Trojaner-Board

Trojaner-Board (https://www.trojaner-board.de/)
-   Plagegeister aller Art und deren Bekämpfung (https://www.trojaner-board.de/plagegeister-aller-art-deren-bekaempfung/)
-   -   GVU win7 Prob (https://www.trojaner-board.de/141533-gvu-win7-prob.html)

Svedia28 14.09.2013 19:48
GVU win7 Prob
 
Hallo Forum,

trotz massiver reinigung tauchte das GVU Prob heute wieder auf.

OTL Datei
Code:
OTL logfile created on: 9/14/2013 5:22:00 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Windows 7 Home Premium Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 9.10.9200.16686)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]

%SystemDrive% = L: | %SystemRoot% = L:\Windows | %ProgramFiles% = L:\Program Files
Drive C: | 100.00 Mb Total Space | 74.34 Mb Free Space | 74.34% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 88.42 Gb Free Space | 18.98% Space Free | Partition Type: NTFS
Drive E: | 76.67 Gb Total Space | 43.09 Gb Free Space | 56.20% Space Free | Partition Type: FAT32
Drive L: | 1397.17 Gb Total Space | 1278.04 Gb Free Space | 91.47% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - [2013/09/10 14:45:02 | 000,257,416 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- L:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/09/03 04:11:56 | 000,084,024 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- L:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/09/03 04:11:40 | 000,815,160 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- L:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/09/03 04:11:35 | 000,622,648 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- L:\Program Files\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/09/03 04:11:34 | 000,108,088 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- L:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2013/09/03 04:11:33 | 000,655,928 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- L:\Program Files\Avira\AntiVir Desktop\avfwsvc.exe -- (AntiVirFirewallService)
SRV - [2013/08/18 04:39:44 | 000,117,656 | ---- | M] (Mozilla Foundation) [On_Demand] -- L:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/05/27 00:57:27 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand] -- L:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV - [2013/05/11 06:37:26 | 000,065,640 | ---- | M] (Adobe Systems Incorporated) [Auto] -- L:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2013/01/28 09:19:28 | 000,029,984 | ---- | M] (TuneUp Software) [Auto] -- L:\Windows\System32\uxtuneup.dll -- (UxTuneUp)
SRV - [2013/01/28 09:19:26 | 001,724,192 | ---- | M] (TuneUp Software) [Auto] -- L:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesService32.exe -- (TuneUp.UtilitiesSvc)
SRV - [2012/12/29 06:26:54 | 001,260,472 | ---- | M] (NVIDIA Corporation) [Auto] -- L:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2010/02/01 10:51:06 | 000,759,048 | ---- | M] (ABBYY) [Auto] -- L:\Program Files\ABBYY PDF Transformer 3.0\NetworkLicenseServer.exe -- (ABBYY.Licensing.PDFTransformer.Classic.3.0)
SRV - [2009/07/13 21:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- L:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2005/05/24 11:22:16 | 002,027,520 | ---- | M] (Borland Software Corporation) [On_Demand] -- L:\Program Files\Borland\InterBase\bin\ibserver.exe -- (IBS_gds_db)
SRV - [2005/05/24 11:22:14 | 000,036,864 | ---- | M] (Borland Software Corporation) [Auto] -- L:\Program Files\Borland\InterBase\bin\ibguard.exe -- (IBG_gds_db) InterBase 7.5 (gds_db)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (Lavasoft Kernexplorer)
DRV - [2013/09/03 04:12:00 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- L:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2013/09/03 04:12:00 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- L:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2013/08/10 04:55:41 | 000,113,024 | ---- | M] (Avira GmbH) [Kernel | System] -- L:\Windows\System32\drivers\avfwot.sys -- (avfwot)
DRV - [2013/08/10 04:55:41 | 000,092,448 | ---- | M] (Avira GmbH) [Kernel | On_Demand] -- L:\Windows\System32\drivers\avfwim.sys -- (avfwim)
DRV - [2013/08/10 04:55:41 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- L:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2013/08/10 04:55:41 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- L:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2013/04/03 03:58:16 | 000,181,912 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- L:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.)
DRV - [2013/04/03 03:58:16 | 000,083,864 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- L:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.)
DRV - [2012/12/29 06:26:54 | 008,904,632 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- L:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2012/09/19 05:50:50 | 000,010,088 | ---- | M] (TuneUp Software) [Kernel | On_Demand] -- L:\Program Files\TuneUp Utilities 2013\TuneUpUtilitiesDriver32.sys -- (TuneUpUtilitiesDrv)
DRV - [2010/11/20 06:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- L:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 05:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- L:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/09/23 03:46:08 | 000,064,288 | ---- | M] (Lavasoft AB) [File_System | Boot] -- L:\Windows\System32\drivers\Lbd.sys -- (Lbd)
DRV - [2009/12/03 00:00:00 | 000,078,648 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | Auto] -- L:\Windows\System32\drivers\WibuKey.sys -- (WIBUKEY)
DRV - [2009/10/02 09:29:42 | 000,066,472 | ---- | M] (AVM Berlin) [Kernel | Auto] -- L:\Windows\System32\drivers\avmport.sys -- (AVMPORT)
DRV - [2009/09/08 06:48:46 | 000,016,384 | ---- | M] (WIBU-SYSTEMS AG) [Kernel | On_Demand] -- L:\Windows\System32\drivers\Wibukey2.sys -- (Wibukey2)
DRV - [2009/07/13 18:02:54 | 000,113,024 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- L:\Windows\System32\drivers\b1cbase.sys -- (b1cbase)
DRV - [2009/07/13 18:02:54 | 000,064,000 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- L:\Windows\System32\drivers\avmcowan.sys -- (AVMCOWAN)
DRV - [2007/02/15 20:57:04 | 000,034,760 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand] -- L:\Windows\System32\drivers\ElbyCDFL.sys -- (ElbyCDFL)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 38 50 47 C3 5F D3 CC 01 [binary data]
IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Sven_Haferkorn_ON_L\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local



FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: L:\Windows\System32\Macromed\Flash\NPSWF32_11_8_800_168.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: L:\Windows\System32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: L:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@docu-track.com/PDF-XChange Viewer Plugin,version=1.0,application/pdf: L:\Program Files\Tracker Software\PDF Viewer\npPDFXCviewNPPlugin.dll (Tracker Software Products Ltd.)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: L:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: L:\Windows\System32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: L:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: L:\Program Files\Microsoft Silverlight\4.0.50524.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: L:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: L:\Program Files\Google\Update\1.3.21.153\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.3: L:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: L:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013/08/18 04:39:40 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 23.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013/08/25 01:42:50 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 10.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 11.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 12.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 16.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.5\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.6\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.10\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.11\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.7\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.8\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 3.1.9\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 5.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 6.0.2\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 7.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 8.0\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 9.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2013/08/06 23:16:28 | 000,000,000 | ---D | M]

[2013/08/18 04:39:40 | 000,000,000 | ---D | M] (No name found) -- L:\Program Files\Mozilla Firefox\extensions
[2013/08/18 04:39:40 | 000,000,000 | ---D | M] (Flagfox) -- L:\Program Files\Mozilla Firefox\extensions\{1018e4d6-728f-4b20-ad56-37578a4de76b}
[2013/08/18 04:39:40 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- L:\Program Files\Mozilla Firefox\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2013/08/18 04:39:40 | 000,000,000 | ---D | M] (WOT) -- L:\Program Files\Mozilla Firefox\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}
[2013/08/18 04:39:40 | 000,000,000 | ---D | M] (Adblock Plus) -- L:\Program Files\Mozilla Firefox\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2013/08/18 04:39:39 | 000,000,000 | ---D | M] (No name found) -- L:\Program Files\Mozilla Firefox\browser\extensions
[2013/08/18 04:39:44 | 000,000,000 | ---D | M] (Default) -- L:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

O1 HOSTS File: ([2009/06/10 17:39:37 | 000,000,824 | ---- | M]) - L:\Windows\System32\drivers\etc\hosts
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - L:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - L:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O4 - HKLM..\Run: [avgnt] L:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [cgBXoIziJrRPgl] L:\Users\Sven Haferkorn\AppData\Local\n7MIr9o.exe (Корпорация Майкрософт)
O4 - HKU\Sven_Haferkorn_ON_L..\Run: [360Amigo] L:\Program files\360Amigo\360Amigo.exe (360Amigo)
O4 - HKU\Sven_Haferkorn_ON_L..\Run: [cgBXoIziJrRPgl] L:\Users\Sven Haferkorn\AppData\Local\n7MIr9o.exe (Корпорация Майкрософт)
O4 - HKU\Sven_Haferkorn_ON_L..\Run: [KiesPreload] L:\Program Files\Samsung\Kies\Kies.exe (Samsung)
O4 - HKU\LocalService_ON_L..\RunOnce: [mctadmin] L:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_L..\RunOnce: [mctadmin] L:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_L..\RunOnce: [mctadmin] L:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - Startup: Error locating startup folders.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\Sven_Haferkorn_ON_L\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - L:\Windows\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - L:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - L:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0017-0000-0011-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 1.7.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_11-windows-i586.cab (Java Plug-in 10.17.2)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\AutorunsDisabled - No CLSID value found
O18 - Protocol\Handler\AutorunsDisabled\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - L:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - L:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - L:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O20 - HKU\Sven_Haferkorn_ON_L Winlogon: Shell - (explorer.exe) - L:\Windows\explorer.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/21 09:06:06 | 000,000,000 | ---- | M] () - E:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2009/06/10 17:42:20 | 000,000,024 | ---- | M] () - L:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/09/14 08:33:46 | 000,118,784 | ---- | C] (Корпорация Майкрософт) -- L:\Users\Sven Haferkorn\AppData\Local\n7MIr9o.exe
[2013/09/12 21:04:36 | 002,706,432 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\mshtml.tlb
[2013/09/12 21:04:36 | 000,690,688 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\jscript.dll
[2013/09/12 21:04:35 | 002,876,928 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\jscript9.dll
[2013/09/12 21:04:35 | 000,039,424 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\jsproxy.dll
[2013/09/12 21:04:34 | 000,391,168 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\ieui.dll
[2013/09/12 21:04:34 | 000,061,440 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\iesetup.dll
[2013/09/12 21:04:33 | 000,493,056 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\msfeeds.dll
[2013/09/12 21:04:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\iesysprep.dll
[2013/09/12 21:04:33 | 000,071,680 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\RegisterIEPKEYs.exe
[2013/09/12 21:04:33 | 000,042,496 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\ie4uinit.exe
[2013/09/12 21:04:33 | 000,033,280 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\iernonce.dll
[2013/09/11 23:35:00 | 000,133,056 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\drivers\ataport.sys
[2013/09/11 23:34:59 | 002,348,544 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\win32k.sys
[2013/09/11 23:34:58 | 000,271,360 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\conhost.exe
[2013/09/11 23:34:58 | 000,169,984 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\winsrv.dll
[2013/09/11 23:34:58 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-security-base-l1-1-0.dll
[2013/09/11 23:34:58 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-file-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-threadpool-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-processthreads-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-sysinfo-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-synch-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-misc-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-localregistry-l1-1-0.dll
[2013/09/11 23:34:58 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-localization-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-xstate-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-processenvironment-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-namedpipe-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-memory-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-libraryloader-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-interlocked-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-heap-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-util-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-string-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-rtlsupport-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-profile-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-io-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-handle-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-fibers-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-errorhandling-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-delayload-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-debug-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-datetime-l1-1-0.dll
[2013/09/11 23:34:58 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- L:\Windows\System32\api-ms-win-core-console-l1-1-0.dll
[2013/09/01 10:57:35 | 000,000,000 | ---D | C] -- L:\Users\Sven Haferkorn\Desktop\TRojaner
[2013/08/25 01:01:11 | 000,000,000 | ---D | C] -- L:\FRST
[2013/08/25 00:47:02 | 000,000,000 | ---D | C] -- L:\AdwCleaner
[2013/08/24 18:38:49 | 000,000,000 | ---D | C] -- L:\_OTL
[2013/08/24 15:39:39 | 000,000,000 | ---D | C] -- L:\Windows\ERUNT
[2013/08/18 16:35:25 | 000,000,000 | ---D | C] -- L:\Windows\System32\MRT
[2013/08/18 04:39:39 | 000,000,000 | ---D | C] -- L:\Program Files\Mozilla Firefox
[2013/08/18 03:41:03 | 000,000,000 | -H-D | C] -- L:\Users\Sven Haferkorn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\AutorunsDisabled
[2013/08/18 03:12:36 | 003,968,960 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\ntkrnlpa.exe
[2013/08/18 03:12:36 | 003,913,664 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\ntoskrnl.exe
[2013/08/18 03:12:33 | 001,620,992 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\WMVDECOD.DLL
[2013/08/18 03:12:22 | 000,002,048 | ---- | C] (Microsoft Corporation) -- L:\Windows\System32\tzres.dll
[2010/12/16 16:39:36 | 000,302,592 | ---- | C] (Google) -- L:\Program Files\Common Files\webmmux.dll
[2010/12/16 16:39:16 | 000,701,440 | ---- | C] (Google) -- L:\Program Files\Common Files\vp8encoder.dll
[2010/12/16 16:39:16 | 000,412,672 | ---- | C] (Google) -- L:\Program Files\Common Files\vp8decoder.dll
[2010/12/16 16:39:14 | 000,292,352 | ---- | C] (Google) -- L:\Program Files\Common Files\webmsplit.dll
[2009/07/11 18:02:04 | 000,653,120 | ---- | C] (Microsoft Corporation) -- L:\Program Files\Common Files\MSVCR90.dll
[2009/07/11 18:02:02 | 000,569,664 | ---- | C] (Microsoft Corporation) -- L:\Program Files\Common Files\MSVCP90.dll
[1 L:\Users\Public\Documents\*.tmp files -> L:\Users\Public\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/09/14 09:58:27 | 000,067,584 | --S- | M] () -- L:\Windows\bootstat.dat
[2013/09/14 09:57:41 | 000,001,110 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013/09/14 09:57:29 | 2415,370,240 | -HS- | M] () -- L:\hiberfil.sys
[2013/09/14 08:33:49 | 000,181,113 | ---- | M] () -- L:\Users\Sven Haferkorn\AppData\Local\7813e97f-519c-4e1c-8e0a-4aba8d383d10
[2013/09/14 08:33:45 | 000,118,784 | ---- | M] (Корпорация Майкрософт) -- L:\Users\Sven Haferkorn\AppData\Local\n7MIr9o.exe
[2013/09/14 08:15:31 | 000,013,728 | -H-- | M] () -- L:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/09/14 08:15:31 | 000,013,728 | -H-- | M] () -- L:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/09/13 13:42:00 | 000,001,114 | ---- | M] () -- L:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013/09/13 13:41:00 | 000,000,884 | ---- | M] () -- L:\Windows\tasks\Adobe Flash Player Updater.job
[2013/09/13 12:54:13 | 000,038,476 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\Angebot-2013201.pdf
[2013/09/12 21:22:37 | 000,477,784 | ---- | M] () -- L:\Windows\System32\FNTCACHE.DAT
[2013/09/11 14:47:35 | 000,011,554 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\Unbenannt.png
[2013/09/10 14:45:00 | 000,692,616 | ---- | M] (Adobe Systems Incorporated) -- L:\Windows\System32\FlashPlayerApp.exe
[2013/09/10 14:45:00 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- L:\Windows\System32\FlashPlayerCPLApp.cpl
[2013/09/09 14:09:56 | 000,714,630 | ---- | M] () -- L:\Windows\System32\perfh007.dat
[2013/09/09 14:09:56 | 000,665,644 | ---- | M] () -- L:\Windows\System32\perfh009.dat
[2013/09/09 14:09:56 | 000,154,498 | ---- | M] () -- L:\Windows\System32\perfc007.dat
[2013/09/09 14:09:56 | 000,124,718 | ---- | M] () -- L:\Windows\System32\perfc009.dat
[2013/09/07 08:11:20 | 002,347,022 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\20130907_141120.jpg
[2013/09/06 00:15:05 | 000,023,367 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\Detail_9_2.pdf
[2013/09/05 00:23:12 | 000,976,191 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\Reichsstr.-LV-Dachd._130704.pdf
[2013/09/03 04:12:01 | 000,066,144 | ---- | M] (Avira Operations GmbH & Co. KG) -- L:\Windows\System32\drivers\avnetflt.sys
[2013/09/03 04:12:00 | 000,136,672 | ---- | M] (Avira Operations GmbH & Co. KG) -- L:\Windows\System32\drivers\avipbb.sys
[2013/09/03 04:12:00 | 000,088,840 | ---- | M] (Avira Operations GmbH & Co. KG) -- L:\Windows\System32\drivers\avgntflt.sys
[2013/09/01 11:00:43 | 000,001,067 | ---- | M] () -- L:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/09/01 11:00:43 | 000,000,000 | ---D | M] -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013/08/28 02:26:00 | 000,675,529 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\selbstauskunft.pdf
[2013/08/25 14:29:52 | 000,105,975 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\vogel.bph
[2013/08/25 14:29:51 | 000,105,921 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\vogel.BAK
[2013/08/25 12:47:06 | 004,283,788 | ---- | M] () -- L:\Users\Sven Haferkorn\Desktop\Produktkatalog_Heuel.pdf
[2013/08/25 01:42:50 | 000,002,441 | ---- | M] () -- L:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
[2013/08/24 09:15:16 | 261,889,091 | ---- | M] () -- L:\Windows\MEMORY.DMP
[2013/08/18 16:26:57 | 000,001,990 | ---- | M] () -- L:\Users\Sven Haferkorn\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[1 L:\Users\Public\Documents\*.tmp files -> L:\Users\Public\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/09/14 08:33:49 | 000,181,113 | ---- | C] () -- L:\Users\Sven Haferkorn\AppData\Local\7813e97f-519c-4e1c-8e0a-4aba8d383d10
[2013/09/13 12:54:16 | 000,038,476 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\Angebot-2013201.pdf
[2013/09/11 14:50:49 | 002,347,022 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\20130907_141120.jpg
[2013/09/11 14:47:35 | 000,011,554 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\Unbenannt.png
[2013/09/06 00:15:05 | 000,023,367 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\Detail_9_2.pdf
[2013/09/05 00:23:11 | 000,976,191 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\Reichsstr.-LV-Dachd._130704.pdf
[2013/09/01 11:00:43 | 000,001,067 | ---- | C] () -- L:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013/08/28 02:26:00 | 000,675,529 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\selbstauskunft.pdf
[2013/08/25 14:29:02 | 000,105,975 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\vogel.bph
[2013/08/25 14:29:02 | 000,105,921 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\vogel.BAK
[2013/08/25 12:47:06 | 004,283,788 | ---- | C] () -- L:\Users\Sven Haferkorn\Desktop\Produktkatalog_Heuel.pdf
[2013/08/24 09:15:16 | 261,889,091 | ---- | C] () -- L:\Windows\MEMORY.DMP
[2013/08/06 00:48:12 | 000,075,776 | ---- | C] () -- L:\Windows\cadkasdeinst01e.exe
[2013/04/18 13:07:00 | 000,030,568 | ---- | C] () -- L:\Windows\MusiccityDownload.exe
[2013/04/18 13:06:46 | 000,974,848 | ---- | C] () -- L:\Windows\System32\cis-2.4.dll
[2013/04/18 13:06:46 | 000,081,920 | ---- | C] () -- L:\Windows\System32\issacapi_bs-2.3.dll
[2013/04/18 13:06:46 | 000,065,536 | ---- | C] () -- L:\Windows\System32\issacapi_pe-2.3.dll
[2013/04/18 13:06:46 | 000,057,344 | ---- | C] () -- L:\Windows\System32\issacapi_se-2.3.dll
[2013/01/12 13:34:09 | 000,000,004 | ---- | C] () -- L:\Users\Sven Haferkorn\AppData\Roaming\skype.ini
[2012/12/12 15:34:28 | 000,000,170 | ---- | C] () -- L:\Windows\SHISETUP.SYS
[2012/11/21 14:42:01 | 000,000,064 | ---- | C] () -- L:\Windows\System32\rp_stats.dat
[2012/11/21 14:42:01 | 000,000,044 | ---- | C] () -- L:\Windows\System32\rp_rules.dat
[2012/10/29 11:44:56 | 000,315,392 | ---- | C] () -- L:\Windows\System32\EMRegSys.dll
[2012/08/11 03:07:59 | 000,000,200 | ---- | C] () -- L:\Windows\ktel.ini
[2012/05/24 10:55:29 | 000,116,736 | ---- | C] () -- L:\Windows\System32\qvredmonnt.dll
[2012/01/19 04:47:24 | 000,000,017 | ---- | C] () -- L:\Users\Sven Haferkorn\AppData\Local\resmon.resmoncfg
[2011/12/26 12:18:43 | 000,338,432 | ---- | C] () -- L:\Windows\System32\sqlite36_engine.dll
[2011/12/23 14:00:39 | 000,145,576 | -H-- | C] () -- L:\Windows\System32\mlfcache.dat
[2011/11/27 03:44:16 | 000,000,114 | ---- | C] () -- L:\Windows\System32\fgbs81.sys
[2011/11/26 13:54:50 | 000,011,275 | ---- | C] () -- L:\Windows\System32\vgittsd.dll
[2011/07/17 14:48:30 | 000,001,052 | R--- | C] () -- \reatogoMenu.ini
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP.SP2
[2011/07/17 14:43:36 | 000,000,000 | R--- | C] () -- \WIN51IP
[2011/06/24 11:46:20 | 000,252,928 | ---- | C] () -- L:\Windows\System32\DShowRdpFilter.dll
[2011/05/30 15:00:59 | 000,005,632 | ---- | C] () -- L:\Users\Sven Haferkorn\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/05/23 16:10:13 | 000,000,000 | ---- | C] () -- L:\Windows\LVmini.INI
[2011/05/23 16:06:46 | 000,000,069 | ---- | C] () -- L:\Windows\setupmf.ini
[2011/04/12 09:14:58 | 000,116,224 | ---- | C] () -- L:\Windows\System32\redmonnt.dll
[2011/04/12 09:14:58 | 000,045,056 | ---- | C] () -- L:\Windows\System32\unredmon.exe
[2011/01/11 21:00:44 | 000,030,208 | ---- | C] () -- L:\Program Files\Common Files\wmpinfo.dll
[2011/01/11 21:00:42 | 000,240,128 | ---- | C] () -- L:\Program Files\Common Files\dsfVorbisDecoder.dll
[2011/01/11 21:00:42 | 000,195,584 | ---- | C] () -- L:\Program Files\Common Files\dsfOggDemux2.dll
[2011/01/11 21:00:42 | 000,146,944 | ---- | C] () -- L:\Program Files\Common Files\dsfFLACDecoder.dll
[2011/01/11 21:00:40 | 000,221,184 | ---- | C] () -- L:\Program Files\Common Files\dsfFLACEncoder.dll
[2011/01/11 21:00:40 | 000,204,800 | ---- | C] () -- L:\Program Files\Common Files\dsfNativeFLACSource.dll
[2010/10/21 15:26:31 | 000,057,552 | ---- | C] () -- L:\Windows\System32\WkDos.exe
[2010/10/21 09:18:46 | 000,303,104 | ---- | C] () -- L:\Windows\System32\dnt27VC8.dll
[2010/10/21 09:16:58 | 000,143,360 | ---- | C] () -- L:\Windows\System32\dntvmc27VC8.dll
[2010/10/21 09:16:34 | 000,086,016 | ---- | C] () -- L:\Windows\System32\dntvm27VC8.dll
[2010/07/18 04:13:08 | 000,000,056 | -H-- | C] () -- L:\Windows\System32\ezsidmv.dat
[2010/07/11 14:46:21 | 000,000,000 | ---- | C] () -- L:\Windows\nsreg.dat
[2009/07/14 04:47:43 | 000,714,630 | ---- | C] () -- L:\Windows\System32\perfh007.dat
[2009/07/14 04:47:43 | 000,295,922 | ---- | C] () -- L:\Windows\System32\perfi007.dat
[2009/07/14 04:47:43 | 000,154,498 | ---- | C] () -- L:\Windows\System32\perfc007.dat
[2009/07/14 04:47:43 | 000,038,104 | ---- | C] () -- L:\Windows\System32\perfd007.dat
[2009/07/14 00:57:37 | 000,067,584 | --S- | C] () -- L:\Windows\bootstat.dat
[2009/07/14 00:33:53 | 000,477,784 | ---- | C] () -- L:\Windows\System32\FNTCACHE.DAT
[2009/07/13 22:05:48 | 000,665,644 | ---- | C] () -- L:\Windows\System32\perfh009.dat
[2009/07/13 22:05:48 | 000,291,294 | ---- | C] () -- L:\Windows\System32\perfi009.dat
[2009/07/13 22:05:48 | 000,124,718 | ---- | C] () -- L:\Windows\System32\perfc009.dat
[2009/07/13 22:05:48 | 000,031,548 | ---- | C] () -- L:\Windows\System32\perfd009.dat
[2009/07/13 22:05:05 | 000,000,741 | ---- | C] () -- L:\Windows\System32\NOISE.DAT
[2009/07/13 22:04:11 | 000,215,943 | ---- | C] () -- L:\Windows\System32\dssec.dat
[2009/07/13 19:55:01 | 000,043,131 | ---- | C] () -- L:\Windows\mib.bin
[2009/07/13 19:51:43 | 000,073,728 | ---- | C] () -- L:\Windows\System32\BthpanContextHandler.dll
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- L:\Windows\System32\BWContextHandler.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- L:\Windows\System32\mlang.dat
[2008/01/15 00:31:00 | 000,000,530 | ---- | C] () -- L:\Windows\System32\tx14_ic.ini
[2006/03/24 07:06:41 | 000,000,053 | R--- | C] () -- \AUTORUN.INF
[2005/07/16 17:36:50 | 000,240,128 | R--- | C] () -- \reatogoMenu.exe
[2001/03/06 10:08:30 | 000,077,824 | ---- | C] () -- L:\Windows\System32\gidReg.dll
[1998/07/11 19:13:00 | 000,053,760 | ---- | C] () -- L:\Windows\System32\zlib.dll

========== LOP Check ==========

[2011/07/17 14:50:33 | 000,000,000 | R--D | M] -- \I386
[2011/07/17 14:43:48 | 000,000,000 | R--D | M] -- \PROGRAMS
[2011/07/17 14:49:08 | 000,000,000 | R--D | M] -- \SFX
[2013/08/24 11:10:18 | 000,032,640 | ---- | M] () -- L:\Windows\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Files - Unicode (All) ==========
[2013/09/11 00:05:24 | 097,021,647 | ---- | M] ()(L:\Windows\System32\???k) -- L:\Windows\System32\쉂k
[2013/09/10 12:43:28 | 097,021,647 | ---- | C] ()(L:\Windows\System32\???k) -- L:\Windows\System32\쉂k
[2013/09/05 15:51:43 | 096,185,213 | ---- | M] ()(L:\Windows\System32\???l) -- L:\Windows\System32\掜ຉl
[2013/09/04 12:59:35 | 096,185,213 | ---- | C] ()(L:\Windows\System32\???l) -- L:\Windows\System32\掜ຉl

========== Alternate Data Streams ==========

@Alternate Data Stream - 24 bytes -> L:\Windows4E00F11B7D48365
< End of report >
eine Dauerhafte L;sung b ekommt man wohl nur mit formatieren der Platte hin???

Danke

schrauber 14.09.2013 20:50
wie wo was massive reinigung?

OTLPE stinkt.

Scan mit Farbar's Recovery Scan Tool (Recovery Mode - Windows Vista, 7, 8)
Hinweise für Windows 8-Nutzer: Anleitung 1 (FRST-Variante) und Anleitung 2 (zweiter Teil)
  • Downloade dir bitte die passende Version des Tools (im Zweifel beide) und speichere diese auf einen USB Stick: FRST Download FRST 32-Bit | FRST 64-Bit
  • Schließe den USB Stick an das infizierte System an und boote das System in die System Reparatur Option.
  • Scanne jetzt nach der bebilderten Anleitung oder verwende die folgende Kurzanleitung:
Über den Boot Manager:
  • Starte den Rechner neu.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Mit Windows CD/DVD (auch bei Windows 8 möglich):
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu und starte von der CD.
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".
Wähle in den Reparaturoptionen: Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument: Datei > Speichern unter... und wähle Computer.
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt, merke ihn dir.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe bzw. e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks, den du dir gemerkt hast. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Ja und klicke Untersuchen
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier nach Möglichkeit in Code-Tags (Anleitung).



Alle Zeitangaben in WEZ +1. Es ist jetzt 13:32 Uhr.

Copyright ©2000-2025, Trojaner-Board


Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131