[2013/06/12 14:26:33 | 002,877,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jscript9.dll

[2013/06/12 14:26:33 | 000,061,440 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesetup.dll

[2013/06/12 14:26:33 | 000,039,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\jsproxy.dll

[2013/06/12 14:26:32 | 000,493,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll

[2013/06/12 14:26:32 | 000,109,056 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iesysprep.dll

[2013/06/12 14:26:32 | 000,071,680 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\RegisterIEPKEYs.exe

[2013/06/12 14:26:32 | 000,042,496 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ie4uinit.exe

[2013/06/12 14:26:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\iernonce.dll

[2013/06/12 10:26:42 | 001,505,280 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3d11.dll

[2013/06/12 10:26:28 | 000,024,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\cryptdlg.dll

[2013/06/12 10:26:25 | 000,492,544 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\win32spl.dll

[2013/06/12 10:26:24 | 000,903,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certutil.exe

[2013/06/12 10:26:24 | 000,043,008 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\certenc.dll

[2013/06/12 10:20:11 | 003,968,872 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntkrnlpa.exe

[2013/06/12 10:20:11 | 003,913,576 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe

[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

 
 ========== Files - Modified Within 30 Days ==========

 

[2013/06/17 15:18:19 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat

[2013/06/17 15:07:05 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

[2013/06/17 15:07:05 | 000,014,192 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

[2013/06/17 15:06:01 | 000,668,692 | ---- | M] () -- D:\Windows\System32\perfh007.dat

[2013/06/17 15:06:01 | 000,620,284 | ---- | M] () -- D:\Windows\System32\perfh009.dat

[2013/06/17 15:06:01 | 000,134,540 | ---- | M] () -- D:\Windows\System32\perfc007.dat

[2013/06/17 15:06:01 | 000,110,472 | ---- | M] () -- D:\Windows\System32\perfc009.dat

[2013/06/17 15:01:46 | 000,001,094 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job

[2013/06/17 15:00:59 | 2614,517,760 | -HS- | M] () -- D:\hiberfil.sys

[2013/06/17 14:50:58 | 000,000,000 | -H-- | M] () -- D:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

[2013/06/15 04:47:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job

[2013/06/15 04:37:00 | 000,001,098 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job

[2013/06/15 00:19:58 | 000,163,055 | ---- | M] () -- D:\Users\franke\AppData\Roaming\2433f433

[2013/06/15 00:19:58 | 000,163,048 | ---- | M] () -- D:\Users\franke\AppData\Local\2433f433

[2013/06/15 00:19:58 | 000,163,006 | ---- | M] () -- D:\ProgramData\2433f433

[2013/06/11 15:49:26 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerApp.exe

[2013/06/11 15:49:26 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- D:\Windows\System32\FlashPlayerCPLApp.cpl

[2013/06/08 07:40:02 | 000,391,168 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll

[2013/06/08 07:13:19 | 002,706,432 | ---- | M] (Microsoft Corporation) -- D:\Windows\System32\mshtml.tlb

[1 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ]

 
 ========== Files Created - No Company Name ==========

 

[2013/06/17 14:50:58 | 000,000,000 | -H-- | C] () -- D:\Windows\System32\drivers\Msft_Kernel_LUsbFilt_01005.Wdf

[2013/06/15 00:19:58 | 000,163,055 | ---- | C] () -- D:\Users\franke\AppData\Roaming\2433f433

[2013/06/15 00:19:58 | 000,163,048 | ---- | C] () -- D:\Users\franke\AppData\Local\2433f433

[2013/06/15 00:19:58 | 000,163,006 | ---- | C] () -- D:\ProgramData\2433f433

[2011/12/02 14:14:17 | 000,036,892 | ---- | C] () -- D:\Windows\System32\bassmod.dll

[2011/07/17 10:37:11 | 000,000,934 | ---- | C] () -- D:\Windows\wiso.ini

[2011/04/25 11:10:46 | 000,001,360 | ---- | C] () -- D:\Windows\hpwmdl20.dat.temp

[2011/04/25 09:49:27 | 000,080,896 | ---- | C] () -- D:\Windows\System32\RDVGHelper.exe

[2011/04/25 09:49:14 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll

[2011/04/25 09:48:34 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe

[2011/03/19 10:42:20 | 000,006,550 | ---- | C] () -- D:\Windows\jautoexp.dat

[2011/01/18 14:08:55 | 000,001,940 | ---- | C] () -- D:\Users\franke\AppData\Local\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini

[2011/01/09 12:37:33 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys

[2011/01/09 12:37:32 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys

[2010/11/12 16:07:52 | 000,000,573 | ---- | C] () -- D:\Windows\hbcikrnl.ini

[2010/11/12 16:07:38 | 000,167,936 | ---- | C] () -- D:\Windows\System32\SerialXP.dll

[2010/11/12 16:07:38 | 000,027,648 | ---- | C] () -- D:\Windows\System32\win32com.dll

[2010/11/10 16:52:05 | 000,007,641 | ---- | C] () -- D:\Users\franke\AppData\Local\resmon.resmoncfg

[2010/11/10 15:40:51 | 000,031,272 | ---- | C] () -- D:\Windows\System32\AppleChargerSrv.exe

[2010/11/10 15:40:51 | 000,018,984 | ---- | C] () -- D:\Windows\System32\drivers\AppleCharger.sys

[2010/11/10 15:39:31 | 000,072,304 | R--- | C] () -- D:\Windows\System32\XSrvSetup.exe

[2010/11/10 15:38:51 | 000,080,416 | ---- | C] () -- D:\Windows\System32\RtNicProp32.dll

[2010/11/10 15:32:07 | 000,000,010 | ---- | C] () -- D:\Windows\GSetup.ini

[2010/11/10 15:17:29 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin

[2010/11/10 15:17:29 | 000,000,000 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat

[2009/09/30 06:05:48 | 000,290,816 | ---- | C] () -- D:\Windows\System32\nsldap32v60.dll

[2009/08/27 03:04:12 | 000,207,400 | R--- | C] () -- D:\Windows\GSetup.exe

[2009/07/14 04:47:43 | 000,668,692 | ---- | C] () -- D:\Windows\System32\perfh007.dat

[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat

[2009/07/14 04:47:43 | 000,134,540 | ---- | C] () -- D:\Windows\System32\perfc007.dat

[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat

[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat

[2009/07/14 00:33:53 | 000,413,056 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT

[2009/07/13 22:05:48 | 000,620,284 | ---- | C] () -- D:\Windows\System32\perfh009.dat

[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat

[2009/07/13 22:05:48 | 000,110,472 | ---- | C] () -- D:\Windows\System32\perfc009.dat

[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat

[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT

[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat

[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin

[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll

[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll

[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat

[2008/10/30 12:00:22 | 000,048,640 | ---- | C] () -- D:\Windows\System32\nsldapssl32v60.dll

[2008/10/30 11:59:24 | 000,025,088 | ---- | C] () -- D:\Windows\System32\nsldappr32v60.dll

[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\Windows\System32\nsldapssl32v50.dll

[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\Windows\System32\nsldappr32v50.dll

[2004/12/14 11:55:22 | 000,000,019 | ---- | C] () -- D:\Windows\System32\nsldap32v50.dll

 
 ========== LOP Check ==========

 

[2011/10/08 08:42:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Alawar

[2011/01/01 17:00:46 | 000,000,000 | ---D | M] -- D:\ProgramData\AlawarSouthpoint

[2011/07/16 18:02:56 | 000,000,000 | ---D | M] -- D:\ProgramData\aliasworlds

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten

[2011/09/02 16:16:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Big Fish Games

[2013/06/01 15:36:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Buhl Data Service GmbH

[2011/03/26 17:25:47 | 000,000,000 | ---D | M] -- D:\ProgramData\CannyGames

[2011/09/18 13:44:35 | 000,000,000 | ---D | M] -- D:\ProgramData\Cateia Games

[2011/02/05 14:19:33 | 000,000,000 | ---D | M] -- D:\ProgramData\CrioGames

[2011/07/31 14:21:30 | 000,000,000 | ---D | M] -- D:\ProgramData\CropBusters

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop

[2011/11/05 19:10:28 | 000,000,000 | ---D | M] -- D:\ProgramData\Desktop Gaming

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente

[2011/09/14 17:31:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Far Mills

[2010/11/21 14:48:36 | 000,000,000 | ---D | M] -- D:\ProgramData\Farm Fishes

[2011/02/26 13:19:50 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy_Rome

[2011/09/22 18:30:26 | 000,000,000 | ---D | M] -- D:\ProgramData\FarmFrenzy_Vikings

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten

[2011/09/09 12:13:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Fugazo

[2011/02/15 17:04:11 | 000,000,000 | ---D | M] -- D:\ProgramData\Funny Bear Studio

[2010/11/12 19:54:20 | 000,000,000 | ---D | M] -- D:\ProgramData\GameHouse

[2011/02/24 17:53:52 | 000,000,000 | ---D | M] -- D:\ProgramData\GamePlastic

[2011/09/08 17:28:44 | 000,000,000 | ---D | M] -- D:\ProgramData\Green Clover Games

[2011/12/11 14:19:22 | 000,000,000 | ---D | M] -- D:\ProgramData\Grey Alien Games

[2011/08/07 14:52:36 | 000,000,000 | ---D | M] -- D:\ProgramData\HipSoft

[2011/03/26 16:19:17 | 000,000,000 | ---D | M] -- D:\ProgramData\Kingdom

[2011/03/22 15:34:29 | 000,000,000 | ---D | M] -- D:\ProgramData\MumboJumbo

[2011/02/05 11:27:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Nevosoft-Breeze

[2011/01/08 18:04:32 | 000,000,000 | ---D | M] -- D:\ProgramData\Oberon Media

[2011/03/11 17:28:51 | 000,000,000 | ---D | M] -- D:\ProgramData\Particles

[2011/09/18 15:06:38 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayFirst

[2011/11/19 18:46:37 | 000,000,000 | ---D | M] -- D:\ProgramData\PlayfulAge

[2011/12/12 13:10:29 | 000,000,000 | ---D | M] -- D:\ProgramData\Playrix Entertainment

[2011/09/10 15:33:46 | 000,000,000 | ---D | M] -- D:\ProgramData\PopCap Games

[2010/11/12 16:07:38 | 000,000,000 | ---D | M] -- D:\ProgramData\REINER SCT

[2011/10/19 17:05:34 | 000,000,000 | ---D | M] -- D:\ProgramData\RescueFrenzy

[2011/07/30 12:48:02 | 000,000,000 | ---D | M] -- D:\ProgramData\rionix

[2010/12/07 16:46:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Rumbic Studio

[2011/11/23 19:33:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Solidshield

[2010/11/11 16:57:27 | 000,000,000 | ---D | M] -- D:\ProgramData\StarMoney 7.0

[2012/04/01 11:58:33 | 000,000,000 | ---D | M] -- D:\ProgramData\StarMoney 8.0

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü

[2013/01/13 12:35:26 | 000,000,000 | ---D | M] -- D:\ProgramData\SweetIM

[2013/06/14 18:06:58 | 000,000,000 | ---D | M] -- D:\ProgramData\TEMP

[2011/01/09 11:42:13 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software

[2011/10/19 07:50:55 | 000,000,000 | ---D | M] -- D:\ProgramData\VirtualFarm2

[2011/11/06 19:30:30 | 000,000,000 | ---D | M] -- D:\ProgramData\Visan

[2010/11/10 15:22:11 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen

[2011/01/09 11:40:28 | 000,000,000 | -HSD | M] -- D:\ProgramData\{24036256-BFDB-4CD3-BE8A-A3D6160F2E16}

[2010/11/12 17:10:57 | 000,000,000 | ---D | M] -- D:\ProgramData\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2013/04/26 10:40:21 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT

 
 ========== Purity Check ==========

 

 

 
 ========== Alternate Data Streams ==========

 

@Alternate Data Stream - 236 bytes -> D:\ProgramData\TEMP:99AC3203

@Alternate Data Stream - 236 bytes -> D:\ProgramData\TEMP:38FF076E

@Alternate Data Stream - 233 bytes -> D:\ProgramData\TEMP:DD95E6D9

@Alternate Data Stream - 218 bytes -> D:\ProgramData\TEMP:29C0641D

@Alternate Data Stream - 213 bytes -> D:\ProgramData\TEMP:6C049F97

@Alternate Data Stream - 212 bytes -> D:\ProgramData\TEMP:E5BA9ADD

@Alternate Data Stream - 199 bytes -> D:\ProgramData\TEMP:1A4BF204

@Alternate Data Stream - 190 bytes -> D:\ProgramData\TEMP:8247A199

@Alternate Data Stream - 18 bytes -> D:\Users\franke:zylomtr{00013KEU-UKQE-K6V0-2PHI-2B2UA19M6VV4}

@Alternate Data Stream - 16 bytes -> D:\Users\franke:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE}

@Alternate Data Stream - 149 bytes -> D:\ProgramData\TEMP:884C7316

@Alternate Data Stream - 149 bytes -> D:\ProgramData\TEMP:2D3CB929

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:FD38E906

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:3B07E6F4

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:10873493

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:D882BE37

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:2ABB51D4

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:140AD176

@Alternate Data Stream - 146 bytes -> D:\ProgramData\TEMP:E6B1AD87

@Alternate Data Stream - 146 bytes -> D:\ProgramData\TEMP:8DD36B71

@Alternate Data Stream - 145 bytes -> D:\ProgramData\TEMP:A5CD91DF

@Alternate Data Stream - 145 bytes -> D:\ProgramData\TEMP:14D29229

@Alternate Data Stream - 143 bytes -> D:\ProgramData\TEMP:7EABF26C

@Alternate Data Stream - 143 bytes -> D:\ProgramData\TEMP:193CB03B

@Alternate Data Stream - 142 bytes -> D:\ProgramData\TEMP:701B92FB

@Alternate Data Stream - 142 bytes -> D:\ProgramData\TEMP:4B244549

@Alternate Data Stream - 141 bytes -> D:\ProgramData\TEMP:C43C957E

@Alternate Data Stream - 141 bytes -> D:\ProgramData\TEMP:160ADF0B

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:9CF728A6

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:6EA64886

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:03D08225

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:751D6870

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:07C99568

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:073139EC

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:F3591DDB

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:20EB6823

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:0988A428

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:7425C891

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:5C0940F1

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:2E9900EE

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:0915A718

@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:92D91D7E

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:C3D26A8A

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:4149A170

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:00AA4B31

@Alternate Data Stream - 134 bytes -> D:\ProgramData\TEMP:EE7AAC75

@Alternate Data Stream - 133 bytes -> D:\ProgramData\TEMP:E21433CE

@Alternate Data Stream - 133 bytes -> D:\ProgramData\TEMP:B722BCE5

@Alternate Data Stream - 131 bytes -> D:\ProgramData\TEMP:A01F3A87

@Alternate Data Stream - 131 bytes -> D:\ProgramData\TEMP:93226FE3

@Alternate Data Stream - 130 bytes -> D:\ProgramData\TEMP:6423D635

@Alternate Data Stream - 129 bytes -> D:\ProgramData\TEMP:D01ACC06

@Alternate Data Stream - 129 bytes -> D:\ProgramData\TEMP:9D03192E

@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:C946EBB2

@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:BC1F7CAE

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:D576A536

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:16A4620C

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:9DB67071

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:2D1AE3BE

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:1B3549F2

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:CD6DF7CC

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:C3AD9507

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:56C66609

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:00811B66

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:F1F936DF

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:BD8010FE

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:063969F8

@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:CFF6B3FF

@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9290C91C

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A7B70C4E

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:6C031E3E

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:4A966CC2

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:2216A431

@Alternate Data Stream - 121 bytes -> D:\ProgramData\TEMP:E99D1D3C

@Alternate Data Stream - 121 bytes -> D:\ProgramData\TEMP:A1023D41

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:B285A50E

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:AE9351E0

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:149327FE

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:00258EE7

@Alternate Data Stream - 119 bytes -> D:\ProgramData\TEMP:104A718B

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:46A2F27B

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:2ADF9928

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:169E7AC5

@Alternate Data Stream - 104 bytes -> D:\ProgramData\TEMP:1A8BB29B

< End of report >

Vielen Dank im Voraus

Gruss tpfkarb

Fixen mit OTL

Starte bitte die OTL.exe.
Kopiere nun den Inhalt aus der Codebox in die Textbox.

Code:

:OTL

O4 - HKU\franke_ON_D..\Run: [qcgce2mrvjq91kk1e7pnbb19m52fx] D:\Users\franke\AppData\Local\Temp\ofi3jZF.exe (Mozilla Foundation)

O20 - HKU\franke_ON_D Winlogon: Shell - (cmd.exe) - D:\Windows\System32\cmd.exe (Microsoft Corporation)

[2013/06/15 00:19:58 | 000,163,055 | ---- | M] () -- D:\Users\franke\AppData\Roaming\2433f433

[2013/06/15 00:19:58 | 000,163,048 | ---- | M] () -- D:\Users\franke\AppData\Local\2433f433

[2013/06/15 00:19:58 | 000,163,006 | ---- | M] () -- D:\ProgramData\2433f433

@Alternate Data Stream - 236 bytes -> D:\ProgramData\TEMP:99AC3203

@Alternate Data Stream - 236 bytes -> D:\ProgramData\TEMP:38FF076E

@Alternate Data Stream - 233 bytes -> D:\ProgramData\TEMP:DD95E6D9

@Alternate Data Stream - 218 bytes -> D:\ProgramData\TEMP:29C0641D

@Alternate Data Stream - 213 bytes -> D:\ProgramData\TEMP:6C049F97

@Alternate Data Stream - 212 bytes -> D:\ProgramData\TEMP:E5BA9ADD

@Alternate Data Stream - 199 bytes -> D:\ProgramData\TEMP:1A4BF204

@Alternate Data Stream - 190 bytes -> D:\ProgramData\TEMP:8247A199

@Alternate Data Stream - 18 bytes -> D:\Users\franke:zylomtr{00013KEU-UKQE-K6V0-2PHI-2B2UA19M6VV4}

@Alternate Data Stream - 16 bytes -> D:\Users\franke:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE}

@Alternate Data Stream - 149 bytes -> D:\ProgramData\TEMP:884C7316

@Alternate Data Stream - 149 bytes -> D:\ProgramData\TEMP:2D3CB929

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:FD38E906

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:3B07E6F4

@Alternate Data Stream - 148 bytes -> D:\ProgramData\TEMP:10873493

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:D882BE37

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:2ABB51D4

@Alternate Data Stream - 147 bytes -> D:\ProgramData\TEMP:140AD176

@Alternate Data Stream - 146 bytes -> D:\ProgramData\TEMP:E6B1AD87

@Alternate Data Stream - 146 bytes -> D:\ProgramData\TEMP:8DD36B71

@Alternate Data Stream - 145 bytes -> D:\ProgramData\TEMP:A5CD91DF

@Alternate Data Stream - 145 bytes -> D:\ProgramData\TEMP:14D29229

@Alternate Data Stream - 143 bytes -> D:\ProgramData\TEMP:7EABF26C

@Alternate Data Stream - 143 bytes -> D:\ProgramData\TEMP:193CB03B

@Alternate Data Stream - 142 bytes -> D:\ProgramData\TEMP:701B92FB

@Alternate Data Stream - 142 bytes -> D:\ProgramData\TEMP:4B244549

@Alternate Data Stream - 141 bytes -> D:\ProgramData\TEMP:C43C957E

@Alternate Data Stream - 141 bytes -> D:\ProgramData\TEMP:160ADF0B

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:9CF728A6

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:6EA64886

@Alternate Data Stream - 140 bytes -> D:\ProgramData\TEMP:03D08225

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:751D6870

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:07C99568

@Alternate Data Stream - 139 bytes -> D:\ProgramData\TEMP:073139EC

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:F3591DDB

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:20EB6823

@Alternate Data Stream - 138 bytes -> D:\ProgramData\TEMP:0988A428

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:7425C891

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:5C0940F1

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:2E9900EE

@Alternate Data Stream - 137 bytes -> D:\ProgramData\TEMP:0915A718

@Alternate Data Stream - 136 bytes -> D:\ProgramData\TEMP:92D91D7E

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:C3D26A8A

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:4149A170

@Alternate Data Stream - 135 bytes -> D:\ProgramData\TEMP:00AA4B31

@Alternate Data Stream - 134 bytes -> D:\ProgramData\TEMP:EE7AAC75

@Alternate Data Stream - 133 bytes -> D:\ProgramData\TEMP:E21433CE

@Alternate Data Stream - 133 bytes -> D:\ProgramData\TEMP:B722BCE5

@Alternate Data Stream - 131 bytes -> D:\ProgramData\TEMP:A01F3A87

@Alternate Data Stream - 131 bytes -> D:\ProgramData\TEMP:93226FE3

@Alternate Data Stream - 130 bytes -> D:\ProgramData\TEMP:6423D635

@Alternate Data Stream - 129 bytes -> D:\ProgramData\TEMP:D01ACC06

@Alternate Data Stream - 129 bytes -> D:\ProgramData\TEMP:9D03192E

@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:C946EBB2

@Alternate Data Stream - 128 bytes -> D:\ProgramData\TEMP:BC1F7CAE

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:D576A536

@Alternate Data Stream - 127 bytes -> D:\ProgramData\TEMP:16A4620C

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:9DB67071

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:2D1AE3BE

@Alternate Data Stream - 126 bytes -> D:\ProgramData\TEMP:1B3549F2

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:CD6DF7CC

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:C3AD9507

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:56C66609

@Alternate Data Stream - 125 bytes -> D:\ProgramData\TEMP:00811B66

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:F1F936DF

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:BD8010FE

@Alternate Data Stream - 124 bytes -> D:\ProgramData\TEMP:063969F8

@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:CFF6B3FF

@Alternate Data Stream - 123 bytes -> D:\ProgramData\TEMP:9290C91C

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:A7B70C4E

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:6C031E3E

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:4A966CC2

@Alternate Data Stream - 122 bytes -> D:\ProgramData\TEMP:2216A431

@Alternate Data Stream - 121 bytes -> D:\ProgramData\TEMP:E99D1D3C

@Alternate Data Stream - 121 bytes -> D:\ProgramData\TEMP:A1023D41

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:B285A50E

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:AE9351E0

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:149327FE

@Alternate Data Stream - 120 bytes -> D:\ProgramData\TEMP:00258EE7

@Alternate Data Stream - 119 bytes -> D:\ProgramData\TEMP:104A718B

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:46A2F27B

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:2ADF9928

@Alternate Data Stream - 118 bytes -> D:\ProgramData\TEMP:169E7AC5

@Alternate Data Stream - 104 bytes -> D:\ProgramData\TEMP:1A8BB29B

:Commands

[emptytemp]

Solltest du deinen Benutzernamen z. B. durch "*****" unkenntlich gemacht haben, so füge an entsprechender Stelle deinen richtigen Benutzernamen ein. Andernfalls wird der Fix nicht funktionieren.
Schließe bitte nun alle Programme.
Klicke nun bitte auf den Fix Button.
OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen.
Nach dem Neustart findest Du ein Textdokument auf deinem Desktop.
( Auch zu finden unter C:\_OTL\MovedFiles\<Uhrzeit_Datum>.txt)
Kopiere nun den Inhalt hier in Deinen Thread

Rebooten, freuen ;)

Hallo Schrauber,

habe die Schritte so nachvollzogen, sah auch gut aus....aber nach dem Neustart immer noch der Sperrbildschirm.....hier das Ergebnis des Fix:

Code:

========== OTL ==========

Registry value HKEY_USERS\franke_ON_D\Software\Microsoft\Windows\CurrentVersion\Run\\qcgce2mrvjq91kk1e7pnbb19m52fx deleted successfully.

D:\Users\franke\AppData\Local\Temp\ofi3jZF.exe moved successfully.

Registry value HKEY_USERS\franke_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully.

D:\Windows\System32\cmd.exe moved successfully.

D:\Users\franke\AppData\Roaming\2433f433 moved successfully.

D:\Users\franke\AppData\Local\2433f433 moved successfully.

D:\ProgramData\2433f433 moved successfully.

ADS D:\ProgramData\TEMP:99AC3203 deleted successfully.

ADS D:\ProgramData\TEMP:38FF076E deleted successfully.

ADS D:\ProgramData\TEMP:DD95E6D9 deleted successfully.

ADS D:\ProgramData\TEMP:29C0641D deleted successfully.

ADS D:\ProgramData\TEMP:6C049F97 deleted successfully.

ADS D:\ProgramData\TEMP:E5BA9ADD deleted successfully.

ADS D:\ProgramData\TEMP:1A4BF204 deleted successfully.

ADS D:\ProgramData\TEMP:8247A199 deleted successfully.

ADS D:\Users\franke:zylomtr{00013KEU-UKQE-K6V0-2PHI-2B2UA19M6VV4} deleted successfully.

ADS D:\Users\franke:zylomtr{000HQ7FF-AD7A-3FG2-LKCU-2AJQPJA4AVHE} deleted successfully.

ADS D:\ProgramData\TEMP:884C7316 deleted successfully.

ADS D:\ProgramData\TEMP:2D3CB929 deleted successfully.

ADS D:\ProgramData\TEMP:FD38E906 deleted successfully.

ADS D:\ProgramData\TEMP:3B07E6F4 deleted successfully.

ADS D:\ProgramData\TEMP:10873493 deleted successfully.

ADS D:\ProgramData\TEMP:D882BE37 deleted successfully.

ADS D:\ProgramData\TEMP:2ABB51D4 deleted successfully.

ADS D:\ProgramData\TEMP:140AD176 deleted successfully.

ADS D:\ProgramData\TEMP:E6B1AD87 deleted successfully.

ADS D:\ProgramData\TEMP:8DD36B71 deleted successfully.

ADS D:\ProgramData\TEMP:A5CD91DF deleted successfully.

ADS D:\ProgramData\TEMP:14D29229 deleted successfully.

ADS D:\ProgramData\TEMP:7EABF26C deleted successfully.

ADS D:\ProgramData\TEMP:193CB03B deleted successfully.

ADS D:\ProgramData\TEMP:701B92FB deleted successfully.

ADS D:\ProgramData\TEMP:4B244549 deleted successfully.

ADS D:\ProgramData\TEMP:C43C957E deleted successfully.

ADS D:\ProgramData\TEMP:160ADF0B deleted successfully.

ADS D:\ProgramData\TEMP:9CF728A6 deleted successfully.

ADS D:\ProgramData\TEMP:6EA64886 deleted successfully.

ADS D:\ProgramData\TEMP:03D08225 deleted successfully.

ADS D:\ProgramData\TEMP:751D6870 deleted successfully.

ADS D:\ProgramData\TEMP:07C99568 deleted successfully.

ADS D:\ProgramData\TEMP:073139EC deleted successfully.

ADS D:\ProgramData\TEMP:F3591DDB deleted successfully.

ADS D:\ProgramData\TEMP:20EB6823 deleted successfully.

ADS D:\ProgramData\TEMP:0988A428 deleted successfully.

ADS D:\ProgramData\TEMP:7425C891 deleted successfully.

ADS D:\ProgramData\TEMP:5C0940F1 deleted successfully.

ADS D:\ProgramData\TEMP:2E9900EE deleted successfully.

ADS D:\ProgramData\TEMP:0915A718 deleted successfully.

ADS D:\ProgramData\TEMP:92D91D7E deleted successfully.

ADS D:\ProgramData\TEMP:C3D26A8A deleted successfully.

ADS D:\ProgramData\TEMP:4149A170 deleted successfully.

ADS D:\ProgramData\TEMP:00AA4B31 deleted successfully.

ADS D:\ProgramData\TEMP:EE7AAC75 deleted successfully.

ADS D:\ProgramData\TEMP:E21433CE deleted successfully.

ADS D:\ProgramData\TEMP:B722BCE5 deleted successfully.

ADS D:\ProgramData\TEMP:A01F3A87 deleted successfully.

ADS D:\ProgramData\TEMP:93226FE3 deleted successfully.

ADS D:\ProgramData\TEMP:6423D635 deleted successfully.

ADS D:\ProgramData\TEMP:D01ACC06 deleted successfully.

ADS D:\ProgramData\TEMP:9D03192E deleted successfully.

ADS D:\ProgramData\TEMP:C946EBB2 deleted successfully.

ADS D:\ProgramData\TEMP:BC1F7CAE deleted successfully.

ADS D:\ProgramData\TEMP:D576A536 deleted successfully.

ADS D:\ProgramData\TEMP:16A4620C deleted successfully.

ADS D:\ProgramData\TEMP:9DB67071 deleted successfully.

ADS D:\ProgramData\TEMP:2D1AE3BE deleted successfully.

ADS D:\ProgramData\TEMP:1B3549F2 deleted successfully.

ADS D:\ProgramData\TEMP:CD6DF7CC deleted successfully.

ADS D:\ProgramData\TEMP:C3AD9507 deleted successfully.

ADS D:\ProgramData\TEMP:56C66609 deleted successfully.

ADS D:\ProgramData\TEMP:00811B66 deleted successfully.

ADS D:\ProgramData\TEMP:F1F936DF deleted successfully.

ADS D:\ProgramData\TEMP:BD8010FE deleted successfully.

ADS D:\ProgramData\TEMP:063969F8 deleted successfully.

ADS D:\ProgramData\TEMP:CFF6B3FF deleted successfully.

ADS D:\ProgramData\TEMP:9290C91C deleted successfully.

ADS D:\ProgramData\TEMP:A7B70C4E deleted successfully.

ADS D:\ProgramData\TEMP:6C031E3E deleted successfully.

ADS D:\ProgramData\TEMP:4A966CC2 deleted successfully.

ADS D:\ProgramData\TEMP:2216A431 deleted successfully.

ADS D:\ProgramData\TEMP:E99D1D3C deleted successfully.

ADS D:\ProgramData\TEMP:A1023D41 deleted successfully.

ADS D:\ProgramData\TEMP:B285A50E deleted successfully.

ADS D:\ProgramData\TEMP:AE9351E0 deleted successfully.

ADS D:\ProgramData\TEMP:149327FE deleted successfully.

ADS D:\ProgramData\TEMP:00258EE7 deleted successfully.

ADS D:\ProgramData\TEMP:104A718B deleted successfully.

ADS D:\ProgramData\TEMP:46A2F27B deleted successfully.

ADS D:\ProgramData\TEMP:2ADF9928 deleted successfully.

ADS D:\ProgramData\TEMP:169E7AC5 deleted successfully.

ADS D:\ProgramData\TEMP:1A8BB29B deleted successfully.

========== COMMANDS ==========

 

[EMPTYTEMP]

 

User: All Users

 

User: Default

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

 

User: Default User

 

User: franke

->Temp folder emptied: 180224405 bytes

->Temporary Internet Files folder emptied: 1387884072 bytes

->Java cache emptied: 28537355 bytes

->Google Chrome cache emptied: 388362472 bytes

->Flash cache emptied: 987008402 bytes

 

User: Public

 

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 17021487 bytes

 

Total Files Cleaned = 2,851.00 mb

 

 

OTLPE by OldTimer - Version 3.1.48.0 log created on 06172013_231312

What? du willst mich ärgern :)
[indent]
Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)

Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST 32-Bit | FRST 64-Bit

Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.

Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:

Über den Boot Manager:
Starte den Rechner neu.

Während dem Hochfahren drücke mehrmals die F8 Taste

Wähle nun Computer reparieren.

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD (auch bei Windows 8 möglich):
Lege die Windows CD in dein Laufwerk.

Starte den Rechner neu und starte von der CD.

Wähle die Spracheinstellungen und klicke "Weiter".

Klicke auf Computerreparaturoptionen !

Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Wähle in den Reparaturoptionen: Eingabeaufforderung
Gib nun bitte notepad ein und drücke Enter.

Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.

Schließe Notepad wieder

Gib nun bitte folgenden Befehl ein.
e:\frst.exe bzw. e:\frst64.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.

Akzeptiere den Disclaimer mit Yes und klicke Scan

Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).

Guten Morgen Schrauber,

werde ich heute nachmittag probieren....

Danke bis hierhin....

Gruss tpfkarb

so hier nun der scan:

FRST Logfile:

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013 02

Ran by SYSTEM on 18-06-2013 21:49:45

Running from H:\

Windows 7 Ultimate (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8546848 2010-03-17] (Realtek Semiconductor)

HKLM\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe                                                                                                                                                                                                         [295728 2012-02-26] (SweetIM Technologies Ltd.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]

HKU\franke\...\Winlogon: [Shell] 

HKU\franke\...\Command Processor: "C:\Users\franke\AppData\Local\Temp\ofi3jZF.exe" <===== ATTENTION!

IMEO\eslite.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\hpcustpartic.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\photoproduct.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\uninst.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"
 

========================== Services (Whitelisted) =================
 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [219360 2009-08-04] (DeviceVM, Inc.)

S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [511920 2011-07-22] (REINER SCT)

S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()

S2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()

S2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-04-01] (Symantec Corporation)

S2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [549384 2011-05-05] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S2 TuneUp.UtilitiesSvc; "D:\Program Files\TuneUpUtilitiesService32.exe" [x]
 

==================== Drivers (Whitelisted) ====================
 

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18984 2010-04-06] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-01-09] ()

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

S1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-10-01] (Avanquest Software)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-29] (Symantec Corporation)

S3 gdrv; C:\Windows\gdrv.sys [17488 2013-02-03] (Windows (R) 2000 DDK provider)

S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130614.001\IDSvix86.sys [386720 2013-05-31] (Symantec Corporation)

S0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-01-09] ()

S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVENG.SYS [93272 2013-06-01] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVEX15.SYS [1611992 2013-06-01] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-16] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 TuneUpUtilitiesDrv; \??\D:\Program Files\TuneUpUtilitiesDriver32.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-18 21:49 - 2013-06-18 21:49 - 00000000 ____D C:\FRST

2013-06-18 04:13 - 2013-06-18 04:13 - 00000000 ____D C:\_OTL

2013-06-18 03:28 - 2013-06-18 03:35 - 00076068 ____A C:\OTL.Txt

2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2013-06-12 19:31 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 19:31 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 19:26 - 2013-05-17 02:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 19:26 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 19:26 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 15:26 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 15:26 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 15:26 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 15:26 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 15:26 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 15:26 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 15:26 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 15:26 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-12 15:20 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 15:20 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 15:20 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 15:14 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
 

==================== One Month Modified Files and Folders ========
 

2013-06-18 21:49 - 2013-06-18 21:49 - 00000000 ____D C:\FRST

2013-06-18 20:46 - 2011-09-02 20:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-18 20:46 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-18 20:46 - 2009-07-14 05:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-18 20:46 - 2009-07-14 05:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-18 20:45 - 2013-02-04 15:59 - 00012469 ____A C:\Windows\setupact.log

2013-06-18 04:13 - 2013-06-18 04:13 - 00000000 ____D C:\_OTL

2013-06-18 03:35 - 2013-06-18 03:28 - 00076068 ____A C:\OTL.Txt

2013-06-18 03:26 - 2010-11-10 20:29 - 00000000 ___AD C:\users\franke

2013-06-17 20:18 - 2010-11-10 20:22 - 01565583 ____A C:\Windows\WindowsUpdate.log

2013-06-17 20:06 - 2010-11-10 20:42 - 00005210 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2013-06-15 09:47 - 2012-07-19 21:35 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-15 09:37 - 2011-09-02 20:51 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-15 04:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-13 18:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2013-06-13 16:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF

2013-06-12 23:42 - 2011-07-17 15:37 - 00001188 ____A C:\Users\franke\AppData\Local\crc32list11.txt

2013-06-12 19:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-06-12 19:32 - 2010-11-11 19:28 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-06-12 19:27 - 2009-10-14 03:21 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-12 14:51 - 2012-04-01 16:56 - 00000000 ____D C:\Program Files\StarMoney 8.0

2013-06-11 20:49 - 2012-07-19 21:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-11 20:49 - 2011-09-25 17:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-08 12:42 - 2013-06-12 19:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-08 12:13 - 2013-06-12 19:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-03 17:36 - 2011-07-17 15:37 - 00000000 ____D C:\Users\franke\Documents\Mein Steuer-Sparbuch Heute

2013-06-01 20:36 - 2011-07-17 15:29 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-05-01 00:11:01

Restore point made on: 2013-05-11 20:28:11

Restore point made on: 2013-05-15 22:31:46

Restore point made on: 2013-06-02 12:15:44

Restore point made on: 2013-06-10 20:09:07

Restore point made on: 2013-06-12 19:26:12

Restore point made on: 2013-06-15 00:05:42
 

==================== Memory info =========================== 
 

Percentage of memory in use: 13%

Total physical RAM: 4092.54 MB

Available physical RAM: 3554.83 MB

Total Pagefile: 4090.81 MB

Available Pagefile: 3547.88 MB

Total Virtual: 2047.88 MB

Available Virtual: 1918.17 MB
 

==================== Drives ================================
 

Drive c: (windows) (Fixed) (Total:488.18 GB) (Free:436.82 GB) NTFS

Drive e: (programme) (Fixed) (Total:488.28 GB) (Free:483.76 GB) NTFS

Drive f: (daten) (Fixed) (Total:420.7 GB) (Free:411.01 GB) NTFS

Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive h: (******) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: FB48AFF2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=488 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7 GB) - (Type=0B)
 
 

LastRegBack: 2013-06-13 18:03
 

==================== End Of Log ============================

--- --- ---

--- --- ---

Aber jetzt :)

Drücke bitte die http://larusso.trojaner-board.de/Images/windows.jpg + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument

Code:

HKU\franke\...\Winlogon: [Shell] 

HKU\franke\...\Command Processor: "C:\Users\franke\AppData\Local\Temp\ofi3jZF.exe" <===== ATTENTION!

C:\Users\franke\AppData\Local\Temp\ofi3jZF.exe

Speichere diese bitte als Fixlist.txt auf deinem USB Stick.

Starte deinen Rechner erneut in die Reparaturoptionen
Starte nun die FRST.exe erneut und klicke den Fix Button.

Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.

so hier der erneute scan...

Code:

Fix result of Farbar Recovery Tool (FRST written by Farbar) (x86) Version: 18-06-2013 02

Ran by SYSTEM at 2013-06-18 22:06:40 Run:1

Running from H:\

Boot Mode: Recovery
 

==============================================
 

HKU\franke\Software\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell => Value deleted successfully.

HKU\franke\Software\Microsoft\Command Processor\\AutoRun => Value deleted successfully.

C:\Users\franke\AppData\Local\Temp\ofi3jZF.exe => File/Directory not found.
 

==== End of Fixlog ====

Guten Morgen
Da ich eure forenregeln sehr ernst nehme und du nichts von booten geschrieben hast. .......
Ich werde heute abend booten. ...:-)

LOL, ja nee booten darfste ruhig :)

Hallo schrauber,

booten ja......aber immer noch der Sperrbildschirm....

Dann darfste jetzt ein frisches FRST Scanlog aus der Recovery posten :)

So hoffe ist richtig

FRST Logfile:

Code:

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 18-06-2013 02

Ran by SYSTEM on 20-06-2013 00:25:31

Running from H:\

Windows 7 Ultimate (X86) OS Language: German Standard

Internet Explorer Version 10

Boot Mode: Recovery
 

The current controlset is ControlSet001
 ATTENTION!:=====> FRST is updated to run from normal or Safe mode to produce a full FRST.txt log and Addition.txt log.
 

==================== Registry (Whitelisted) ==================
 

HKLM\...\Run: [BCU] "C:\Program Files\DeviceVM\Browser Configuration Utility\BCU.exe" [346320 2009-08-04] (DeviceVM, Inc.)

HKLM\...\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RtHDVCpl.exe -s [8546848 2010-03-17] (Realtek Semiconductor)

HKLM\...\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe [43632 2010-01-19] ()

HKLM\...\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [30040 2009-02-26] (Microsoft Corporation)

HKLM\...\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE [x]

HKLM\...\Run: []  [x]

HKLM\...\Run: [Sweetpacks Communicator] C:\Program Files\SweetIM\Communicator\SweetPacksUpdateManager.exe                                                                                                                                                                                                         [295728 2012-02-26] (SweetIM Technologies Ltd.)

Winlogon\Notify\LBTWlgn: c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll [X]

IMEO\eslite.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\hpcustpartic.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\photoproduct.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"

IMEO\uninst.exe: [Debugger] "D:\Program Files\TUAutoReactivator32.exe"
 

========================== Services (Whitelisted) =================
 

S3 AppleChargerSrv; C:\Windows\System32\AppleChargerSrv.exe [31272 2010-04-06] ()

S2 BCUService; C:\Program Files\DeviceVM\Browser Configuration Utility\BCUService.exe [219360 2009-08-04] (DeviceVM, Inc.)

S2 cjpcsc; C:\Windows\system32\cjpcsc.exe [511920 2011-07-22] (REINER SCT)

S4 ES lite Service; C:\Program Files\Gigabyte\EasySaver\ESSVR.EXE [68136 2009-08-24] ()

S2 JMB36X; C:\Windows\System32\XSrvSetup.exe [72304 2010-01-19] ()

S2 NIS; C:\Program Files\Norton Internet Security\Engine\18.7.2.3\diMaster.dll [262584 2011-04-01] (Symantec Corporation)

S2 StarMoney 7.0 OnlineUpdate; C:\Program Files\StarMoney 7.0\ouservice\StarMoneyOnlineUpdate.exe [549384 2011-05-05] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S2 StarMoney 8.0 OnlineUpdate; C:\Program Files\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe [699680 2012-12-21] (Star Finanz - Software Entwicklung und Vertriebs GmbH)

S2 TuneUp.UtilitiesSvc; "D:\Program Files\TuneUpUtilitiesService32.exe" [x]
 

==================== Drivers (Whitelisted) ====================
 

S1 AppleCharger; C:\Windows\System32\DRIVERS\AppleCharger.sys [18984 2010-04-06] ()

S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [281760 2011-01-09] ()

S1 BHDrvx86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\BASHDefs\20130531.001\BHDrvx86.sys [1002072 2013-05-31] (Symantec Corporation)

S1 bizVSerial; C:\Windows\System32\drivers\bizVSerialNT.sys [14949 2007-05-31] (franson.biz)

S3 BVRPMPR5; C:\Windows\system32\drivers\BVRPMPR5.SYS [49904 2009-10-01] (Avanquest Software)

S3 cjusb; C:\Windows\System32\DRIVERS\cjusb.sys [28144 2011-03-29] (REINER SCT)

S1 eeCtrl; C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys [376480 2012-08-18] (Symantec Corporation)

S3 EraserUtilRebootDrv; C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [106656 2013-03-29] (Symantec Corporation)

S3 gdrv; C:\Windows\gdrv.sys [17488 2013-02-03] (Windows (R) 2000 DDK provider)

S1 IDSVix86; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\IPSDefs\20130614.001\IDSvix86.sys [386720 2013-05-31] (Symantec Corporation)

S0 JRAID; C:\Windows\System32\DRIVERS\jraid.sys [98928 2010-01-27] (JMicron Technology Corp.)

S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [25888 2011-01-09] ()

S3 LMouFilt; C:\Windows\System32\DRIVERS\LMouFilt.Sys [37392 2009-06-17] (Logitech, Inc.)

S3 LUsbFilt; C:\Windows\System32\Drivers\LUsbFilt.Sys [28560 2009-06-17] (Logitech, Inc.)

S3 NAVENG; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVENG.SYS [93272 2013-06-01] (Symantec Corporation)

S3 NAVEX15; C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.5.0.125\Definitions\VirusDefs\20130614.023\NAVEX15.SYS [1611992 2013-06-01] (Symantec Corporation)

S3 SRTSP; C:\Windows\System32\Drivers\NIS\1207020.003\SRTSP.SYS [516216 2011-03-31] (Symantec Corporation)

S1 SRTSPX; C:\Windows\system32\drivers\NIS\1207020.003\SRTSPX.SYS [50168 2011-03-31] (Symantec Corporation)

S0 SymDS; C:\Windows\System32\drivers\NIS\1207020.003\SYMDS.SYS [340088 2011-01-27] (Symantec Corporation)

S0 SymEFA; C:\Windows\System32\drivers\NIS\1207020.003\SYMEFA.SYS [744568 2011-03-15] (Symantec Corporation)

S3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT.SYS [126584 2011-05-16] (Symantec Corporation)

S1 SymIRON; C:\Windows\system32\drivers\NIS\1207020.003\Ironx86.SYS [136312 2011-01-27] (Symantec Corporation)

S1 SymNetS; C:\Windows\System32\Drivers\NIS\1207020.003\SYMNETS.SYS [299640 2011-04-21] (Symantec Corporation)

S3 Synth3dVsc; System32\drivers\synth3dvsc.sys [x]

S3 tsusbhub; system32\drivers\tsusbhub.sys [x]

S3 TuneUpUtilitiesDrv; \??\D:\Program Files\TuneUpUtilitiesDriver32.sys [x]

S3 VGPU; System32\drivers\rdvgkmd.sys [x]
 

==================== NetSvcs (Whitelisted) ===================
 
 

==================== One Month Created Files and Folders ========
 

2013-06-18 21:49 - 2013-06-18 21:49 - 00000000 ____D C:\FRST

2013-06-18 04:13 - 2013-06-18 04:13 - 00000000 ____D C:\_OTL

2013-06-18 03:28 - 2013-06-18 03:35 - 00076068 ____A C:\OTL.Txt

2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2013-06-12 19:31 - 2013-06-08 12:42 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-12 19:31 - 2013-06-08 12:40 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-12 19:31 - 2013-06-08 12:13 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-12 19:26 - 2013-05-17 02:26 - 00042496 ____A (Microsoft Corporation) C:\Windows\System32\ie4uinit.exe

2013-06-12 19:26 - 2013-05-17 02:25 - 02877440 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 01767936 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00690688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00493056 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00109056 ____A (Microsoft Corporation) C:\Windows\System32\iesysprep.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00061440 ____A (Microsoft Corporation) C:\Windows\System32\iesetup.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00039424 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll

2013-06-12 19:26 - 2013-05-17 02:25 - 00033280 ____A (Microsoft Corporation) C:\Windows\System32\iernonce.dll

2013-06-12 19:26 - 2013-05-14 09:40 - 00071680 ____A (Microsoft Corporation) C:\Windows\System32\RegisterIEPKEYs.exe

2013-06-12 15:26 - 2013-05-13 05:45 - 01160192 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll

2013-06-12 15:26 - 2013-05-13 05:45 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll

2013-06-12 15:26 - 2013-05-13 05:45 - 00103936 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll

2013-06-12 15:26 - 2013-05-13 04:08 - 00903168 ____A (Microsoft Corporation) C:\Windows\System32\certutil.exe

2013-06-12 15:26 - 2013-05-13 04:08 - 00043008 ____A (Microsoft Corporation) C:\Windows\System32\certenc.dll

2013-06-12 15:26 - 2013-05-10 04:20 - 00024576 ____A (Microsoft Corporation) C:\Windows\System32\cryptdlg.dll

2013-06-12 15:26 - 2013-04-26 05:55 - 00492544 ____A (Microsoft Corporation) C:\Windows\System32\win32spl.dll

2013-06-12 15:26 - 2013-04-26 00:30 - 01505280 ____A (Microsoft Corporation) C:\Windows\System32\d3d11.dll

2013-06-12 15:20 - 2013-05-06 06:06 - 03968872 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe

2013-06-12 15:20 - 2013-05-06 06:06 - 03913576 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe

2013-06-12 15:20 - 2013-04-17 08:02 - 01230336 ____A (Microsoft Corporation) C:\Windows\System32\WindowsCodecs.dll

2013-06-12 15:14 - 2013-05-08 06:38 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys
 

==================== One Month Modified Files and Folders ========
 

2013-06-19 22:13 - 2010-11-10 20:22 - 01571378 ____A C:\Windows\WindowsUpdate.log

2013-06-19 21:47 - 2012-07-19 21:35 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job

2013-06-19 21:37 - 2011-09-02 20:51 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job

2013-06-19 21:10 - 2009-07-14 05:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0

2013-06-19 21:10 - 2009-07-14 05:34 - 00014192 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0

2013-06-19 21:09 - 2010-11-10 20:42 - 00005210 ____A C:\Windows\System32\PerfStringBackup.INI

2013-06-19 21:05 - 2013-02-04 15:59 - 00012525 ____A C:\Windows\setupact.log

2013-06-19 21:05 - 2011-09-02 20:51 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job

2013-06-19 21:05 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT

2013-06-18 21:49 - 2013-06-18 21:49 - 00000000 ____D C:\FRST

2013-06-18 04:13 - 2013-06-18 04:13 - 00000000 ____D C:\_OTL

2013-06-18 03:35 - 2013-06-18 03:28 - 00076068 ____A C:\OTL.Txt

2013-06-18 03:26 - 2010-11-10 20:29 - 00000000 ___AD C:\users\franke

2013-06-17 19:50 - 2013-06-17 19:50 - 00000000 ___AH C:\Windows\System32\Drivers\Msft_Kernel_LUsbFilt_01005.Wdf

2013-06-15 04:00 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET

2013-06-13 18:10 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\rescache

2013-06-13 16:43 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\NDF

2013-06-12 23:42 - 2011-07-17 15:37 - 00001188 ____A C:\Users\franke\AppData\Local\crc32list11.txt

2013-06-12 19:54 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\de-DE

2013-06-12 19:32 - 2010-11-11 19:28 - 00000000 ____D C:\ProgramData\Microsoft Help

2013-06-12 19:27 - 2009-10-14 03:21 - 73381792 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe

2013-06-12 14:51 - 2012-04-01 16:56 - 00000000 ____D C:\Program Files\StarMoney 8.0

2013-06-11 20:49 - 2012-07-19 21:35 - 00692104 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe

2013-06-11 20:49 - 2011-09-25 17:00 - 00071048 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl

2013-06-08 12:42 - 2013-06-12 19:31 - 01141248 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 14327808 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 13760512 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 02046976 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll

2013-06-08 12:40 - 2013-06-12 19:31 - 00391168 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll

2013-06-08 12:13 - 2013-06-12 19:31 - 02706432 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb

2013-06-03 17:36 - 2011-07-17 15:37 - 00000000 ____D C:\Users\franke\Documents\Mein Steuer-Sparbuch Heute

2013-06-01 20:36 - 2011-07-17 15:29 - 00000000 ____D C:\ProgramData\Buhl Data Service GmbH
 

==================== Known DLLs (Whitelisted) ============
 
 

==================== Bamital & volsnap Check =================
 

C:\Windows\explorer.exe => MD5 is legit

C:\Windows\System32\winlogon.exe => MD5 is legit

C:\Windows\System32\wininit.exe => MD5 is legit

C:\Windows\System32\svchost.exe => MD5 is legit

C:\Windows\System32\services.exe => MD5 is legit

C:\Windows\System32\User32.dll => MD5 is legit

C:\Windows\System32\userinit.exe => MD5 is legit

C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
 

==================== EXE ASSOCIATION =====================
 

HKLM\...\.exe: exefile => OK

HKLM\...\exefile\DefaultIcon: %1 => OK

HKLM\...\exefile\open\command: "%1" %* => OK
 

==================== Restore Points  =========================
 

Restore point made on: 2013-05-01 00:11:01

Restore point made on: 2013-05-11 20:28:11

Restore point made on: 2013-05-15 22:31:46

Restore point made on: 2013-06-02 12:15:44

Restore point made on: 2013-06-10 20:09:07

Restore point made on: 2013-06-12 19:26:12

Restore point made on: 2013-06-15 00:05:42
 

==================== Memory info =========================== 
 

Percentage of memory in use: 13%

Total physical RAM: 4092.54 MB

Available physical RAM: 3551.39 MB

Total Pagefile: 4090.81 MB

Available Pagefile: 3545.68 MB

Total Virtual: 2047.88 MB

Available Virtual: 1919.07 MB
 

==================== Drives ================================
 

Drive c: (windows) (Fixed) (Total:488.18 GB) (Free:436.38 GB) NTFS

Drive e: (programme) (Fixed) (Total:488.28 GB) (Free:483.76 GB) NTFS

Drive f: (daten) (Fixed) (Total:420.7 GB) (Free:411.01 GB) NTFS

Drive g: (ReatogoPE) (CDROM) (Total:0.43 GB) (Free:0 GB) CDFS

Drive h: (GEHLEN) (Removable) (Total:7.46 GB) (Free:7.46 GB) FAT32

Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
 

==================== MBR & Partition Table ==================
 

========================================================

Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397 GB) (Disk ID: FB48AFF2)

Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 2: (Not Active) - (Size=488 GB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=488 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=421 GB) - (Type=07 NTFS)
 

========================================================

Disk: 1 (MBR Code: Windows XP) (Size: 7 GB) (Disk ID: C3072E18)

Partition 1: (Active) - (Size=7 GB) - (Type=0B)
 
 

LastRegBack: 2013-06-13 18:03
 

==================== End Of Log ============================

--- --- ---