Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU Trojaner unter Windows 7

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 10.07.2012, 12:33   #1
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hallo liebes Forum,

Habe mir kürzlich diesen "GVU Trojaner" eingefangen und umgehend dieses Board hier aufgesucht. Das Problem ist im Prinzip exakt dasselbe wie bei vieln anderen Usern auch. Ich kann einfach nicht mehr auf den Desktop zugreifen.

Habe eine Vorgehensweise aus einem ähnlichen Topic ("GVU Trojaner? oder echt? ") benutzt und bis zu einem bestimmten Punkt hat es auch geklappt:

Zitat:
Zitat von cosinus Beitrag anzeigen
Funktioniert noch der abgesicherte Modus mit Netzwerktreibern? Mit Internetverbindung?



Abgesicherter Modus zur Bereinigung
  • Windows mit F8-Taste beim Start in den abgesicherten Modus bringen.
  • Starte den Rechner in den abgesicherten Modus mit Netzwerktreibern:

    Windows im abgesicherten Modusstarten
--> Ich habe den abgesicherten Modus mit Netzwerktreibern gestartet und dann folgende Anweisungen befolgt:

Zitat:
Zitat von cosinus Beitrag anzeigen
Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten:

Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD.
  • Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
  • Wenn der Download fertig ist, mache einen Doppelklick auf die Datei und beantworte die Frage "Do you want to burn the CD?" mit Yes.
  • Lege eine leere CD in Deinen Brenner.
  • ImgBurn (oder Dein Brennprogramm) wird das Archiv extrahieren und OTLPE Network auf die CD brennen.
  • Wenn der Brenn-Vorgang abgeschlossen ist, wirst Du eine Dialogbox sehen => "Operation successfully completed".
  • Du kannst nun die Fenster des Brennprogramms schließen.
Nun boote von der OTLPE CD. Hinweis: Wie boote ich von CD
  • Dein System sollte nach einigen Minuten den REATOGO-X-PE Desktop anzeigen.
  • Mache einen Doppelklick auf das OTLPE Icon.
  • Hinweis: Damit OTLPE auch das richtige installierte Windows scant, musst du den Windows-Ordner des auf der Platte installierten Windows auswählen, einfach nur C: auswählen gibt einen Fehler!
  • Wenn Du gefragt wirst "Do you wish to load the remote registry", dann wähle Yes.
  • Wenn Du gefragt wirst "Do you wish to load remote user profile(s) for scanning", dann wähle Yes.
  • Vergewissere Dich, dass die Box "Automatically Load All Remaining Users" gewählt ist und drücke OK.
  • OTLpe sollte nun starten.
  • Drücke Run Scan, um den Scan zu starten.
  • Wenn der Scan fertig ist, werden die Dateien C:\OTL.Txt und C:\Extras.Txt erstellt
  • Kopiere diese Datei auf Deinen USB-Stick, wenn Du keine Internetverbindung auf diesem System hast.
  • Bitte poste den Inhalt von C:\OTL.Txt und Extras.Txt.
---> nach dem Punkt: "Nun boote von der OTLPE CD..." kam ich nicht mehr weiter, weil folgendes passierte:

--> "Starting Reatogo-X-PE"... Nachdem der "weiße Balken" voll ist dauert es noch ca.2min bis ein großes Windows Logo erscheint
--> Kurz darauf erscheint ein blauer Bildschirm mit folgendem Text in weiß:

"A problem has been detected and Windows has been shut down to prevent damage to your computer.

If this is the first time you've seen this Stop error screen, restart your computer. If this screen appears again, follow these steps:

Check for viruses on your computer. Remove any newly installed hard drive controllers. Check your hard drive to make sure it is properly configured and terminated. Run CHKDSK /F to check for hard drive corruption, and then restart your computer.

Technical information:

***STOP: 0x0000007B (0xF78DA528, 0xC0000034, 0x00000000, 0x00000000)"

--> Anschließend reagiert der Laptop nur noch auf den "AUS/EIN"-Schalter.

--> Ich komme also garnicht erst zu den weiteren Schritten.

Ich wäre echt dankbar , wenn mir jemand helfen könnte?

Alt 11.07.2012, 16:16   #2
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7





Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen.

Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
  • Lies dir meine Anleitungen erst einmal durch. Sollte irgendetwas unklar sein, Frage bevor du beginnst.
  • Solltest du bei einem Schritt Probleme haben, stoppe dort und beschreib mir das Problem so gut du kannst. Manchmal erfordert ein Schritt den vorhergehenden.
  • Sollte ich auf diese, sowie allen weiteren Antworten, innerhalb von 3 Tagen keine Antwort von dir erhalten, werde ich das Thema aus meinen Abonnements löschen.
  • Nur Scanns durchführen zu denen Du von einem Helfer aufgefordert wirst und Installiere / Deinstalliere keine Software ohne Aufforderung.
  • Poste die Logfiles direkt in deinen Thread und nicht als Anhang, ausser du wurdest dazu aufgefordert. Erschwert mir das Auswerten.
Note: Sollte ich 48 Stunden nichts von mir hören lassen, schicke mir bitte eine PM. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des PCs.



Welches Betriebssystem ?
__________________

__________________

Alt 11.07.2012, 16:41   #3
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hallo,

mein Betriebssystem ist Windows 7.

Vielen Dank für deine Hilfe.

Gruß
__________________

Alt 11.07.2012, 19:40   #4
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Downloade dir bitte Farbar Recovery Scan Tool 32-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 12.07.2012, 12:53   #5
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Zitat:
Zitat von Larusso Beitrag anzeigen
Gib nun bitte folgenden Befehl ein.
e:\frst.exe
Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.

Danach geht es nicht mehr weiter. Es steht folgendes:

The subsystem needed to support the image type is not present.

Kann es vielleicht damit zusammenhängen, dass ich ein 64-Bit System hier habe?

Was nun?


Alt 12.07.2012, 16:07   #6
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Ja, ich hab einfach mal geraten



Downloade dir bitte Farbar Recovery Scan Tool 64-Bit und speichere diese auf einen USB Stick.

Schließe den USB Stick an das infizierte System an

Du musst das System nun in die System Reparatur Option booten.

Über den Boot Manager
  • Starte den Rechner neu auf.
  • Während dem Hochfahren drücke mehrmals die F8 Taste
  • Wähle nun Computer reparieren.
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".

Mit Windows CD/DVD
  • Lege die Windows CD in dein Laufwerk.
  • Starte den Rechner neu auf und starte von der CD
  • Wähle die Spracheinstellungen und klicke "Weiter".
  • Klicke auf Computerreparaturoptionen !!
  • Wähle dein Betriebssystem und Benutzerkonto und klicke jeweils "Weiter".


Wähle in den Reparaturoptionen Eingabeaufforderung
  • Gib nun bitte notepad ein und drücke Enter.
  • Im öffnenden Textdokument --> Datei --> Speichern unter und wähle Computer
    Hier wird dir der Laufwerksbuchstabe deines USB Sticks angezeigt.
  • Schließe Notepad wieder
  • Gib nun bitte folgenden Befehl ein.
    e:\frst64.exe
    Hinweis: e steht für den Laufwerksbuchstaben deines USB Sticks. Gegebenfalls anpassen.
  • Akzeptiere den Disclaimer mit Yes und klicke Scan
Das Tool erstellt eine FRST.txt auf deinem USB Stick. Poste den Inhalt bitte hier.
__________________
--> GVU Trojaner unter Windows 7

Alt 12.07.2012, 20:33   #7
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Code:
ATTFilter
Scan result of Farbar Recovery Scan Tool Version: 11-07-2012
Ran by SYSTEM at 12-07-2012 21:27:43
Running from F:\
Windows 7 Home Premium   (X64) OS Language: English(US) 
The current controlset is ControlSet001

========================== Registry (Whitelisted) =============

HKLM\...\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe [1754448 2010-03-15] ()
HKLM\...\Run: [IntelWireless] "C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" /tf Intel Wireless Tray [1928976 2010-03-05] (Intel(R) Corporation)
HKLM\...\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-08-31] (AlcorMicro Co., Ltd.)
HKLM\...\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe [621440 2009-09-29] (ELAN Microelectronic Corp.)
HKLM\...\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd [x]
HKLM\...\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe [4011336 2010-11-24] (O&O Software GmbH)
HKLM\...\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe [162328 2011-02-11] (Intel Corporation)
HKLM\...\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe [386584 2011-02-11] (Intel Corporation)
HKLM\...\Run: [Persistence] C:\Windows\system32\igfxpers.exe [417304 2011-02-11] (Intel Corporation)
HKLM-x32\...\Run: [RemoteControl9] "C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [87336 2009-07-06] (CyberLink Corp.)
HKLM-x32\...\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe [75048 2010-02-23] (cyberlink)
HKLM-x32\...\Run: [UpdatePSTShortCut] "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" [210216 2010-06-24] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateLBPShortCut] "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [UpdateP2GoShortCut] "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" [222504 2009-05-19] (CyberLink Corp.)
HKLM-x32\...\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe [7109248 2010-01-13] (ASUS)
HKLM-x32\...\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe [170624 2010-01-05] (ASUS)
HKLM-x32\...\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe [105016 2009-06-19] (ASUS)
HKLM-x32\...\Run: [NUSB3MON] "C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [106496 2009-10-21] (NEC Electronics Corporation)
HKLM-x32\...\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe /autostart [339312 2010-09-15] (Haufe-Lexware GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [937920 2011-06-06] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe [221256 2011-09-07] (Geek Software GmbH)
HKLM-x32\...\Run: [DivXUpdate] "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW [1259376 2011-07-28] ()
HKLM-x32\...\Run: [NPSStartup]  [x]
HKLM-x32\...\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" [254696 2012-01-18] (Sun Microsystems, Inc.)
HKLM-x32\...\Run: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min [348624 2012-05-01] (Avira Operations GmbH & Co. KG)
HKU\SümHar\...\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe [370480 2010-07-19] (syncables, LLC)
HKU\SümHar\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKU\SümHar\...\Run: [{61BD274C-F74C-E07B-DEB0-807B79218202}] C:\Users\SümHar\AppData\Roaming\Ekluu\dyru.exe [x]
HKU\SümHar\...\Run: [Octoshape Streaming Services] "C:\Users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" -inv:bootrun [70936 2009-01-08] (Octoshape ApS)
HKU\SümHar\...\Run: []  [x]
HKU\UpdatusUser\...\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [39408 2010-11-02] (Google Inc.)
Winlogon\Notify\igfxcui: igfxdev.dll (Intel Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.178.1
AppInit_DLLs: C:\Windows\system32\nvinitx.dll
Tcpip\..\Interfaces\{93C9F2D0-22DE-4EC0-85A6-9E656A3004C9}: [NameServer]0.0.0.0
Startup: C:\Users\All Users\Start Menu\Programs\Startup\FancyStart daemon.lnk
ShortcutTarget: FancyStart daemon.lnk -> C:\Windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\NETGEAR WNA3100 Setup-Assistent.lnk
ShortcutTarget: NETGEAR WNA3100 Setup-Assistent.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()
Startup: C:\Users\All Users\Start Menu\Programs\Startup\SRS Premium Sound.lnk
ShortcutTarget: SRS Premium Sound.lnk -> C:\Windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe (Acresso Software Inc.)

==================== Services (Whitelisted) ======

2 AntiVirSchedulerService; "C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe" [86224 2012-05-01] (Avira Operations GmbH & Co. KG)
2 AntiVirService; "C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe" [110032 2012-05-01] (Avira Operations GmbH & Co. KG)
2 ASLDRService; C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe [84536 2009-06-15] (ASUS)
2 ATKGFNEXSrv; C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe [96896 2009-12-15] (ASUS)
3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [340240 2010-03-05] ()
2 OODefragAgent; "C:\Program Files\OO Software\Defrag\oodag.exe" [3152200 2010-11-24] (O&O Software GmbH)
3 RichVideo; "C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe" [244904 2010-04-05] ()
2 UNS; "C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe" [2314240 2009-09-30] (Intel Corporation)
2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [278528 2010-01-12] ()

========================== Drivers (Whitelisted) =============

2 ASMMAP64; \??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [15416 2009-07-02] (ASUS)
2 avgntflt; C:\Windows\System32\Drivers\avgntflt.sys [98848 2012-04-24] (Avira GmbH)
1 avipbb; C:\Windows\System32\Drivers\avipbb.sys [132832 2012-04-27] (Avira GmbH)
1 avkmgr; C:\Windows\System32\Drivers\avkmgr.sys [27760 2012-05-02] (Avira GmbH)
3 BCMH43XX; C:\Windows\System32\DRIVERS\bcmwlhigh664.sys [838136 2009-11-05] (Broadcom Corporation)
3 kbfiltr; C:\Windows\System32\Drivers\kbfiltr.sys [15416 2009-07-20] ( )
0 lullaby; C:\Windows\System32\Drivers\lullaby.sys [15928 2009-06-18] (Windows (R) Win 7 DDK provider)
3 NPF; C:\Windows\System32\Drivers\NPF.sys [47632 2009-10-20] (CACE Technologies, Inc.)
3 SNP2UVC; C:\Windows\System32\Drivers\SNP2UVC.sys [1800192 2009-08-20] ()
3 ss_bbus; C:\Windows\System32\Drivers\ss_bbus.sys [127488 2010-04-26] (MCCI)
3 ss_bmdfl; C:\Windows\System32\Drivers\ss_bmdfl.sys [18944 2010-04-26] (MCCI Corporation)
3 ss_bmdm; C:\Windows\System32\Drivers\ss_bmdm.sys [161280 2010-04-26] (MCCI Corporation)
2 TurboB; C:\Windows\System32\Drivers\TurboB.sys [13784 2009-08-06] ()
3 UsbserFilt; C:\Windows\System32\DRIVERS\usbser_lowerfltjx64.sys [9216 2011-11-01] (Nokia)
2 {B154377D-700F-42cc-9474-23858FBDF4BD}; \??\C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl [146928 2010-02-24] (CyberLink Corp.)
3 tmlwf;  [x]
3 tmwfp;  [x]

========================== NetSvcs (Whitelisted) ===========


============ One Month Created Files and Folders ==============

2012-07-12 04:04 - 2012-07-12 21:27 - 00000000 ____D C:\FRST
2012-07-12 03:26 - 2012-07-12 11:16 - 00890230 ____A (Farbar) C:\Users\SümHar\Desktop\FRST.exe
2012-07-12 03:23 - 2012-05-09 02:18 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-07-12 03:23 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-07-12 03:23 - 2012-05-09 02:17 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-07-12 03:22 - 2012-07-12 03:23 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-07-12 02:20 - 2012-06-11 19:08 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-07-12 02:19 - 2012-07-12 02:20 - 00264062 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 02:19 - 2012-06-05 22:06 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-07-12 02:19 - 2012-06-05 22:06 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-07-12 02:19 - 2012-06-05 21:05 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-07-12 02:19 - 2012-06-05 21:05 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-07-12 02:19 - 2010-06-25 19:55 - 00002048 ____A (Microsoft Corporation) C:\Windows\System32\msxml3r.dll
2012-07-12 02:19 - 2010-06-25 19:24 - 00002048 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3r.dll
2012-07-12 02:17 - 2012-06-08 21:43 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-07-12 02:17 - 2012-06-08 20:41 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-07-12 02:16 - 2012-06-01 21:50 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-07-12 02:16 - 2012-06-01 21:48 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-07-12 02:16 - 2012-06-01 21:48 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-07-12 02:16 - 2012-06-01 21:45 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-07-12 02:16 - 2012-06-01 21:44 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-07-12 02:16 - 2012-06-01 20:40 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-07-12 02:16 - 2012-06-01 20:40 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-07-12 02:16 - 2012-06-01 20:39 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-07-12 02:16 - 2012-06-01 20:34 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-07-12 02:11 - 2012-06-02 04:49 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-07-12 02:11 - 2012-06-02 04:17 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-07-12 02:11 - 2012-06-02 04:12 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-07-12 02:11 - 2012-06-02 04:05 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-07-12 02:11 - 2012-06-02 04:05 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-07-12 02:11 - 2012-06-02 04:04 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-07-12 02:11 - 2012-06-02 04:04 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-07-12 02:11 - 2012-06-02 04:03 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-07-12 02:11 - 2012-06-02 04:01 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-07-12 02:11 - 2012-06-02 04:00 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-07-12 02:11 - 2012-06-02 03:59 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-07-12 02:11 - 2012-06-02 03:57 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-07-12 02:11 - 2012-06-02 03:57 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-07-12 02:11 - 2012-06-02 03:54 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-07-12 02:11 - 2012-06-02 01:07 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-07-12 02:11 - 2012-06-02 00:43 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-07-12 02:11 - 2012-06-02 00:33 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-07-12 02:11 - 2012-06-02 00:26 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-07-12 02:11 - 2012-06-02 00:25 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-07-12 02:11 - 2012-06-02 00:25 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-07-12 02:11 - 2012-06-02 00:23 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-07-12 02:11 - 2012-06-02 00:21 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-07-12 02:11 - 2012-06-02 00:20 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-07-12 02:11 - 2012-06-02 00:19 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-07-12 02:11 - 2012-06-02 00:19 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-07-12 02:11 - 2012-06-02 00:17 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-07-12 02:11 - 2012-06-02 00:16 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-07-12 02:11 - 2012-06-02 00:14 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-07-12 02:09 - 2012-06-05 22:02 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-07-12 02:09 - 2012-06-05 21:03 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-07-10 16:35 - 2012-07-10 16:35 - 00000000 ____D C:\Users\SümHar\AppData\Roaming\Avira
2012-07-10 16:30 - 2012-07-10 16:30 - 00001996 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-07-10 16:30 - 2012-07-10 16:30 - 00000000 ____D C:\Users\All Users\Avira
2012-07-10 16:30 - 2012-07-10 16:30 - 00000000 ____D C:\Program Files (x86)\Avira
2012-07-10 16:30 - 2012-05-02 05:24 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-07-10 16:30 - 2012-04-27 00:20 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-07-10 16:30 - 2012-04-24 14:32 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-07-10 11:31 - 2012-07-10 11:31 - 00077364 ____A C:\OTL.Txt
2012-07-10 09:22 - 2012-07-10 09:22 - 00024802 ____A C:\Users\SümHar\Desktop\AVSCAN-20120710-180301-7750A749.LOG
2012-07-10 00:18 - 2012-07-10 00:18 - 00000000 ____D C:\Users\Default\AppData\Local\Power2Go
2012-07-10 00:18 - 2012-07-10 00:18 - 00000000 ____D C:\Users\Default User\AppData\Local\Power2Go
2012-07-08 16:21 - 2012-07-10 04:54 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-07-02 01:57 - 2012-07-10 11:48 - 00000000 ____D C:\Users\SümHar\Desktop\Nintendo
2012-06-25 06:04 - 2012-06-25 06:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-21 03:22 - 2012-06-02 14:19 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-21 03:22 - 2012-06-02 14:19 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-21 03:22 - 2012-06-02 14:19 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-21 03:22 - 2012-06-02 14:15 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-21 03:21 - 2012-06-02 14:19 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-21 03:21 - 2012-06-02 14:19 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-21 03:21 - 2012-06-02 14:15 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-21 03:21 - 2012-06-02 05:19 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-21 03:21 - 2012-06-02 05:15 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-19 02:58 - 2012-06-19 02:58 - 00000000 ____D C:\Users\SümHar\AppData\Local\Macromedia
2012-06-13 06:42 - 2012-05-04 03:06 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-06-13 06:42 - 2012-05-04 02:03 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-06-13 06:42 - 2012-05-04 02:03 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-06-13 06:42 - 2012-04-30 21:40 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-06-13 06:42 - 2012-04-27 19:55 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-06-13 06:42 - 2012-04-25 21:41 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-06-13 06:42 - 2012-04-25 21:41 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-06-13 06:42 - 2012-04-25 21:34 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-06-13 06:42 - 2012-04-23 21:37 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-06-13 06:42 - 2012-04-23 21:37 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-06-13 06:42 - 2012-04-23 21:37 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-06-13 06:42 - 2012-04-23 20:36 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-06-13 06:42 - 2012-04-23 20:36 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-06-13 06:42 - 2012-04-23 20:36 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll
2012-06-13 06:42 - 2012-04-07 04:31 - 03216384 ____A (Microsoft Corporation) C:\Windows\System32\msi.dll
2012-06-13 06:42 - 2012-04-07 03:26 - 02342400 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msi.dll


============ 3 Months Modified Files ========================

2012-07-12 11:23 - 2010-11-02 21:03 - 01160159 ____A C:\Windows\WindowsUpdate.log
2012-07-12 11:23 - 2009-08-04 01:51 - 00654852 ____A C:\Windows\System32\perfh007.dat
2012-07-12 11:23 - 2009-08-04 01:51 - 00130434 ____A C:\Windows\System32\perfc007.dat
2012-07-12 11:23 - 2009-07-13 21:13 - 01500294 ____A C:\Windows\System32\PerfStringBackup.INI
2012-07-12 11:23 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2012-07-12 11:23 - 2009-07-13 20:45 - 00010240 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2012-07-12 11:20 - 2011-05-04 22:51 - 00045056 ____A C:\Windows\System32\acovcnt.exe
2012-07-12 11:20 - 2011-03-18 02:18 - 00843436 ____A C:\Windows\System32\oodbs.lor
2012-07-12 11:20 - 2010-11-02 21:43 - 00098138 ____A C:\Windows\PFRO.log
2012-07-12 11:20 - 2010-11-02 21:33 - 00001120 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2012-07-12 11:20 - 2009-07-13 21:08 - 00000006 ___AH C:\Windows\Tasks\SA.DAT
2012-07-12 11:20 - 2009-07-13 20:51 - 00093639 ____A C:\Windows\setupact.log
2012-07-12 11:16 - 2012-07-12 11:16 - 01434551 ____A (Farbar) C:\Users\SümHar\Desktop\FRST64.exe
2012-07-12 11:16 - 2012-07-12 03:26 - 00890230 ____A (Farbar) C:\Users\SümHar\Desktop\FRST.exe
2012-07-12 10:51 - 2010-11-02 21:33 - 00001124 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2012-07-12 04:41 - 2011-05-10 07:24 - 00000400 ____A C:\Windows\ODBC.INI
2012-07-12 04:21 - 2012-04-03 13:33 - 00426184 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2012-07-12 04:21 - 2011-05-21 07:45 - 00070344 ____A (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2012-07-12 04:08 - 2011-08-15 08:34 - 00000254 ____A C:\Windows\Brownie.ini
2012-07-12 03:23 - 2012-07-12 03:22 - 00004616 ____A C:\Windows\SysWOW64\jupdate-1.6.0_33-b03.log
2012-07-12 02:49 - 2009-07-13 20:45 - 00398920 ____A C:\Windows\System32\FNTCACHE.DAT
2012-07-12 02:20 - 2012-07-12 02:19 - 00264062 ____A C:\Windows\msxml4-KB2721691-enu.LOG
2012-07-12 02:12 - 2011-03-29 13:14 - 59701280 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe
2012-07-12 02:11 - 2009-07-13 18:34 - 00000499 ____A C:\Windows\win.ini
2012-07-10 16:30 - 2012-07-10 16:30 - 00001996 ____A C:\Users\Public\Desktop\Avira Control Center.lnk
2012-07-10 16:27 - 2010-11-02 22:00 - 00001641 ____A C:\Windows\System32\ServiceFilter.ini
2012-07-10 13:35 - 2011-08-15 08:36 - 00000432 ____A C:\Windows\BRWMARK.INI
2012-07-10 11:31 - 2012-07-10 11:31 - 00077364 ____A C:\OTL.Txt
2012-07-10 09:22 - 2012-07-10 09:22 - 00024802 ____A C:\Users\SümHar\Desktop\AVSCAN-20120710-180301-7750A749.LOG
2012-07-10 04:54 - 2012-07-08 16:21 - 04503728 ___AT C:\Users\All Users\go_0molg.pad
2012-06-25 06:04 - 2012-06-25 06:04 - 01394248 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml4.dll
2012-06-21 12:07 - 2009-07-13 21:08 - 00032632 ____A C:\Windows\Tasks\SCHEDLGU.TXT
2012-06-11 19:08 - 2012-07-12 02:20 - 03148800 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys
2012-06-08 21:43 - 2012-07-12 02:17 - 14172672 ____A (Microsoft Corporation) C:\Windows\System32\shell32.dll
2012-06-08 20:41 - 2012-07-12 02:17 - 12873728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2012-06-06 08:37 - 2012-06-02 06:25 - 00000016 ____H C:\Windows\SysWOW64\servdat.slm
2012-06-05 22:06 - 2012-07-12 02:19 - 02004480 ____A (Microsoft Corporation) C:\Windows\System32\msxml6.dll
2012-06-05 22:06 - 2012-07-12 02:19 - 01881600 ____A (Microsoft Corporation) C:\Windows\System32\msxml3.dll
2012-06-05 22:02 - 2012-07-12 02:09 - 01133568 ____A (Microsoft Corporation) C:\Windows\System32\cdosys.dll
2012-06-05 21:41 - 2011-03-17 13:56 - 00100976 ____A C:\Users\SümHar\AppData\Local\GDIPFONTCACHEV1.DAT
2012-06-05 21:05 - 2012-07-12 02:19 - 01390080 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2012-06-05 21:05 - 2012-07-12 02:19 - 01236992 ____A (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2012-06-05 21:03 - 2012-07-12 02:09 - 00805376 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cdosys.dll
2012-06-02 14:19 - 2012-06-21 03:22 - 02428952 ____A (Microsoft Corporation) C:\Windows\System32\wuaueng.dll
2012-06-02 14:19 - 2012-06-21 03:22 - 00057880 ____A (Microsoft Corporation) C:\Windows\System32\wuauclt.exe
2012-06-02 14:19 - 2012-06-21 03:22 - 00044056 ____A (Microsoft Corporation) C:\Windows\System32\wups2.dll
2012-06-02 14:19 - 2012-06-21 03:21 - 00701976 ____A (Microsoft Corporation) C:\Windows\System32\wuapi.dll
2012-06-02 14:19 - 2012-06-21 03:21 - 00038424 ____A (Microsoft Corporation) C:\Windows\System32\wups.dll
2012-06-02 14:15 - 2012-06-21 03:22 - 02622464 ____A (Microsoft Corporation) C:\Windows\System32\wucltux.dll
2012-06-02 14:15 - 2012-06-21 03:21 - 00099840 ____A (Microsoft Corporation) C:\Windows\System32\wudriver.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00001024 ____A C:\Windows\SysWOW64\clauth2.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00001024 ____A C:\Windows\SysWOW64\clauth1.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00000000 ____A C:\Windows\SysWOW64\ssprs.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00000000 ____A C:\Windows\SysWOW64\serauth2.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00000000 ____A C:\Windows\SysWOW64\serauth1.dll
2012-06-02 06:27 - 2012-06-02 06:27 - 00000000 ____A C:\Windows\SysWOW64\nsprs.tgz
2012-06-02 06:27 - 2012-06-02 06:27 - 00000000 ____A C:\Windows\SysWOW64\nsprs.dll
2012-06-02 06:25 - 2012-06-02 06:25 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.tgz
2012-06-02 06:25 - 2012-06-02 06:25 - 00001025 ____A C:\Windows\SysWOW64\sysprs7.dll
2012-06-02 06:25 - 2012-06-02 06:25 - 00000219 ____A C:\Windows\SysWOW64\lsprst7.tgz
2012-06-02 06:25 - 2012-06-02 06:25 - 00000205 ____A C:\Windows\SysWOW64\lsprst7.dll
2012-06-02 05:19 - 2012-06-21 03:21 - 00186752 ____A (Microsoft Corporation) C:\Windows\System32\wuwebv.dll
2012-06-02 05:15 - 2012-06-21 03:21 - 00036864 ____A (Microsoft Corporation) C:\Windows\System32\wuapp.exe
2012-06-02 04:49 - 2012-07-12 02:11 - 17807360 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll
2012-06-02 04:17 - 2012-07-12 02:11 - 10924032 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll
2012-06-02 04:12 - 2012-07-12 02:11 - 02311680 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll
2012-06-02 04:05 - 2012-07-12 02:11 - 01392128 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll
2012-06-02 04:05 - 2012-07-12 02:11 - 01346048 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll
2012-06-02 04:04 - 2012-07-12 02:11 - 01494528 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl
2012-06-02 04:04 - 2012-07-12 02:11 - 00237056 ____A (Microsoft Corporation) C:\Windows\System32\url.dll
2012-06-02 04:03 - 2012-07-12 02:11 - 00085504 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll
2012-06-02 04:01 - 2012-07-12 02:11 - 00173056 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe
2012-06-02 04:00 - 2012-07-12 02:11 - 00818688 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll
2012-06-02 03:59 - 2012-07-12 02:11 - 02144768 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll
2012-06-02 03:57 - 2012-07-12 02:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb
2012-06-02 03:57 - 2012-07-12 02:11 - 00096768 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll
2012-06-02 03:54 - 2012-07-12 02:11 - 00248320 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll
2012-06-02 01:07 - 2012-07-12 02:11 - 12314624 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2012-06-02 00:43 - 2012-07-12 02:11 - 09737728 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2012-06-02 00:33 - 2012-07-12 02:11 - 01800192 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2012-06-02 00:26 - 2012-07-12 02:11 - 01103872 ____A (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2012-06-02 00:25 - 2012-07-12 02:11 - 01427968 ____A (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2012-06-02 00:25 - 2012-07-12 02:11 - 01129472 ____A (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2012-06-02 00:23 - 2012-07-12 02:11 - 00231936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\url.dll
2012-06-02 00:21 - 2012-07-12 02:11 - 00065024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2012-06-02 00:20 - 2012-07-12 02:11 - 00142848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2012-06-02 00:19 - 2012-07-12 02:11 - 01793024 ____A (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2012-06-02 00:19 - 2012-07-12 02:11 - 00716800 ____A (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2012-06-02 00:17 - 2012-07-12 02:11 - 00073216 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2012-06-02 00:16 - 2012-07-12 02:11 - 02382848 ____A (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2012-06-02 00:14 - 2012-07-12 02:11 - 00176640 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2012-06-01 21:50 - 2012-07-12 02:16 - 00458704 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\cng.sys
2012-06-01 21:48 - 2012-07-12 02:16 - 00151920 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecpkg.sys
2012-06-01 21:48 - 2012-07-12 02:16 - 00095600 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\ksecdd.sys
2012-06-01 21:45 - 2012-07-12 02:16 - 00340992 ____A (Microsoft Corporation) C:\Windows\System32\schannel.dll
2012-06-01 21:44 - 2012-07-12 02:16 - 00307200 ____A (Microsoft Corporation) C:\Windows\System32\ncrypt.dll
2012-06-01 20:40 - 2012-07-12 02:16 - 00225280 ____A (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2012-06-01 20:40 - 2012-07-12 02:16 - 00022016 ____A (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2012-06-01 20:39 - 2012-07-12 02:16 - 00219136 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2012-06-01 20:34 - 2012-07-12 02:16 - 00096768 ____A (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2012-05-09 02:21 - 2012-05-13 00:03 - 00476936 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\npdeployJava1.dll
2012-05-09 02:21 - 2011-03-18 01:50 - 00472840 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\deployJava1.dll
2012-05-09 02:18 - 2012-07-12 03:23 - 00157448 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaws.exe
2012-05-09 02:17 - 2012-07-12 03:23 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\javaw.exe
2012-05-09 02:17 - 2012-07-12 03:23 - 00149256 ____A (Sun Microsystems, Inc.) C:\Windows\SysWOW64\java.exe
2012-05-04 03:06 - 2012-06-13 06:42 - 05559664 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe
2012-05-04 02:03 - 2012-06-13 06:42 - 03968368 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2012-05-04 02:03 - 2012-06-13 06:42 - 03913072 ____A (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2012-05-02 05:24 - 2012-07-10 16:30 - 00027760 ____A (Avira GmbH) C:\Windows\System32\Drivers\avkmgr.sys
2012-04-30 21:40 - 2012-06-13 06:42 - 00209920 ____A (Microsoft Corporation) C:\Windows\System32\profsvc.dll
2012-04-27 19:55 - 2012-06-13 06:42 - 00210944 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\rdpwd.sys
2012-04-27 07:52 - 2012-04-27 07:52 - 00516136 ____A (Bandoo Media Inc) C:\Users\SümHar\Downloads\iLividSetupV1.exe
2012-04-27 00:20 - 2012-07-10 16:30 - 00132832 ____A (Avira GmbH) C:\Windows\System32\Drivers\avipbb.sys
2012-04-26 01:49 - 2012-04-26 01:49 - 00284040 ____A C:\Windows\Minidump\042612-37799-01.dmp
2012-04-26 01:49 - 2011-06-21 14:36 - 616994338 ____A C:\Windows\MEMORY.DMP
2012-04-25 21:41 - 2012-06-13 06:42 - 00149504 ____A (Microsoft Corporation) C:\Windows\System32\rdpcorekmts.dll
2012-04-25 21:41 - 2012-06-13 06:42 - 00077312 ____A (Microsoft Corporation) C:\Windows\System32\rdpwsx.dll
2012-04-25 21:34 - 2012-06-13 06:42 - 00009216 ____A (Microsoft Corporation) C:\Windows\System32\rdrmemptylst.exe
2012-04-24 14:32 - 2012-07-10 16:30 - 00098848 ____A (Avira GmbH) C:\Windows\System32\Drivers\avgntflt.sys
2012-04-23 21:37 - 2012-06-13 06:42 - 01462272 ____A (Microsoft Corporation) C:\Windows\System32\crypt32.dll
2012-04-23 21:37 - 2012-06-13 06:42 - 00184320 ____A (Microsoft Corporation) C:\Windows\System32\cryptsvc.dll
2012-04-23 21:37 - 2012-06-13 06:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\System32\cryptnet.dll
2012-04-23 20:36 - 2012-06-13 06:42 - 01158656 ____A (Microsoft Corporation) C:\Windows\SysWOW64\crypt32.dll
2012-04-23 20:36 - 2012-06-13 06:42 - 00140288 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptsvc.dll
2012-04-23 20:36 - 2012-06-13 06:42 - 00103936 ____A (Microsoft Corporation) C:\Windows\SysWOW64\cryptnet.dll


========================= Known DLLs (Whitelisted) ============


========================= Bamital & volsnap Check ============

C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit

==================== EXE ASSOCIATION =====================

HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK

========================= Memory info ====================== 

Percentage of memory in use: 14%
Total physical RAM: 3885.54 MB
Available physical RAM: 3306.2 MB
Total Pagefile: 3883.68 MB
Available Pagefile: 3299.68 MB
Total Virtual: 8192 MB
Available Virtual: 8191.9 MB

======================= Partitions =========================

1 Drive c: (OS) (Fixed) (Total:116.44 GB) (Free:64.87 GB) NTFS ==>[System with boot components (obtained from reading drive)]
2 Drive d: (DATA) (Fixed) (Total:327.83 GB) (Free:318.98 GB) NTFS
4 Drive f: (H-RUN) (Removable) (Total:0.48 GB) (Free:0.09 GB) FAT32
5 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS

  Disk ###  Status         Size     Free     Dyn  Gpt
  --------  -------------  -------  -------  ---  ---
  Disk 0    Online          465 GB  1024 KB         
  Disk 1    Online          496 MB      0 B         

Partitions of Disk 0:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary             21 GB    31 KB
  Partition 2    Primary            116 GB    21 GB
  Partition 0    Extended           327 GB   137 GB
  Partition 3    Logical            327 GB   137 GB

==================================================================================

Disk: 0
Partition 1
Type  : 1C
Hidden: Yes
Active: No

There is no volume associated with this partition.

==================================================================================

Disk: 0
Partition 2
Type  : 07
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 1     C   OS           NTFS   Partition    116 GB  Healthy            

==================================================================================

Disk: 0
Partition 3
Type  : 07
Hidden: No
Active: No

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 2     D   DATA         NTFS   Partition    327 GB  Healthy            

==================================================================================

Partitions of Disk 1:
===============

  Partition ###  Type              Size     Offset
  -------------  ----------------  -------  -------
  Partition 1    Primary            495 MB    31 KB

==================================================================================

Disk: 1
Partition 1
Type  : 0B
Hidden: No
Active: Yes

  Volume ###  Ltr  Label        Fs     Type        Size     Status     Info
  ----------  ---  -----------  -----  ----------  -------  ---------  --------
* Volume 3     F   H-RUN        FAT32  Removable    495 MB  Healthy            

==================================================================================

==========================================================

Last Boot: 2012-07-08 05:48

======================= End Of Log ==========================
         
Danke dir

Alt 13.07.2012, 07:13   #8
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Drücke bitte die + R Taste und schreibe notepad in das Ausführen Fenster.

Kopiere nun folgenden Text aus der Code-Box in das leere Textdokument
Code:
ATTFilter
HKU\SümHar\...\Run: [4E3E0230AEBB4E96] C:\Recycle.Bin\Recycle.Bin.exe [x]
HKU\SümHar\...\Run: []  [x]
HKU\SümHar\...\Run: [{61BD274C-F74C-E07B-DEB0-807B79218202}] C:\Users\SümHar\AppData\Roaming\Ekluu\dyru.exe [x]
C:\Users\SümHar\AppData\Roaming\Ekluu
C:\Recycle.Bin
         
Speichere diese bitte als Fixlist.txt auf deinem USB Stick.
  • Starte deinen Rechner erneut in die Reparaturoptionen
  • Starte nun die FRST.exe erneut und klicke den Fix Button.
Das Tool erstellt eine Fixlog.txt auf deinem USB Stick. Poste den Inhalt bitte hier.



Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop.
  • Starte das Tool mit Doppelklick.
    Vista und Win7 User mit Rechtsklick "als Administrator starten".
  • Klicke nun auf den Disable Button um die Treiber gewisser Emulatoren zu deaktivieren.
  • Wenn der Scan beendet wurde ( Finished ), klicke auf OK.
  • Defogger fordert gegebenfalls zum Neustart auf. Bestätige dies mit OK.

Sollte Defogger dir eine Fehlermeldung ausgeben, poste bitte die defogger_disable Log von deinem Desktop.
Klicke den Re-enable Button nicht ohne Anweisung.


Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel

Link 1


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 14.07.2012, 16:23   #9
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hier ist die Fixlog.txt

Code:
ATTFilter
Fix result of Farbar Recovery Tool (FRST written by Farbar) Version: 11-07-2012
Ran by SYSTEM at 2012-07-14 16:31:29 Run:1
Running from F:\

==============================================

HKEY_USERS\SümHar\Software\Microsoft\Windows\CurrentVersion\Run\\4E3E0230AEBB4E96 Value deleted successfully.
HKEY_USERS\SümHar\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\SümHar\...\Run: []  [x] Value not found.
HKEY_USERS\SümHar\Software\Microsoft\Windows\CurrentVersion\Run\\{61BD274C-F74C-E07B-DEB0-807B79218202} Value deleted successfully.
C:\Users\SümHar\AppData\Roaming\Ekluu moved successfully.
C:\Recycle.Bin moved successfully.

==== End of Fixlog ====
         

Hier ist die defogger_disable Log

Code:
ATTFilter
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:39 on 14/07/2012 (SümHar)

Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...


-=E.O.F=-
         

Und hier die Combofix.txt

Code:
ATTFilter
ComboFix 12-07-13.03 - SümHar 14.07.2012  16:45:52.1.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3886.2216 [GMT 2:00]
ausgeführt von:: c:\users\S³mHar\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 * Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\Common Files\ASPG_icon.ico
c:\programdata\FullRemove.exe
C:\Washer2.rar
c:\washer2.rar\config.bin
c:\windows\IsUn0407.exe
c:\windows\SysWow64\lsprst7.dll
c:\windows\SysWow64\nsprs.dll
c:\windows\SysWow64\Packet.dll
c:\windows\SysWow64\pthreadVC.dll
c:\windows\SysWow64\serauth1.dll
c:\windows\SysWow64\serauth2.dll
c:\windows\SysWow64\ssprs.dll
c:\windows\SysWow64\wpcap.dll
.
.
(((((((((((((((((((((((((((((((((((((((   Treiber/Dienste   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_NPF
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-14 bis 2012-07-14  ))))))))))))))))))))))))))))))
.
.
2012-07-12 12:04 . 2012-07-13 05:27	--------	d-----w-	C:\FRST
2012-07-12 10:20 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 10:19 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-12 10:19 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-12 10:19 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-12 10:19 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-12 10:19 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-12 10:19 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-12 10:16 . 2012-06-02 05:48	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-12 10:16 . 2012-06-02 05:48	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 10:16 . 2012-06-02 05:45	340992	----a-w-	c:\windows\system32\schannel.dll
2012-07-12 10:16 . 2012-06-02 05:44	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-07-12 10:16 . 2012-06-02 04:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-07-12 10:16 . 2012-06-02 04:39	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-07-12 10:16 . 2012-06-02 05:50	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-12 10:09 . 2012-06-06 06:05	1499136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-12 10:09 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-12 10:09 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 10:09 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:09 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 00:35 . 2012-07-11 00:35	--------	d-----w-	c:\users\SümHar\AppData\Roaming\Avira
2012-07-11 00:30 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-11 00:30 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-11 00:30 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\programdata\Avira
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\program files (x86)\Avira
2012-07-10 08:18 . 2012-07-10 08:18	--------	d-----w-	c:\users\Default\AppData\Local\Power2Go
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-21 11:22 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:22 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:22 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:22 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:21 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:21 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:21 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:21 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:21 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 10:58 . 2012-06-19 10:58	--------	d-----w-	c:\users\SümHar\AppData\Local\Macromedia
2012-06-18 19:07 . 2012-06-18 19:07	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 19:07 . 2012-06-18 19:07	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-14 15:05 . 2011-05-05 06:51	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-07-14 09:31 . 2012-04-03 21:33	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 09:31 . 2011-05-21 15:45	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 10:21 . 2012-05-13 08:03	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-03-18 09:50	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 14:42	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 14:42	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:42	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 14:42	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:42	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 14:42	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 14:42	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 14:42	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:42	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 14:42	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 14:42	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:42	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Octoshape Streaming Services"="c:\users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-07 221256]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pampers Pregnancy Widget.lnk - c:\users\SümHar\AppData\Local\Temp\Rar$EX15.584\PampersPregnancyWidget.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-11-3 12862]
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-3-18 4562944]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-22 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/02 22:21];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
2012-07-14 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 4011336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x1
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - d:\harun'~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{93C9F2D0-22DE-4EC0-85A6-9E656A3004C9}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\SümHar\AppData\Roaming\Mozilla\Firefox\Profiles\xcz6s0jh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-NPSStartup - (no file)
Toolbar-Locked - (no file)
HKLM-Run-Setwallpaper - c:\programdata\SetWallpaper.cmd
AddRemove-Adobe Acrobat 4.0 - c:\windows\ISUN0407.EXE
AddRemove-ASUS_N_Series_Screensaver - c:\windows\system32\ASUS_N_Series_Screensaver.scr
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1472A0ABB602BF3BB3B69D3DB32B6017AF2A512FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808A6A0AC4980AC793375A03BB06CDA84513EA34EEE58FC7209B427DAA63BD8DE86150B7BCCD6CA5EA78E6678E907EE0C3757506822991440E4CB7967963FFDC8062311E28FFEF0BA2BB1006AF8479452873C7416AE81255D2156B1841AC3753DD5DABF541F843AF434EB654854EB31439B81E96517A68AD7B2942F2B60D82F0F29C6A0DA7611CE3D51AE62CF6656409180A4626052C43303C3A82A5A0EB22FCEE6508B87886F6507C6CE96418C0D50B0F502E31B4CB82472B29AAB17B9280F54294A316C3A91CC8B0B06F4611A39035B705CC5A9E286F2828F561264F1367ABA3EE693A2620EE5C54AF147F754290F0E195A36A5E956CBD0A02B0E50B37DB1E1A94089C5D09BA577E31327D2F34F3E0A4C07B42E28F16C3E60CAA56775BF08EB21D23DF346171624EB5005C228406ED31ACE966458C6AAF2794FB3BC9DE5E6410FFCAED275835313A871A59B14B713B54885046CA9E9EBD8513264E609FC4B0B9285AF08890490D196261FB6CB11B1BC4D61FAF1BF122C1C7AD33A8108B2C2BAFC14E7C09EE0902FE57D5E70D951E439D77D4BA031197A30BFF58B2ADDDCF40157B452ABC6092E40F86E24A73D1B5AC0C7D6992D887D7A4B1E428004C2F21857D8D7BCFC060C555CE6D002C4673BD5ACAFD0DFC9C4E36368C7C299B4620F7878F2D149EBD49F0AA0FCE3DF2DBD9D2C99DA31E932D91200C322E8A568DDF37662465B7035219BDEEC3947FBCF9A55C7E8C52359A32EF43061C5844CCCC90487592B11FB97CCFDFDE4CF81E31B4D17A7C01EB421601E18E685804F07942B47B263A9720BD62BE72570A87CFC06163E5D09CA578BAC76302A3C5564A27701E9144D0265113B079CA5BD5E847D07ACC78F6FE36335D27B931853F7C3C22FB93BDD24A7B0D28E9A0664B9C04A711CB9D5F7E436120FA0E3BE5EDB524F5B7ABA2FD1BC3E81EC231AB0D91CD3E4B8455B2FE51EC181DDE75B4E3FAB83CE379BD95EC92EA2E84DC9294F945ACD4D8808A3BB3B95BAB4397D008693DFDA6FF3D9E4043252635AB7DCE0B3B5319CE0E6EC1A8AED070A128E3CE4CE46D25F3F037F9C818949C0AD42B54D59F1A15D61AF7FB6CD0974CC639F809231D6A94A302A5B335866F6B321D6B6715C13EFE4F214D1685B29A252D8802D02DB57C7889C84C05132EF00E6D336C0C07C75233A9F17F6912C021B21829AA6A3A3F0DABB3EFD0592DAE15336C9713CA4208B0819550F0908DFD92BEE57A8D7D9FD5DCDBA34D80308C08D9CB6ECEF167BCFDA2E7165AAA315368AE2AA333E2E7B056CD38C022C9A35F95750AD88EBBC14"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-14  17:08:16 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-14 15:08
.
Vor Suchlauf: 10 Verzeichnis(se), 76.120.223.744 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 77.901.934.592 Bytes frei
.
- - End Of File - - B3322225064CCC02CD076104EAF6FF5B
         

Alt 14.07.2012, 20:20   #10
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Downloade Dir bitte Malwarebytes
  • Installiere das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere Quick-Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.



Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die OTL.exe.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
%windir%\installer\*. /5
%localappdata%\*. /5 
/md5start
services.exe
user32.dll
/md5stop
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Wenn der Scan beendet wurde, wird sich ein Textdokument öffnen.
  • Kopiere nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.07.2012, 11:54   #11
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hier das Logfile von Malwarebytes

Code:
ATTFilter
Malwarebytes Anti-Malware 1.62.0.1300
www.malwarebytes.org

Datenbank Version: v2012.07.15.07

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
SümHar :: UNSERERSTES [Administrator]

15.07.2012 12:22:09
mbam-log-2012-07-15 (12-22-09).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 237843
Laufzeit: 3 Minute(n), 44 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 2
HKCU\Software\Microsoft|setiasworld (Malware.Trace) -> Daten: fhhvjykvoufdwqwzulws3fracrgdblv -> Erfolgreich gelöscht und in Quarantäne gestellt.
HKCU\Software\Microsoft|bk (Malware.Trace) -> Daten: 
 -> Erfolgreich gelöscht und in Quarantäne gestellt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)
         

Hier der Inhalt aus OTL.txt

Code:
ATTFilter
OTL logfile created on: 15.07.2012 12:36:12 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\SümHar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,24% Memory free
7,59 Gb Paging File | 5,78 Gb Available in Paging File | 76,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 72,30 Gb Free Space | 62,09% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 318,97 Gb Free Space | 97,30% Space Free | Partition Type: NTFS
 
Computer Name: UNSERERSTES | User Name: SümHar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2012.07.15 12:33:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\SümHar\Desktop\OTL.exe
PRC - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.02 00:31:35 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
PRC - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2011.09.07 12:55:40 | 000,221,256 | ---- | M] (Geek Software GmbH) -- C:\Program Files (x86)\PDF24\pdf24.exe
PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
PRC - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
PRC - [2010.11.03 08:05:49 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe
PRC - [2010.07.19 21:26:00 | 000,383,792 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncablesMAPI.exe
PRC - [2010.07.19 21:26:00 | 000,370,480 | ---- | M] (syncables, LLC) -- C:\Program Files (x86)\syncables\syncables desktop\syncables.exe
PRC - [2010.07.19 21:26:00 | 000,145,184 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files (x86)\syncables\syncables desktop\jre\bin\javaw.exe
PRC - [2010.02.24 05:14:26 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe
PRC - [2010.01.20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
PRC - [2010.01.13 18:11:52 | 007,109,248 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
PRC - [2010.01.05 22:59:12 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
PRC - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
PRC - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
PRC - [2009.11.02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2009.10.21 21:12:50 | 000,106,496 | ---- | M] (NEC Electronics Corporation) -- C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
PRC - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
PRC - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
PRC - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
PRC - [2009.07.31 19:38:24 | 000,305,720 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\SmartLogon\sensorsrv.exe
PRC - [2009.07.06 23:22:04 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD9\PDVD9Serv.exe
PRC - [2009.06.24 12:30:18 | 000,272,952 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe
PRC - [2009.06.19 19:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe
PRC - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
PRC - [2009.01.08 15:44:06 | 000,070,936 | ---- | M] (Octoshape ApS) -- C:\Users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
PRC - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
PRC - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
MOD - [2010.01.20 18:44:14 | 004,562,944 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
MOD - [2009.11.24 22:45:36 | 000,053,888 | ---- | M] () -- C:\Program Files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
MOD - [2009.11.02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009.11.02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll
MOD - [2009.09.16 02:34:34 | 001,593,344 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe
MOD - [2009.08.28 17:50:18 | 000,282,624 | ---- | M] () -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
MOD - [2007.11.30 20:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe
 
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2010.11.25 09:47:08 | 003,152,200 | ---- | M] (O&O Software GmbH) [Auto | Running] -- C:\Program Files\OO Software\Defrag\oodag.exe -- (OODefragAgent)
SRV:64bit: - [2010.03.05 19:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) Intel(R)
SRV:64bit: - [2010.03.05 19:07:58 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS)
SRV:64bit: - [2010.03.05 19:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) Intel(R)
SRV:64bit: - [2009.09.17 20:36:34 | 000,359,552 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent)
SRV:64bit: - [2009.08.06 23:17:46 | 000,118,672 | ---- | M] (Intel(R) Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost)
SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2012.06.18 21:07:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.05.02 01:42:28 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.02 00:34:34 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.04 14:32:36 | 000,718,888 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2011.10.01 09:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2011.10.01 09:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2011.06.06 12:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.06.05 07:22:00 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.12 12:11:24 | 000,278,528 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe -- (WSWNA3100)
SRV - [2009.12.15 19:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv)
SRV - [2009.10.01 04:34:22 | 002,314,240 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R)
SRV - [2009.10.01 04:33:08 | 000,262,144 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R)
SRV - [2009.06.16 02:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2008.03.31 02:55:48 | 000,225,280 | ---- | M] (ASUSTek Computer Inc.) [On_Demand | Running] -- C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe -- (ADSMService)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.05.02 15:24:12 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr)
DRV:64bit: - [2012.04.27 10:20:04 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb)
DRV:64bit: - [2012.04.25 00:32:27 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2011.11.01 11:07:26 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011.11.01 11:07:24 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2011.11.01 11:07:24 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2011.10.01 09:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol)
DRV:64bit: - [2011.10.01 09:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay)
DRV:64bit: - [2011.10.01 09:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir)
DRV:64bit: - [2011.10.01 09:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs)
DRV:64bit: - [2011.06.05 07:22:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt)
DRV:64bit: - [2011.03.30 13:31:58 | 000,035,384 | ---- | M] (ASUSTek Computer Inc) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\AsDsm.sys -- (AsDsm)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.02.11 19:16:38 | 010,628,640 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TFsExDisk.sys -- (TFsExDisk)
DRV:64bit: - [2010.04.28 08:57:50 | 000,061,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr)
DRV:64bit: - [2010.04.27 04:25:16 | 000,161,280 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdm.sys -- (ss_bmdm)
DRV:64bit: - [2010.04.27 04:25:16 | 000,127,488 | ---- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bbus.sys -- (ss_bbus) SAMSUNG USB Mobile Device (WDM)
DRV:64bit: - [2010.04.27 04:25:16 | 000,018,944 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ss_bmdfl.sys -- (ss_bmdfl) SAMSUNG USB Mobile Modem (Filter)
DRV:64bit: - [2010.04.16 20:45:50 | 000,039,832 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd)
DRV:64bit: - [2010.03.18 07:21:58 | 007,680,512 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) Intel(R)
DRV:64bit: - [2010.02.27 01:32:11 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd)
DRV:64bit: - [2010.02.03 15:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) Intel(R)
DRV:64bit: - [2009.12.17 04:42:07 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.11.06 09:40:26 | 000,838,136 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bcmwlhigh664.sys -- (BCMH43XX)
DRV:64bit: - [2009.10.27 08:19:48 | 000,176,640 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc)
DRV:64bit: - [2009.10.27 08:19:46 | 000,075,264 | ---- | M] (NEC Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub)
DRV:64bit: - [2009.10.15 11:23:19 | 000,117,760 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD)
DRV:64bit: - [2009.09.17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R)
DRV:64bit: - [2009.09.04 07:39:07 | 000,062,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20)
DRV:64bit: - [2009.08.21 08:48:17 | 000,044,032 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor)
DRV:64bit: - [2009.08.20 20:41:37 | 001,800,192 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\snp2uvc.sys -- (SNP2UVC) USB2.0 PC Camera (SNP2UVC)
DRV:64bit: - [2009.08.06 23:17:34 | 000,013,784 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB)
DRV:64bit: - [2009.07.21 03:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr)
DRV:64bit: - [2009.06.18 21:18:10 | 000,015,928 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\lullaby.sys -- (lullaby)
DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.05.13 18:07:20 | 000,015,928 | ---- | M] (ASUS) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ATK64AMD.sys -- (MTsensor)
DRV:64bit: - [2008.08.28 12:44:42 | 000,025,600 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2008.05.24 02:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr)
DRV:64bit: - [2007.01.19 19:24:24 | 000,025,312 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\SCMNdisP.sys -- (SCMNdisP)
DRV - [2010.06.14 02:32:54 | 000,016,448 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk)
DRV - [2010.02.24 20:14:22 | 000,146,928 | ---- | M] (CyberLink Corp.) [2010/11/02 22:21:17] [Kernel | Auto | Running] -- C:\Program Files (x86)\Cyberlink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
DRV - [2009.07.03 02:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox
IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = E4 0A C0 70 5F 60 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_265.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_265.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetleCorePlugin,version=0.9.18: C:\Program Files (x86)\Veetle\plugins\npVeetle.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\@veetle.com/veetlePlayerPlugin,version=0.9.18: C:\Program Files (x86)\Veetle\Player\npvlc.dll (Veetle Inc)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@octoshape.com/Octoshape Streaming Services,version=1.0: C:\Users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1101262-0-npoctoshape.dll (Octoshape ApS)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.01.04 02:20:30 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\fe_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Bookmarks Connector\FirefoxExtension_9.0 [2012.02.02 12:42:15 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 21:07:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.13 10:03:33 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Thunderbird\Extensions\\te_9.0@nokia.com: C:\Program Files (x86)\Nokia\Nokia Suite\Connectors\Thunderbird Connector\ThunderbirdExtension_9.0 [2012.02.02 12:42:16 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.06.18 21:07:57 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.05.13 10:03:33 | 000,000,000 | ---D | M]
 
[2011.03.20 03:30:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SümHar\AppData\Roaming\mozilla\Extensions
[2011.03.18 12:05:59 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SümHar\AppData\Roaming\mozilla\Extensions\ideskbrowser@haufe.de
[2011.12.05 18:39:47 | 000,000,000 | ---D | M] (No name found) -- C:\Users\SümHar\AppData\Roaming\mozilla\Firefox\Profiles\xcz6s0jh.default\extensions
[2012.07.12 13:23:09 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.07.12 13:23:09 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA}
[2012.06.18 21:07:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.18 21:07:55 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.18 21:07:55 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.18 21:07:55 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.18 21:07:55 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.18 21:07:55 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.18 21:07:55 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2012.07.14 16:51:21 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O2:64bit: - BHO: (Windows Live Family Safety Browser Helper Class) - {4f3ed5cd-0726-42a9-87f5-d13f3d2976ac} - C:\Program Files\Windows Live\Family Safety\fssbho.dll (Microsoft Corporation)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.)
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (AlcorMicro Co., Ltd.)
O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe ()
O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.)
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation)
O4:64bit: - HKLM..\Run: [OODefragTray] C:\Program Files\OO Software\Defrag\oodtray.exe (O&O Software GmbH)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [Setwallpaper] c:\programdata\SetWallpaper.cmd File not found
O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS)
O4 - HKLM..\Run: [ATKOSD2] C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe (ASUS)
O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS)
O4 - HKLM..\Run: [LexwareInfoService] C:\Program Files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe (Haufe-Lexware GmbH & Co. KG)
O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (NEC Electronics Corporation)
O4 - HKLM..\Run: [PDFPrint] C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH)
O4 - HKLM..\Run: [RemoteControl9] C:\Program Files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.)
O4 - HKCU..\Run: [Octoshape Streaming Services] C:\Users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe (Octoshape ApS)
O4 - HKCU..\Run: [Syncables] C:\Program Files (x86)\syncables\syncables desktop\Syncables.exe (syncables, LLC)
O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Pampers Pregnancy Widget.lnk =  File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Harun's Installationen\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Nach Microsoft &Excel exportieren - D:\Harun's Installationen\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Harun's Installationen\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O16:64bit: - DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} hxxp://download.sopcast.com/download/SOPCORE.CAB (Reg Error: Key error.)
O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8EAD501B-E20D-4854-BF10-E319C5E16D58}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{93C9F2D0-22DE-4EC0-85A6-9E656A3004C9}: NameServer = 0.0.0.0
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{9B8DDC1E-1470-41D2-8837-3E8ECC4869C2}: DhcpNameServer = 192.168.178.1
O18:64bit: - Protocol\Handler\haufereader - No CLSID value found
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18 - Protocol\Handler\haufereader - No CLSID value found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (OODBS)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework
ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
 
MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= -  File not found
MsConfig:64bit - StartUpReg: ADSMTray - hkey= - key= - C:\Program Files (x86)\ASUS\ASUS Data Security Manager\ADSMTray.exe (ASUSTek Computer Inc.)
MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS)
MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2012.07.15 12:33:48 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\SümHar\Desktop\OTL.exe
[2012.07.15 12:20:45 | 000,000,000 | ---D | C] -- C:\Users\SümHar\AppData\Roaming\Malwarebytes
[2012.07.15 12:20:20 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.07.15 12:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012.07.15 12:20:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2012.07.15 12:20:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2012.07.15 12:18:58 | 010,652,120 | ---- | C] (Malwarebytes Corporation                                    ) -- C:\Users\SümHar\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.14 17:08:18 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2012.07.14 17:05:32 | 000,000,000 | ---D | C] -- C:\$RECYCLE.BIN
[2012.07.14 16:44:37 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2012.07.14 16:44:37 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2012.07.14 16:44:37 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2012.07.14 16:44:33 | 000,000,000 | ---D | C] -- C:\Qoobox
[2012.07.14 16:44:22 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2012.07.14 16:42:13 | 004,577,833 | R--- | C] (Swearware) -- C:\Users\SümHar\Desktop\ComboFix.exe
[2012.07.12 14:04:09 | 000,000,000 | ---D | C] -- C:\FRST
[2012.07.11 02:35:57 | 000,000,000 | ---D | C] -- C:\Users\SümHar\AppData\Roaming\Avira
[2012.07.11 02:30:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
[2012.07.11 02:30:34 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys
[2012.07.11 02:30:34 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys
[2012.07.11 02:30:34 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys
[2012.07.11 02:30:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira
[2012.07.11 02:30:19 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira
[2012.07.02 11:57:44 | 000,000,000 | ---D | C] -- C:\Users\SümHar\Desktop\Nintendo
[2012.06.25 00:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
[2012.06.19 12:58:37 | 000,000,000 | ---D | C] -- C:\Users\SümHar\AppData\Local\Macromedia
[2008.08.12 06:45:20 | 000,155,648 | ---- | C] (ASUS) -- C:\Program Files (x86)\Common Files\MSIactionall.dll
[17 C:\Users\SümHar\Desktop\*.tmp files -> C:\Users\SümHar\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2012.07.15 12:33:48 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\SümHar\Desktop\OTL.exe
[2012.07.15 12:28:01 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2012.07.15 12:20:49 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 12:20:49 | 000,010,240 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012.07.15 12:19:44 | 001,500,294 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2012.07.15 12:19:44 | 000,654,852 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2012.07.15 12:19:44 | 000,616,694 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2012.07.15 12:19:44 | 000,130,434 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2012.07.15 12:19:44 | 000,106,816 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2012.07.15 12:18:58 | 010,652,120 | ---- | M] (Malwarebytes Corporation                                    ) -- C:\Users\SümHar\Desktop\mbam-setup-1.62.0.1300.exe
[2012.07.15 12:17:35 | 000,000,254 | ---- | M] () -- C:\Windows\Brownie.ini
[2012.07.15 12:14:52 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe
[2012.07.15 12:14:45 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2012.07.15 12:14:35 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012.07.15 12:14:17 | 3055,706,112 | -HS- | M] () -- C:\hiberfil.sys
[2012.07.15 12:14:16 | 000,853,644 | ---- | M] () -- C:\Windows\SysNative\oodbs.lor
[2012.07.14 16:51:21 | 000,000,027 | ---- | M] () -- C:\Windows\SysNative\drivers\etc\hosts
[2012.07.14 16:42:34 | 004,577,833 | R--- | M] (Swearware) -- C:\Users\SümHar\Desktop\ComboFix.exe
[2012.07.14 16:39:02 | 000,000,000 | ---- | M] () -- C:\Users\SümHar\defogger_reenable
[2012.07.14 16:36:03 | 000,050,477 | ---- | M] () -- C:\Users\SümHar\Desktop\Defogger.exe
[2012.07.12 14:41:40 | 000,000,400 | ---- | M] () -- C:\Windows\ODBC.INI
[2012.07.12 12:49:02 | 000,398,920 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2012.07.11 02:30:42 | 000,001,996 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.11 02:27:43 | 000,001,641 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini
[2012.07.10 23:35:16 | 000,000,432 | ---- | M] () -- C:\Windows\BRWMARK.INI
[2012.07.10 14:54:10 | 004,503,728 | ---- | M] () -- C:\ProgramData\go_0molg.pad
[2012.07.03 13:46:44 | 000,024,904 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2012.06.25 17:06:21 | 001,033,876 | ---- | M] () -- C:\Users\SümHar\Desktop\Mein_BASE_Kuendigungscheckliste.pdf
[2012.06.25 17:00:59 | 001,016,289 | ---- | M] () -- C:\Users\SümHar\Desktop\Kuendigungsanschreiben_MEIN_BASE.pdf
[17 C:\Users\SümHar\Desktop\*.tmp files -> C:\Users\SümHar\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2012.07.14 16:44:37 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2012.07.14 16:44:37 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2012.07.14 16:44:37 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2012.07.14 16:44:37 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2012.07.14 16:44:37 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2012.07.14 16:39:02 | 000,000,000 | ---- | C] () -- C:\Users\SümHar\defogger_reenable
[2012.07.14 16:36:03 | 000,050,477 | ---- | C] () -- C:\Users\SümHar\Desktop\Defogger.exe
[2012.07.12 21:20:57 | 000,001,445 | ---- | C] () -- C:\Users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
[2012.07.12 21:20:57 | 000,001,411 | ---- | C] () -- C:\Users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk
[2012.07.11 02:30:42 | 000,001,996 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk
[2012.07.09 02:21:45 | 004,503,728 | ---- | C] () -- C:\ProgramData\go_0molg.pad
[2012.06.25 17:06:21 | 001,033,876 | ---- | C] () -- C:\Users\SümHar\Desktop\Mein_BASE_Kuendigungscheckliste.pdf
[2012.06.25 16:56:04 | 001,016,289 | ---- | C] () -- C:\Users\SümHar\Desktop\Kuendigungsanschreiben_MEIN_BASE.pdf
[2012.06.02 16:27:30 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth2.dll
[2012.06.02 16:27:30 | 000,001,024 | ---- | C] () -- C:\Windows\SysWow64\clauth1.dll
[2012.06.02 16:25:54 | 000,001,025 | ---- | C] () -- C:\Windows\SysWow64\sysprs7.dll
[2012.01.16 17:26:22 | 000,000,025 | ---- | C] () -- C:\Windows\CDE P2400EFGD.ini
[2011.08.15 18:36:38 | 000,000,432 | ---- | C] () -- C:\Windows\BRWMARK.INI
[2011.08.15 18:35:57 | 000,000,151 | ---- | C] () -- C:\Windows\BRVIDEO.INI
[2011.08.15 18:35:57 | 000,000,000 | ---- | C] () -- C:\Windows\brmx2001.ini
[2011.08.15 18:35:56 | 000,009,030 | ---- | C] () -- C:\Windows\HL-2030.INI
[2011.08.15 18:35:56 | 000,000,114 | ---- | C] () -- C:\Windows\SysWow64\brlmw03a.ini
[2011.08.15 18:35:07 | 000,000,054 | ---- | C] () -- C:\Windows\SysWow64\bd2030.dat
[2011.08.15 18:34:29 | 000,000,254 | ---- | C] () -- C:\Windows\Brownie.ini
[2011.05.10 17:24:36 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.03.30 18:47:45 | 001,527,912 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI
[2011.03.18 15:55:41 | 000,000,042 | ---- | C] () -- C:\Windows\oodjobd.INI
[2011.03.18 12:47:34 | 000,000,088 | -H-- | C] () -- C:\ProgramData\aspg.dat
[2011.03.18 10:35:42 | 000,000,024 | ---- | C] () -- C:\Windows\ATKPF.ini
[2011.02.11 19:15:08 | 000,874,048 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin
[2010.11.03 08:00:09 | 000,053,248 | ---- | C] () -- C:\Windows\SysWow64\LogonStart.dll
[2010.08.25 20:34:30 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin
[2010.08.25 20:34:30 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin
[2009.04.08 19:31:56 | 000,106,496 | ---- | C] () -- C:\Program Files (x86)\Common Files\CPInstallAction.dll
[2008.05.22 17:35:54 | 000,051,962 | ---- | C] () -- C:\Program Files (x86)\Common Files\banner.jpg
 
========== LOP Check ==========
 
[2011.03.29 21:42:21 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Asus WebStorage
[2011.05.06 08:44:54 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\gkytjqbniuuvgt2eag2knwolomzpy1a2
[2011.03.18 12:05:58 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Haufe Mediengruppe
[2011.03.19 09:32:10 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Lexware
[2011.05.14 13:14:33 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Moumda
[2012.02.02 12:50:05 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Nokia
[2012.02.02 12:50:06 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Nokia Suite
[2011.08.18 21:08:13 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Octoshape
[2011.04.25 13:26:48 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\OpenOffice.org
[2012.02.02 12:47:35 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\PC Suite
[2012.01.04 20:30:54 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Samsung
[2012.06.11 01:52:38 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\SoftGrid Client
[2011.03.30 18:48:48 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\TP
[2012.05.23 13:22:50 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\Voipwise
[2011.05.10 22:48:30 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
[2012.06.21 22:07:08 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.07.14 17:05:32 | 000,000,000 | ---D | M] -- C:\$RECYCLE.BIN
[2011.03.18 00:04:52 | 000,000,000 | -H-D | M] -- C:\ASUS.DAT
[2010.11.03 08:05:06 | 000,000,000 | ---D | M] -- C:\ASUS.SYS
[2011.03.30 18:10:11 | 000,000,000 | ---D | M] -- C:\Boot
[2009.07.14 07:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2010.11.03 08:00:58 | 000,000,000 | ---D | M] -- C:\eSupport
[2012.07.13 07:27:43 | 000,000,000 | ---D | M] -- C:\FRST
[2010.11.03 07:45:00 | 000,000,000 | ---D | M] -- C:\Intel
[2011.03.30 18:54:34 | 000,000,000 | R--D | M] -- C:\MSOCache
[2011.09.02 19:33:02 | 000,000,000 | ---D | M] -- C:\NvidiaLogs
[2009.07.14 05:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.01.04 20:32:19 | 000,000,000 | R--D | M] -- C:\Program Files
[2012.07.15 12:20:20 | 000,000,000 | R--D | M] -- C:\Program Files (x86)
[2012.07.15 12:20:20 | 000,000,000 | ---D | M] -- C:\ProgramData
[2012.07.14 17:08:19 | 000,000,000 | ---D | M] -- C:\Qoobox
[2011.03.17 23:54:04 | 000,000,000 | ---D | M] -- C:\Recovery
[2012.07.15 12:37:49 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2011.11.22 17:18:16 | 000,000,000 | R--D | M] -- C:\Users
[2012.07.14 17:08:18 | 000,000,000 | ---D | M] -- C:\Windows
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< %windir%\installer\*. /5 >
[2012.07.12 14:41:39 | 000,000,000 | ---D | M] -- C:\Windows\installer\{90110407-6000-11D3-8CFE-0150048383C9}
[2012.07.12 15:27:27 | 000,000,000 | ---D | M] -- C:\Windows\installer\{AC76BA86-7AD7-1031-7B44-AA1000000001}
 
< %localappdata%\*. /5  >
[2012.07.15 12:35:26 | 000,000,000 | ---D | M] -- C:\Users\SümHar\AppData\Local\Temp
 
< MD5 for: SERVICES.EXE  >
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\erdnt\cache64\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\SysNative\services.exe
[2009.07.14 03:39:37 | 000,328,704 | ---- | M] (Microsoft Corporation) MD5=24ACB7E5BE595468E3B9AA488B9B4FCB -- C:\Windows\winsxs\amd64_microsoft-windows-s..s-servicecontroller_31bf3856ad364e35_6.1.7600.16385_none_2b54b20ee6fa07b1\services.exe
 
< MD5 for: USER32.DLL  >
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\erdnt\cache86\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll
[2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
[2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll
[2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\erdnt\cache64\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll
[2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 155 bytes -> C:\ProgramData\Temp:981884E7
@Alternate Data Stream - 126 bytes -> C:\ProgramData\Temp:3E7393FC

< End of report >
         

Und hier der Inhalt aus Extras.txt

Code:
ATTFilter
OTL Extras logfile created on: 15.07.2012 12:36:12 - Run 1
OTL by OldTimer - Version 3.2.54.0     Folder = C:\Users\SümHar\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,79 Gb Total Physical Memory | 2,25 Gb Available Physical Memory | 59,24% Memory free
7,59 Gb Paging File | 5,78 Gb Available in Paging File | 76,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 116,44 Gb Total Space | 72,30 Gb Free Space | 62,09% Space Free | Partition Type: NTFS
Drive D: | 327,83 Gb Total Space | 318,97 Gb Free Space | 97,30% Space Free | Partition Type: NTFS
 
Computer Name: UNSERERSTES | User Name: SümHar | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Harun's Installationen\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Harun's Installationen\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Harun's Installationen\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- "D:\Harun's Installationen\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Harun's Installationen\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Harun's Installationen\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{08C1FF6C-1F0F-48D8-8A23-69C05CA81754}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{12018001-62C2-45C3-B297-020AD002CD29}" = rport=445 | protocol=6 | dir=out | app=system | 
"{1A77AAA8-0D1C-4066-9161-06621F44B04D}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{382DA01B-1E0C-48CF-92C4-879C0E2090CF}" = lport=138 | protocol=17 | dir=in | app=system | 
"{3CA835DF-A00C-4A10-8D3C-64ADDFC56427}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{45CBBDD2-1F1B-49F7-A9C9-30F21C7DE48B}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{56AEA11C-9D0C-4AF0-B0A1-8CB661EF3600}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6063A7D8-29BE-487C-957D-A1CAC1CA4518}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{62B99C07-3A34-4F2A-AF40-F6041F2DA5F9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{69EC813D-820A-4784-B49D-9A4E56A15C74}" = lport=139 | protocol=6 | dir=in | app=system | 
"{73B32A18-5E2E-4B29-84B3-C11F9DC6AC1B}" = lport=5353 | protocol=17 | dir=in | name=java(tm) platform se binary | 
"{8230825D-85ED-4FEE-B4C0-F455D9C7BDEC}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{8386BCCC-97D3-4002-A5A8-061508887C1D}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{8D552F6E-7EF5-4A30-903F-9B6E46645BE8}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{90EF60BB-4742-4F09-A42D-87657A946538}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{986816F1-B4BC-43FE-9F40-E7F6E9584EC4}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A3A28F56-56FC-45DB-AAB8-5D58CBD9DD93}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{A9A256D1-571F-469C-ABD5-0C267DDCB934}" = rport=138 | protocol=17 | dir=out | app=system | 
"{ABA6127E-3E1F-4718-A78C-B61543B7783B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe | 
"{AE95A405-3D80-4CD2-BA8D-DB9ADF09DCBF}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{D0C706E9-EC6A-4777-97D5-C5F9D1FD7A46}" = lport=137 | protocol=17 | dir=in | app=system | 
"{DAE97E97-2D5B-4D6D-933A-2388DB9147BB}" = rport=139 | protocol=6 | dir=out | app=system | 
"{DDE3BB64-50C9-4C4D-882B-3704DBDD86B1}" = rport=137 | protocol=17 | dir=out | app=system | 
"{E9D44020-03AF-4EC1-916A-89729E0AA746}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{F458A5F7-8E90-4EF6-AE2A-30D341F1490C}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{FB170AB9-8D53-4FC5-8648-BBB9DEA21A2F}" = lport=8182 | protocol=6 | dir=in | name=java(tm) platform se binary | 
"{FDC8F510-3F12-45D5-AC7B-AF354AC156C8}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{063AF2BE-1D22-4E8B-920E-8DD5C3CDD6B8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1C4EEB46-0F09-41F7-B4E0-2799102A9BF9}" = protocol=17 | dir=in | app=e:\dvd-start.exe | 
"{1DBD06EE-6C6E-4A2B-A0A7-A16C2DD63D71}" = protocol=6 | dir=in | app=c:\program files (x86)\veetle\player\veetlenet.exe | 
"{2C50424E-86BD-482C-A12D-20DEDE234EDE}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{2E53DC06-228B-431D-9289-916C995A01F5}" = dir=in | app=c:\program files (x86)\cyberlink\powerdirector\pdr.exe | 
"{2F7E74EF-D11B-4166-8F5F-2C66FAF64C8B}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{3E25386A-1A58-41CB-BC6D-5173A3E7A384}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{405B3EA4-7A10-42F5-B4E0-713B90A57898}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{4130A3BD-EB4A-4EFC-852A-B2004827BBEB}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{45B5F8EF-4F6D-433A-A1A2-58F3CB031BCD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{493C292F-E65B-413F-A34B-A750CD6D7D94}" = dir=in | app=c:\program files (x86)\common files\nokia\service layer\a\nsl_host_process.exe | 
"{4FF9FA6C-90BB-4FB7-BEA0-216207A705B6}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe | 
"{59A7DC67-5F4D-4A60-83CC-1E878F2CF7FB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{67FAEA95-F460-4995-A749-3B9DF794B8F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{73460C06-8D81-47EA-A629-9E79B4855A49}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{74A0F9DB-2EE0-401F-B704-E9299B0C213A}" = protocol=6 | dir=in | app=c:\program files (x86)\voipwise.com\voipwise\voipwise.exe | 
"{7CAE78F4-B77C-4772-BF66-C2C96E8FE555}" = protocol=6 | dir=in | app=e:\dvd-start.exe | 
"{7DA835FA-E2E3-417A-B3CB-4C5F25C159A2}" = protocol=17 | dir=in | app=c:\program files (x86)\voipwise.com\voipwise\voipwise.exe | 
"{82C28493-B1E3-4B10-903D-03EF2DF91695}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd cinema\powerdvdcinema.exe | 
"{8E78B34B-36CD-4760-9720-1927805A1F6F}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{8EC3C2DD-F948-4897-A6B3-5F365BE15E96}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe | 
"{95BB3BF9-C14B-4281-826D-B7A5D5789810}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe | 
"{9835C11B-B43A-4D13-A25A-A871D0ED90A4}" = protocol=6 | dir=out | app=system | 
"{9CBBDF6C-F57F-4F78-82C0-4C6EC214556B}" = dir=in | app=c:\program files (x86)\intel corporation\intel wireless display\widiapp.exe | 
"{A8C0F002-8E02-4C23-BD20-267D9AA11E82}" = protocol=17 | dir=in | app=d:\sümeyras\samsung pc studio\npsvsvr.exe | 
"{ACC54E55-2DAA-443B-9371-760CCBE4873E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd9\powerdvd9.exe | 
"{BCCAC86B-26DE-4B75-A406-2051FD268CC5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{C075BE04-1E0C-4182-ABA2-780F50C82A84}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{C1B8EF98-4624-428B-A0D3-E6FA00A74C26}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C4BA953C-C69E-41F7-9376-47A38B5BA6B5}" = protocol=6 | dir=in | app=d:\sümeyras\samsung pc studio\npsvsvr.exe | 
"{CBDAC4A2-8FFF-4707-AFB5-CF200BB80F38}" = protocol=17 | dir=in | app=d:\sümeyras\samsung pc studio\npsasvr.exe | 
"{CBFF59E0-C3FD-4DFE-94F6-A5ABC8BA5EB4}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe | 
"{D04FC21B-7024-4939-8680-2D4456B3FA80}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{D9F64681-791A-417E-B763-D629EBD3B57A}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{DB774866-87D8-4611-927F-3A8977BA964C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{E1440B81-18F7-40C0-9993-4BAD15EF4969}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E943F74C-6A98-4EBC-A1BD-92886DAE0B4B}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{ED0A374C-2980-45F9-8342-3AD123A94A38}" = protocol=6 | dir=in | app=d:\sümeyras\samsung pc studio\npsasvr.exe | 
"{F976A22F-ABB6-472E-8695-930330BD330A}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"TCP Query User{166E163E-59BD-42AD-B4A4-33C255938600}C:\program files (x86)\sopcast\sopcast.exe" = protocol=6 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"TCP Query User{2DD4C533-C997-439F-A1D9-F59BB505D904}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"TCP Query User{4A93012F-6865-44A5-9AE5-AFCE77789103}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{4EAF7B31-147F-4937-BDE9-C801943CD00C}C:\users\sümhar\appdata\roaming\ekluu\dyru.exe" = protocol=6 | dir=in | app=c:\users\sümhar\appdata\roaming\ekluu\dyru.exe | 
"TCP Query User{672FA8EF-A238-4F60-BE4C-EA8E4C011175}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=6 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"TCP Query User{8669CD82-A7BC-467C-8E87-E8741B693A53}C:\users\sümhar\appdata\roaming\ekluu\dyru.exe" = protocol=6 | dir=in | app=c:\users\sümhar\appdata\roaming\ekluu\dyru.exe | 
"TCP Query User{8D08343C-0A6B-45C3-8A67-100A34E926C5}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=6 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"TCP Query User{A3C72839-BC34-407B-A72F-6CB5DE3DFA60}C:\users\sümhar\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=6 | dir=in | app=c:\users\sümhar\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"TCP Query User{BA0DE892-14AD-4A1F-935E-27E952BEA82A}C:\program files (x86)\voipwise.com\voipwise\voipwise.exe" = protocol=6 | dir=in | app=c:\program files (x86)\voipwise.com\voipwise\voipwise.exe | 
"TCP Query User{CE9E8DBA-FBFA-4C3D-8954-E02E0687D0DA}C:\program files (x86)\warcraft iii\war3.exe" = protocol=6 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{3380AF5B-77FD-4D35-8B13-BB40066E0A4B}C:\users\sümhar\appdata\roaming\ekluu\dyru.exe" = protocol=17 | dir=in | app=c:\users\sümhar\appdata\roaming\ekluu\dyru.exe | 
"UDP Query User{3A334615-DC69-4DF1-807C-7BF478DA8100}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{47C51793-F8E9-439B-AAF4-97DEDDA21E42}C:\program files (x86)\sopcast\sopcast.exe" = protocol=17 | dir=in | app=c:\program files (x86)\sopcast\sopcast.exe | 
"UDP Query User{4B0EF335-64F1-4AE2-AAB6-FB94D1135D1A}C:\program files (x86)\mozilla firefox\plugin-container.exe" = protocol=17 | dir=in | app=c:\program files (x86)\mozilla firefox\plugin-container.exe | 
"UDP Query User{72EEB7B6-307C-4BEE-ABD0-B28CA35B06AA}C:\program files (x86)\voipwise.com\voipwise\voipwise.exe" = protocol=17 | dir=in | app=c:\program files (x86)\voipwise.com\voipwise\voipwise.exe | 
"UDP Query User{84F00D63-3133-498D-BF0A-FCDC9B110E6A}C:\users\sümhar\appdata\roaming\ekluu\dyru.exe" = protocol=17 | dir=in | app=c:\users\sümhar\appdata\roaming\ekluu\dyru.exe | 
"UDP Query User{8EAA6D7B-0E38-47C6-824D-867E035ED407}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
"UDP Query User{A56F92F4-59FA-4780-8B25-58369936A790}C:\program files (x86)\warcraft iii\war3.exe" = protocol=17 | dir=in | app=c:\program files (x86)\warcraft iii\war3.exe | 
"UDP Query User{A7725E5D-5976-49A4-AECB-7C51195907BE}C:\users\sümhar\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe" = protocol=17 | dir=in | app=c:\users\sümhar\appdata\roaming\octoshape\octoshape streaming services\octoshapeclient.exe | 
"UDP Query User{EB54A946-B297-4391-9A1D-9BB96793CE5E}C:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe" = protocol=17 | dir=in | app=c:\program files (x86)\syncables\syncables desktop\jre\bin\javaw.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0D9917CE-1C77-4B58-A153-DCB5A854ED82}" = Intel(R) Wireless Display
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{13F4A7F3-EABC-4261-AF6B-1317777F0755}" = Fast Boot
"{17B77355-3934-4D0E-8FAC-C420482C8E7D}" = Windows Live Family Safety
"{1A8BA6CE-822D-4888-89E2-ACBF4308F271}" = Intel(R) PROSet/Wireless WiFi Software
"{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}" = O&O Defrag Professional
"{39F4C6F9-618A-4E5B-8FB2-6BD661174E32}" = Intel(R) Turbo Boost Technology Monitor
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{91EFE3A1-585E-4F66-B5F6-F118F56C4C47}" = ASUS Power4Gear Hybrid
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 268.83
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}" = SAMSUNG USB Driver for Mobile Phones
"{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}" = SRS Premium Sound Control Panel
"{EE936C7A-EA40-31D5-9B65-8E3E089C3828}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x64 9.0.30729.4148
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Elantech" = ETDWare PS/2-x64 7.0.5.9_WHQL
"FCEC33AD40CEA5E0FC4CEE6E42041A0DA189652D" = Windows-Treiberpaket - Nokia pccsmcfd  (08/22/2008 7.0.0.0)
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"ProInst" = Intel PROSet Wireless
"Samsung Mobile phone USB driver Drive" = Samsung Mobile phone USB driver Drive Software
"SAMSUNG Mobile USB Modem" = SAMSUNG Mobile USB Modem Software
"WinRAR archiver" = WinRAR 4.00 (64-Bit)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06585B02-F20D-4AB2-9A64-86EF2AE0F8F0}" = ASUS AI Recovery
"{0969AF05-4FF6-4C00-9406-43599238DE0D}" = ASUS Splendid Video Enhancement Technology
"{0F32914F-A633-4516-B531-7084C8F19F93}" = Haufe iDesk-Browser
"{15B2BC56-D179-4450-84B9-7A8D7F4CE1B9}" = Lexware Info Service
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}" = ASUS LifeFrame3
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{20FDF948-C8ED-4543-A539-F7F4AEF5AFA2}" = Wireless Console 3
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 33
"{27F10580-E040-11DF-8C28-005056B12123}" = Haufe iDesk-Service
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2F173C40-563E-11D4-89C5-0010ADDAAC33}" = EA.com Matchup
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{33286280-8617-11E1-8FF6-B8AC6F97B88E}" = Google Earth Plug-in
"{341697D8-9923-445E-B42A-529E5A99CB7A}" = syncables desktop SE
"{3BEFC315-7F74-4F71-B704-2CAF4DC046BB}" = Steuer-Hilfesammlung 2010
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA68A73-DB9C-439D-9481-981C82BD008B}" = Nokia Connectivity Cable Driver
"{4B526075-AF27-47A2-860D-3DA92928A051}" = Steuer 2010
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5B65EF64-1DFA-414A-8C94-7BB726158E21}" = ControlDeck
"{64452561-169F-4A36-A2FF-B5E118EC65F5}" = ASUS SmartLogon
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B77A7F6-DD63-4F13-A6FF-83137A5AC354}" = ASUS CopyProtect
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6D9B9CF3-1E9C-45B6-B41E-5CF568605556}" = SPSS 15.0 für Windows [Auswertung Version]
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7BB634D5-753C-4D04-BBD8-06C15237D815}" = Brother HL-2030
"{7E84FAC8-C518-40F9-9807-7455301D6D25}" = SamsungConnectivityCableDriver
"{81A6F461-0DBA-4F12-B56F-0E977EC10576}_is1" = PDF24 Creator 3.5.3
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{8F21291E-0444-4B1D-B9F9-4370A73E346D}" = WinFlash
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{90DA7F39-B9D4-4FB1-93A0-6B10F83E35E2}" = Wer Wird Millionär? Party Edition
"{92D1CEBC-7C72-4ECF-BFC6-C131EF3FE6A7}" = Nokia Suite
"{933B4015-4618-4716-A828-5289FC03165F}" = VC80CRTRedist - 8.0.50727.6195
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{95140000-00AF-0407-0000-0000000FF1CE}" = Microsoft PowerPoint Viewer
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9AB97F52-512B-43EF-AAEC-4825C17B32ED}" = EA.com Update
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D48531D-2135-49FC-BC29-ACCDA5396A76}" = ASUS MultiFrame
"{A2AA4204-C05A-4013-888A-AD153139297F}" = PC Connectivity Solution
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}" = ATK Package
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.0) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"{B5A5627C-0173-4DB2-ADA8-740479370F67}" = Express Gate
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C2425F91-1F7B-4037-9A05-9F290184798D}" = NETGEAR WNA3100 wireless USB 2.0 adapter
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E657B243-9AD4-4ECC-BE81-4CCF8D667FD0}" = ASUS Live Update
"{E71E60C1-533E-45A5-8D80-E475E88D2B17}_is1" = Game Park Console
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{EC8BD21F-0CA0-4BBF-97D9-4A52B30041A1}" = ASUS Virtual Camera
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}" = ASUS FancyStart
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"{F8A9085D-4C7A-41a9-8A77-C8998A96C421}" = Intel(R) Control Center
"{FA2092C5-7979-412D-A962-6485274AE1EE}" = ASUS Data Security Manager
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"ASUS AP Bank_is1" = ASUS AP Bank
"ASUS WebStorage" = ASUS WebStorage
"ASUS_N_Series_Screensaver" = ASUS_N_Series_Screensaver
"Avira AntiVir Desktop" = Avira Free Antivirus
"DivX Setup" = DivX-Setup
"Google Chrome" = Google Chrome
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = ASUS Video Magic
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}" = CyberLink PowerDVD 9
"InstallShield_{AF7E85DC-317C-47F5-810E-B82EE093A612}" = Samsung New PC Studio USB Driver Installer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{D7BF9739-8A68-4335-BBEE-37752AD9E86B}" = NEC Electronics USB 3.0 Host Controller Driver
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaShow Espresso
"InstallShield_{F193FC0E-9E18-40FC-A974-509A1BDD240A}" = Samsung New PC Studio
"InstallShield_{F4BF5F6B-F695-4762-AEB2-D095A4C34D89}" = Alcor Micro USB Card Reader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.62.0.1300
"Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Nokia Suite" = Nokia Suite
"NVIDIA.Updatus" = NVIDIA Updatus
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"PDFTK Builder_is1" = PDFTK Builder 3.5.3
"SopCast" = SopCast 2.0.4
"Veetle TV" = Veetle TV
"VLC media player" = VLC media player 1.1.8
"Voipwise_is1" = Voipwise
"Warcraft III" = Warcraft III
"WinLiveSuite_Wave3" = Windows Live Essentials
"YTdetect" = Yahoo! Detect
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Octoshape Streaming Services" = Octoshape Streaming Services
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.03.2012 14:38:32 | Computer Name = UNSERERSTES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 09.03.2012 16:36:38 | Computer Name = UNSERERSTES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 20.03.2012 08:17:51 | Computer Name = UNSERERSTES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 20.03.2012 18:41:38 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 21.03.2012 02:20:54 | Computer Name = UNSERERSTES | Source = CVHSVC | ID = 100
Description = Nur zur Information.  (Patch task for {90140011-0066-0407-0000-0000000FF1CE}):
 DownloadLatest Failed: 
 
Error - 21.03.2012 19:41:22 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.03.2012 04:41:43 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 23.03.2012 20:56:21 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 25.03.2012 05:32:21 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
Error - 27.03.2012 03:57:15 | Computer Name = UNSERERSTES | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
 (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
 Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
 AIR.dll" in Zeile 3.  Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
 des "version"-Attributs im assemblyIdentity-Element ist ungültig.
 
[ Media Center Events ]
Error - 05.11.2011 13:56:51 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 18:56:51 - Fehler beim Herstellen der Internetverbindung.  18:56:51 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.11.2011 13:57:43 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 18:57:38 - Fehler beim Herstellen der Internetverbindung.  18:57:38 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 05.11.2011 15:59:33 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 20:59:21 - MCEClientUX konnte nicht abgerufen werden (Fehler: Der 
Remotename konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 05.11.2011 15:59:45 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 20:59:45 - Broadband konnte nicht abgerufen werden (Fehler: Der Remotename
 konnte nicht aufgelöst werden: 'data.tvdownload.microsoft.com')  
 
Error - 07.11.2011 17:02:25 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 22:02:25 - Fehler beim Herstellen der Internetverbindung.  22:02:25 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 07.11.2011 17:02:58 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 22:02:54 - Fehler beim Herstellen der Internetverbindung.  22:02:54 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 06.12.2011 12:30:37 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 17:27:37 - Fehler beim Herstellen der Internetverbindung.  17:27:39 
-     Serververbindung konnte nicht hergestellt werden..  
 
Error - 15.12.2011 16:51:13 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 21:51:11 - MCEClientUX konnte nicht abgerufen werden (Fehler: Die 
Verbindung mit dem Remoteserver kann nicht hergestellt werden.)  
 
Error - 20.12.2011 08:00:23 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 13:00:23 - Directory konnte nicht abgerufen werden (Fehler: Die zugrunde
 liegende Verbindung wurde geschlossen: Für den geschützten SSL/TLS-Kanal konnte
 keine Vertrauensstellung hergestellt werden..)  
 
Error - 09.01.2012 15:36:33 | Computer Name = UNSERERSTES | Source = MCUpdate | ID = 0
Description = 20:36:33 - Fehler beim Herstellen der Internetverbindung.  20:36:33 
-     Serververbindung konnte nicht hergestellt werden..  
 
[ System Events ]
Error - 10.07.2012 15:42:01 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
 aufgrund folgenden Fehlers nicht gestartet wurde:   %%1068
 
Error - 10.07.2012 15:42:12 | Computer Name = UNSERERSTES | Source = DCOM | ID = 10005
Description = 
 
Error - 12.07.2012 15:23:48 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Update" wurde mit folgendem Fehler beendet:   %%-2147467243
 
Error - 13.07.2012 11:53:41 | Computer Name = UNSERERSTES | Source = volsnap | ID = 393252
Description = Die Schattenkopien von Volume "C:" wurden abgebrochen, weil der Schattenkopiespeicher
 nicht auf ein benutzerdefiniertes Limit vergrößert werden konnte.
 
Error - 14.07.2012 10:48:47 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 14.07.2012 10:50:42 | Computer Name = UNSERERSTES | Source = Application Popup | ID = 1060
Description = Aufgrund der Inkompatibilität mit diesem System wurde \??\C:\ComboFix\catchme.sys
 nicht geladen. Wenden Sie sich an den Softwarehersteller, um eine kompatible Version
 des Treibers zu erhalten.
 
Error - 14.07.2012 10:51:23 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 14.07.2012 10:51:31 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
 Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
 sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
 
Error - 14.07.2012 10:52:38 | Computer Name = UNSERERSTES | Source = Service Control Manager | ID = 7023
Description = Der Dienst "Windows Defender" wurde mit folgendem Fehler beendet: 
  %%126
 
Error - 15.07.2012 06:15:45 | Computer Name = UNSERERSTES | Source = WMPNetworkSvc | ID = 866300
Description = 
 
 
< End of report >
         

Alt 15.07.2012, 16:44   #12
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
ATTFilter
DirLook::
C:\Users\SümHar\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
C:\Users\SümHar\AppData\Roaming\gkytjqbniuuvgt2eag2knwolomzpy1a2

SkipFix::
         
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.


  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.
__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 15.07.2012, 17:57   #13
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hier die ComboFix.txt

Code:
ATTFilter
ComboFix 12-07-14.01 - SümHar 15.07.2012  18:22:08.2.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3886.2361 [GMT 2:00]
ausgeführt von:: c:\users\S³mHar\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\S³mHar\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-15 bis 2012-07-15  ))))))))))))))))))))))))))))))
.
.
2012-07-15 16:30 . 2012-07-15 16:30	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-15 16:30 . 2012-07-15 16:30	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\users\SümHar\AppData\Roaming\Malwarebytes
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-15 10:20 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-12 12:04 . 2012-07-13 05:27	--------	d-----w-	C:\FRST
2012-07-12 10:20 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 10:19 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-12 10:19 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-12 10:19 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-12 10:19 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-12 10:19 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-12 10:19 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-12 10:16 . 2012-06-02 05:48	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-12 10:16 . 2012-06-02 05:48	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 10:16 . 2012-06-02 05:45	340992	----a-w-	c:\windows\system32\schannel.dll
2012-07-12 10:16 . 2012-06-02 05:44	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-07-12 10:16 . 2012-06-02 04:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-07-12 10:16 . 2012-06-02 04:39	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-07-12 10:16 . 2012-06-02 05:50	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-12 10:09 . 2012-06-06 06:05	1499136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-12 10:09 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-12 10:09 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 10:09 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:09 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 00:35 . 2012-07-11 00:35	--------	d-----w-	c:\users\SümHar\AppData\Roaming\Avira
2012-07-11 00:30 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-11 00:30 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-11 00:30 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\programdata\Avira
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\program files (x86)\Avira
2012-07-10 08:18 . 2012-07-10 08:18	--------	d-----w-	c:\users\Default\AppData\Local\Power2Go
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-21 11:22 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:22 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:22 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:22 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:21 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:21 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:21 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:21 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:21 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 10:58 . 2012-06-19 10:58	--------	d-----w-	c:\users\SümHar\AppData\Local\Macromedia
2012-06-18 19:07 . 2012-06-18 19:07	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 19:07 . 2012-06-18 19:07	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-15 16:32 . 2011-05-05 06:51	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-07-14 09:31 . 2012-04-03 21:33	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 09:31 . 2011-05-21 15:45	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 10:21 . 2012-05-13 08:03	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-03-18 09:50	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 14:42	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 14:42	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:42	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 14:42	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:42	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 14:42	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 14:42	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 14:42	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:42	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 14:42	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 14:42	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:42	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-14_15.05.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-14 14:51 . 2012-07-14 14:51	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-15 16:31 . 2012-07-15 16:31	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-03 05:45 . 2012-07-15 16:10	67536              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-15 16:10	40388              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-17 21:58 . 2012-07-15 16:10	17476              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224048981-3797675595-3377908284-1001_UserData.bin
+ 2011-03-19 15:04 . 2012-07-14 15:10	6784              c:\windows\system32\wdi\ERCQueuedResolutions.dat
- 2012-07-14 14:52 . 2012-07-14 14:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 16:32 . 2012-07-15 16:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-07-15 16:32 . 2012-07-15 16:32	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-07-14 14:52 . 2012-07-14 14:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:36 . 2012-07-14 14:56	616694              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-15 16:13	616694              c:\windows\system32\perfh009.dat
- 2009-08-04 09:51 . 2012-07-14 14:56	654852              c:\windows\system32\perfh007.dat
+ 2009-08-04 09:51 . 2012-07-15 16:13	654852              c:\windows\system32\perfh007.dat
- 2009-07-14 02:36 . 2012-07-14 14:56	106816              c:\windows\system32\perfc009.dat
+ 2009-07-14 02:36 . 2012-07-15 16:13	106816              c:\windows\system32\perfc009.dat
- 2009-08-04 09:51 . 2012-07-14 14:56	130434              c:\windows\system32\perfc007.dat
+ 2009-08-04 09:51 . 2012-07-15 16:13	130434              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-14 14:51	390572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-15 16:31	390572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2011-03-18 21:23 . 2012-07-05 15:57	1122128              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-18 21:23 . 2012-07-14 15:37	1122128              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-18 10:08 . 2012-07-15 16:31	53127269              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224048981-3797675595-3377908284-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Octoshape Streaming Services"="c:\users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-07 221256]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pampers Pregnancy Widget.lnk - c:\users\SümHar\AppData\Local\Temp\Rar$EX15.584\PampersPregnancyWidget.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-11-3 12862]
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-3-18 4562944]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-22 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/02 22:21];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
2012-07-15 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 4011336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - d:\harun'~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
TCP: Interfaces\{93C9F2D0-22DE-4EC0-85A6-9E656A3004C9}: NameServer = 0.0.0.0
FF - ProfilePath - c:\users\SümHar\AppData\Roaming\Mozilla\Firefox\Profiles\xcz6s0jh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1472A0ABB602BF3BB3B69D3DB32B6017AF2A512FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808A6A0AC4980AC793375A03BB06CDA84513EA34EEE58FC7209B427DAA63BD8DE86150B7BCCD6CA5EA78E6678E907EE0C3757506822991440E4CB7967963FFDC8062311E28FFEF0BA2BB1006AF8479452873C7416AE81255D2156B1841AC3753DD5DABF541F843AF434EB654854EB31439B81E96517A68AD7B2942F2B60D82F0F29C6A0DA7611CE3D51AE62CF6656409180A4626052C43303C3A82A5A0EB22FCEE6508B87886F6507C6CE96418C0D50B0F502E31B4CB82472B29AAB17B9280F54294A316C3A91CC8B0B06F4611A39035B705CC5A9E286F2828F561264F1367ABA3EE693A2620EE5C54AF147F754290F0E195A36A5E956CBD0A02B0E50B37DB1E1A94089C5D09BA577E31327D2F34F3E0A4C07B42E28F16C3E60CAA56775BF08EB21D23DF346171624EB5005C228406ED31ACE966458C6AAF2794FB3BC9DE5E6410FFCAED275835313A871A59B14B713B54885046CA9E9EBD8513264E609FC4B0B9285AF08890490D196261FB6CB11B1BC4D61FAF1BF122C1C7AD33A8108B2C2BAFC14E7C09EE0902FE57D5E70D951E439D77D4BA031197A30BFF58B2ADDDCF40157B452ABC6092E40F86E24A73D1B5AC0C7D6992D887D7A4B1E428004C2F21857D8D7BCFC060C555CE6D002C4673BD5ACAFD0DFC9C4E36368C7C299B4620F7878F2D149EBD49F0AA0FCE3DF2DBD9D2C99DA31E932D91200C322E8A568DDF37662465B7035219BDEEC3947FBCF9A55C7E8C52359A32EF43061C5844CCCC90487592B11FB97CCFDFDE4CF81E31B4D17A7C01EB421601E18E685804F07942B47B263A9720BD62BE72570A87CFC06163E5D09CA578BAC76302A3C5564A27701E9144D0265113B079CA5BD5E847D07ACC78F6FE36335D27B931853F7C3C22FB93BDD24A7B0D28E9A0664B9C04A711CB9D5F7E436120FA0E3BE5EDB524F5B7ABA2FD1BC3E81EC231AB0D91CD3E4B8455B2FE51EC181DDE75B4E3FAB83CE379BD95EC92EA2E84DC9294F945ACD4D8808A3BB3B95BAB4397D008693DFDA6FF3D9E4043252635AB7DCE0B3B5319CE0E6EC1A8AED070A128E3CE4CE46D25F3F037F9C818949C0AD42B54D59F1A15D61AF7FB6CD0974CC639F809231D6A94A302A5B335866F6B321D6B6715C13EFE4F214D1685B29A252D8802D02DB57C7889C84C05132EF00E6D336C0C07C75233A9F17F6912C021B21829AA6A3A3F0DABB3EFD0592DAE15336C9713CA4208B0819550F0908DFD92BEE57A8D7D9FD5DCDBA34D80308C08D9CB6ECEF167BCFDA2E7165AAA315368AE2AA333E2E7B056CD38C022C9A35F95750AD88EBBC14"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-15  18:46:20 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-15 16:46
ComboFix2.txt  2012-07-14 15:08
.
Vor Suchlauf: 16 Verzeichnis(se), 77.338.976.256 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 77.286.010.880 Bytes frei
.
- - End Of File - - 89ED8E8D8C19CF6CDB066EEEAA726A6D
         

Alt 16.07.2012, 13:17   #14
Larusso
/// Selecta Jahrusso
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hinweis für Mitleser:
Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen!

Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm vom folgenden Download-Spiegel neu herunter:
BleepingComputer.com
und speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)!

Drücke die + R Taste --> Notepad (hinein schreiben) --> OK

Kopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument.

Code:
ATTFilter
Folder::
C:\Users\SümHar\AppData\Roaming\{90140011-0066-0407-0000-0000000FF1CE}
C:\Users\SümHar\AppData\Roaming\gkytjqbniuuvgt2eag2knwolomzpy1a2
ClearJavaCache::
         
Speichere dies als CFScript.txt auf deinem Desktop.
Wichtig:
  • Stelle deine Anti Viren Software temporär ab. Dies kann ComboFix nämlich bei der Arbeit behindern. Danach wieder anstellen nicht vergessen!
  • Bewege nicht die Maus über das ComboFix-Fenster oder klicke in dieses hinein. Dies kann dazu führen, dass ComboFix sich aufhängt.
  • Schließe alle laufenden Programme. Gehe sicher, dass ComboFix ungehindert arbeiten kann.
  • Mache nichts am PC solange ComboFix läuft.


  • In Bezug auf obiges Bild, ziehe CFScript.txt in die ComboFix.exe
  • Wenn ComboFix fertig ist, wird es ein Log erstellen, C:\ComboFix.txt. Bitte füge es hier als Antwort ein.
Falls im Skript die Anweisung Suspect:: oder Collect:: enthalten ist, wird eine Message-Box erscheinen, nachdem Combofix fertig ist. Klicke OK und folge den Aufforderungen/Anweisungen, um die Dateien hochzuladen.




ESET Online Scanner

  • Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
  • Lade und starte Eset Online Scanner
  • Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
  • Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
  • Klicke auf Starten.
  • Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
  • Klicke am Ende des Suchlaufs auf Fertig stellen.
  • Schließe das Fenster von ESET.
  • Explorer öffnen.
  • C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
  • Logfile hier posten.
  • Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
  • Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

__________________
mfg, Daniel

ASAP & UNITE Member
Alliance of Security Analysis Professionals
Unified Network of Instructors and Trusted Eliminators

Lerne, zurück zu schlagen und unterstütze uns!
TB Akademie

Alt 16.07.2012, 19:12   #15
invisible
 
GVU Trojaner unter Windows 7 - Standard

GVU Trojaner unter Windows 7



Hier die ComboFix.txt

Code:
ATTFilter
ComboFix 12-07-16.01 - SümHar 16.07.2012  15:33:54.3.4 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3886.1994 [GMT 2:00]
ausgeführt von:: c:\users\S³mHar\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\S³mHar\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-06-16 bis 2012-07-16  ))))))))))))))))))))))))))))))
.
.
2012-07-16 13:41 . 2012-07-16 13:41	--------	d-----w-	c:\users\UpdatusUser\AppData\Local\temp
2012-07-16 13:41 . 2012-07-16 13:41	--------	d-----w-	c:\users\Default\AppData\Local\temp
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\users\SümHar\AppData\Roaming\Malwarebytes
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\program files (x86)\Malwarebytes' Anti-Malware
2012-07-15 10:20 . 2012-07-15 10:20	--------	d-----w-	c:\programdata\Malwarebytes
2012-07-15 10:20 . 2012-07-03 11:46	24904	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-07-12 12:04 . 2012-07-13 05:27	--------	d-----w-	C:\FRST
2012-07-12 10:20 . 2012-06-12 03:08	3148800	----a-w-	c:\windows\system32\win32k.sys
2012-07-12 10:19 . 2012-06-06 06:06	1881600	----a-w-	c:\windows\system32\msxml3.dll
2012-07-12 10:19 . 2012-06-06 05:05	1390080	----a-w-	c:\windows\SysWow64\msxml6.dll
2012-07-12 10:19 . 2012-06-06 05:05	1236992	----a-w-	c:\windows\SysWow64\msxml3.dll
2012-07-12 10:19 . 2010-06-26 03:55	2048	----a-w-	c:\windows\system32\msxml3r.dll
2012-07-12 10:19 . 2010-06-26 03:24	2048	----a-w-	c:\windows\SysWow64\msxml3r.dll
2012-07-12 10:19 . 2012-06-06 06:06	2004480	----a-w-	c:\windows\system32\msxml6.dll
2012-07-12 10:16 . 2012-06-02 05:48	95600	----a-w-	c:\windows\system32\drivers\ksecdd.sys
2012-07-12 10:16 . 2012-06-02 05:48	151920	----a-w-	c:\windows\system32\drivers\ksecpkg.sys
2012-07-12 10:16 . 2012-06-02 05:45	340992	----a-w-	c:\windows\system32\schannel.dll
2012-07-12 10:16 . 2012-06-02 05:44	307200	----a-w-	c:\windows\system32\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:40	22016	----a-w-	c:\windows\SysWow64\secur32.dll
2012-07-12 10:16 . 2012-06-02 04:40	225280	----a-w-	c:\windows\SysWow64\schannel.dll
2012-07-12 10:16 . 2012-06-02 04:39	219136	----a-w-	c:\windows\SysWow64\ncrypt.dll
2012-07-12 10:16 . 2012-06-02 04:34	96768	----a-w-	c:\windows\SysWow64\sspicli.dll
2012-07-12 10:16 . 2012-06-02 05:50	458704	----a-w-	c:\windows\system32\drivers\cng.sys
2012-07-12 10:09 . 2012-06-06 06:05	1499136	----a-w-	c:\program files\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 06:05	258048	----a-w-	c:\program files\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 06:02	1133568	----a-w-	c:\windows\system32\cdosys.dll
2012-07-12 10:09 . 2012-06-06 05:05	212992	----a-w-	c:\program files (x86)\Common Files\System\msadc\msadco.dll
2012-07-12 10:09 . 2012-06-06 05:05	1019904	----a-w-	c:\program files (x86)\Common Files\System\ado\msado15.dll
2012-07-12 10:09 . 2012-06-06 05:03	805376	----a-w-	c:\windows\SysWow64\cdosys.dll
2012-07-12 10:09 . 2012-06-06 06:05	495616	----a-w-	c:\program files\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 06:05	61440	----a-w-	c:\program files\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 06:05	466944	----a-w-	c:\program files\Common Files\System\ado\msadomd.dll
2012-07-12 10:09 . 2012-06-06 05:05	143360	----a-w-	c:\program files (x86)\Common Files\System\ado\msjro.dll
2012-07-12 10:09 . 2012-06-06 05:05	372736	----a-w-	c:\program files (x86)\Common Files\System\ado\msadox.dll
2012-07-12 10:09 . 2012-06-06 05:05	57344	----a-w-	c:\program files (x86)\Common Files\System\ado\msador15.dll
2012-07-12 10:09 . 2012-06-06 05:05	352256	----a-w-	c:\program files (x86)\Common Files\System\ado\msadomd.dll
2012-07-11 00:35 . 2012-07-11 00:35	--------	d-----w-	c:\users\SümHar\AppData\Roaming\Avira
2012-07-11 00:30 . 2012-05-02 13:24	27760	----a-w-	c:\windows\system32\drivers\avkmgr.sys
2012-07-11 00:30 . 2012-04-27 08:20	132832	----a-w-	c:\windows\system32\drivers\avipbb.sys
2012-07-11 00:30 . 2012-04-24 22:32	98848	----a-w-	c:\windows\system32\drivers\avgntflt.sys
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\programdata\Avira
2012-07-11 00:30 . 2012-07-11 00:30	--------	d-----w-	c:\program files (x86)\Avira
2012-07-10 08:18 . 2012-07-10 08:18	--------	d-----w-	c:\users\Default\AppData\Local\Power2Go
2012-06-25 14:04 . 2012-06-25 14:04	1394248	----a-w-	c:\windows\SysWow64\msxml4.dll
2012-06-21 11:22 . 2012-06-02 22:19	44056	----a-w-	c:\windows\system32\wups2.dll
2012-06-21 11:22 . 2012-06-02 22:19	2428952	----a-w-	c:\windows\system32\wuaueng.dll
2012-06-21 11:22 . 2012-06-02 22:19	57880	----a-w-	c:\windows\system32\wuauclt.exe
2012-06-21 11:22 . 2012-06-02 22:15	2622464	----a-w-	c:\windows\system32\wucltux.dll
2012-06-21 11:21 . 2012-06-02 22:19	38424	----a-w-	c:\windows\system32\wups.dll
2012-06-21 11:21 . 2012-06-02 22:19	701976	----a-w-	c:\windows\system32\wuapi.dll
2012-06-21 11:21 . 2012-06-02 22:15	99840	----a-w-	c:\windows\system32\wudriver.dll
2012-06-21 11:21 . 2012-06-02 13:19	186752	----a-w-	c:\windows\system32\wuwebv.dll
2012-06-21 11:21 . 2012-06-02 13:15	36864	----a-w-	c:\windows\system32\wuapp.exe
2012-06-19 10:58 . 2012-06-19 10:58	--------	d-----w-	c:\users\SümHar\AppData\Local\Macromedia
2012-06-18 19:07 . 2012-06-18 19:07	770384	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcr100.dll
2012-06-18 19:07 . 2012-06-18 19:07	421200	----a-w-	c:\program files (x86)\Mozilla Firefox\msvcp100.dll
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-16 13:43 . 2011-05-05 06:51	45056	----a-w-	c:\windows\system32\acovcnt.exe
2012-07-14 09:31 . 2012-04-03 21:33	426184	----a-w-	c:\windows\SysWow64\FlashPlayerApp.exe
2012-07-14 09:31 . 2011-05-21 15:45	70344	----a-w-	c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-05-09 10:21 . 2012-05-13 08:03	476936	----a-w-	c:\windows\SysWow64\npdeployJava1.dll
2012-05-09 10:21 . 2011-03-18 09:50	472840	----a-w-	c:\windows\SysWow64\deployJava1.dll
2012-05-04 11:06 . 2012-06-13 14:42	5559664	----a-w-	c:\windows\system32\ntoskrnl.exe
2012-05-04 10:03 . 2012-06-13 14:42	3968368	----a-w-	c:\windows\SysWow64\ntkrnlpa.exe
2012-05-04 10:03 . 2012-06-13 14:42	3913072	----a-w-	c:\windows\SysWow64\ntoskrnl.exe
2012-05-01 05:40 . 2012-06-13 14:42	209920	----a-w-	c:\windows\system32\profsvc.dll
2012-04-28 03:55 . 2012-06-13 14:42	210944	----a-w-	c:\windows\system32\drivers\rdpwd.sys
2012-04-26 05:41 . 2012-06-13 14:42	77312	----a-w-	c:\windows\system32\rdpwsx.dll
2012-04-26 05:41 . 2012-06-13 14:42	149504	----a-w-	c:\windows\system32\rdpcorekmts.dll
2012-04-26 05:34 . 2012-06-13 14:42	9216	----a-w-	c:\windows\system32\rdrmemptylst.exe
2012-04-24 05:37 . 2012-06-13 14:42	184320	----a-w-	c:\windows\system32\cryptsvc.dll
2012-04-24 05:37 . 2012-06-13 14:42	140288	----a-w-	c:\windows\system32\cryptnet.dll
2012-04-24 05:37 . 2012-06-13 14:42	1462272	----a-w-	c:\windows\system32\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	140288	----a-w-	c:\windows\SysWow64\cryptsvc.dll
2012-04-24 04:36 . 2012-06-13 14:42	1158656	----a-w-	c:\windows\SysWow64\crypt32.dll
2012-04-24 04:36 . 2012-06-13 14:42	103936	----a-w-	c:\windows\SysWow64\cryptnet.dll
2009-04-08 17:31 . 2009-04-08 17:31	106496	----a-w-	c:\program files (x86)\Common Files\CPInstallAction.dll
2008-08-12 04:45 . 2008-08-12 04:45	155648	----a-w-	c:\program files (x86)\Common Files\MSIactionall.dll
.
.
(((((((((((((((((((((((((((((   SnapShot@2012-07-14_15.05.34   )))))))))))))))))))))))))))))))))))))))))
.
- 2012-07-14 14:51 . 2012-07-14 14:51	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2012-07-16 13:42 . 2012-07-16 13:42	13342              c:\windows\SysWOW64\config\systemprofile\AppData\Roaming\SoftGrid Client\Icon Cache\icon_ex.dat
+ 2010-11-03 05:45 . 2012-07-16 13:24	67982              c:\windows\system32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 05:10 . 2012-07-16 13:24	40428              c:\windows\system32\wdi\BootPerformanceDiagnostics_SystemData.bin
+ 2011-03-17 21:58 . 2012-07-16 13:24	17690              c:\windows\system32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3224048981-3797675595-3377908284-1001_UserData.bin
- 2011-03-18 10:15 . 2011-03-18 10:15	50528              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut212_7418A479A4444844956C46B4C8CE2F75.exe
+ 2011-03-18 10:15 . 2012-07-15 21:07	50528              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut212_7418A479A4444844956C46B4C8CE2F75.exe
+ 2011-03-19 15:04 . 2012-07-15 16:49	6880              c:\windows\system32\wdi\ERCQueuedResolutions.dat
+ 2012-07-16 13:43 . 2012-07-16 13:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 14:52 . 2012-07-14 14:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-07-14 14:52 . 2012-07-14 14:52	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2012-07-16 13:43 . 2012-07-16 13:43	2048              c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2011-03-18 06:23 . 2012-07-15 20:39	279126              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S4.bin
+ 2011-03-18 19:14 . 2012-07-15 19:20	281668              c:\windows\system32\wdi\SuspendPerformanceDiagnostics_SystemData_S3.bin
- 2009-07-14 02:36 . 2012-07-14 14:56	616694              c:\windows\system32\perfh009.dat
+ 2009-07-14 02:36 . 2012-07-16 13:28	616694              c:\windows\system32\perfh009.dat
- 2009-08-04 09:51 . 2012-07-14 14:56	654852              c:\windows\system32\perfh007.dat
+ 2009-08-04 09:51 . 2012-07-16 13:28	654852              c:\windows\system32\perfh007.dat
+ 2009-07-14 02:36 . 2012-07-16 13:28	106816              c:\windows\system32\perfc009.dat
- 2009-07-14 02:36 . 2012-07-14 14:56	106816              c:\windows\system32\perfc009.dat
- 2009-08-04 09:51 . 2012-07-14 14:56	130434              c:\windows\system32\perfc007.dat
+ 2009-08-04 09:51 . 2012-07-16 13:28	130434              c:\windows\system32\perfc007.dat
- 2009-07-14 05:01 . 2012-07-14 14:51	390572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 05:01 . 2012-07-16 13:42	390572              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2012-02-02 14:37 . 2012-02-02 14:37	998912              c:\windows\Installer\4d761.msi
- 2011-03-18 10:15 . 2011-03-18 10:15	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut12_7418A479A4444844956C46B4C8CE2F75.exe
+ 2011-03-18 10:15 . 2012-07-15 21:07	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut12_7418A479A4444844956C46B4C8CE2F75.exe
- 2011-03-18 10:15 . 2011-03-18 10:15	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2011-03-18 10:15 . 2012-07-15 21:07	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\NewShortcut1_D840A6EA92214470BCE0FD7EF9D6C0CF.exe
+ 2011-03-18 10:15 . 2012-07-15 21:07	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\ARPPRODUCTICON.exe
- 2011-03-18 10:15 . 2011-03-18 10:15	341344              c:\windows\Installer\{372806CA-AE32-4A49-9CC1-EF9E3AB28D5C}\ARPPRODUCTICON.exe
+ 2012-07-15 21:31 . 2012-07-15 21:31	372078              c:\windows\Installer\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}\_853F67D554F05449430E7E.exe
+ 2012-07-15 21:31 . 2012-07-15 21:31	372078              c:\windows\Installer\{19EA33FB-B34E-40EA-8B8A-61743AEB795A}\_6FC4AD3CB38ECE3AA1E7B9.exe
+ 2011-03-18 21:23 . 2012-07-15 20:33	1133848              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache3.0.0.0.dat
+ 2011-03-18 09:02 . 2012-07-15 21:25	2525540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224048981-3797675595-3377908284-1001-12288.dat
- 2011-03-18 09:02 . 2012-07-12 19:19	2525540              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224048981-3797675595-3377908284-1001-12288.dat
+ 2011-03-18 10:08 . 2012-07-16 13:42	53442480              c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-3224048981-3797675595-3377908284-1001-8192.dat
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 15:08	143360	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x86\OverlayIconShlExt1.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Syncables"="c:\program files (x86)\syncables\syncables desktop\Syncables.exe" [2010-07-19 370480]
"Octoshape Streaming Services"="c:\users\SümHar\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe" [2009-01-08 70936]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"RemoteControl9"="c:\program files (x86)\Cyberlink\PowerDVD9\PDVD9Serv.exe" [2009-07-06 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-02-24 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-06-24 210216]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"ATKOSD2"="c:\program files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe" [2010-01-13 7109248]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-01-05 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"NUSB3MON"="c:\program files (x86)\NEC Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2009-10-21 106496]
"LexwareInfoService"="c:\program files (x86)\Common Files\Lexware\Update Manager\LxUpdateManager.exe" [2010-09-15 339312]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"PDFPrint"="c:\program files (x86)\PDF24\pdf24.exe" [2011-09-07 221256]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-05-01 348624]
.
c:\users\SümHar\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Pampers Pregnancy Widget.lnk - c:\users\SümHar\AppData\Local\Temp\Rar$EX15.584\PampersPregnancyWidget.exe [N/A]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
FancyStart daemon.lnk - c:\windows\Installer\{F0DF4513-3C4C-4EB8-8012-2C5F70AF3988}\_A1DDD39913A1970387B7B3.exe [2010-11-3 12862]
NETGEAR WNA3100 Setup-Assistent.lnk - c:\program files (x86)\NETGEAR\WNA3100\WNA3100.exe [2011-3-18 4562944]
SRS Premium Sound.lnk - c:\windows\Installer\{E5CF6B9C-3ABE-43C9-9413-AD5FFC98F049}\NewShortcut5_21C7B668029A47458B27645FE6E4A715.exe [2010-11-3 156952]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute	REG_MULTI_SZ   	autocheck autochk *\0OODBS
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R2 WSWNA3100;WSWNA3100;c:\program files (x86)\NETGEAR\WNA3100\WifiSvc.exe [2010-01-12 278528]
R3 AmUStor;AM USB Stroage Driver;c:\windows\system32\drivers\AmUStor.SYS [2009-08-21 44032]
R3 BCMH43XX;Treiber für Broadcom 802.11-USB-Netzwerkadapter;c:\windows\system32\DRIVERS\bcmwlhigh664.sys [2009-11-06 838136]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 135664]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-06-18 113120]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-03-05 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 ss_bbus;SAMSUNG USB Mobile Device (WDM);c:\windows\system32\DRIVERS\ss_bbus.sys [2010-04-27 127488]
R3 ss_bmdfl;SAMSUNG USB Mobile Modem (Filter);c:\windows\system32\DRIVERS\ss_bmdfl.sys [2010-04-27 18944]
R3 ss_bmdm;SAMSUNG USB Mobile Modem;c:\windows\system32\DRIVERS\ss_bmdm.sys [2010-04-27 161280]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [2010-06-14 16448]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 TurboBoost;TurboBoost;c:\program files\Intel\TurboBoost\TurboBoost.exe [2009-08-06 118672]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-06-22 1255736]
S0 lullaby;lullaby;c:\windows\system32\DRIVERS\lullaby.sys [2009-06-18 15928]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2011-06-05 25960]
S0 SCMNdisP;General NDIS Protocol Driver;c:\windows\system32\DRIVERS\scmndisp.sys [2007-01-19 25312]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-05-02 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/11/02 22:21];c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl [2010-02-24 18:14 146928]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2009-09-17 359552]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-01 86224]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2011-06-05 1997416]
S2 OODefragAgent;O&O Defrag;c:\program files\OO Software\Defrag\oodag.exe [2010-11-25 3152200]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2009-08-06 13784]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-10-01 2314240]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2009-10-15 117760]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-03 271872]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller (NDIS 6.20);c:\windows\system32\DRIVERS\L1C62x64.sys [2009-09-04 62464]
S3 NETw5s64;Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-03-18 7680512]
S3 nusb3hub;NEC Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2009-10-27 75264]
S3 nusb3xhc;NEC Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2009-10-27 176640]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-04-16 39832]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
2012-07-16 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-11-03 05:33]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ADSMOverlayIcon1]
@="{A8D448F4-0431-45AC-9F5E-E1B434AB2249}"
[HKEY_CLASSES_ROOT\CLSID\{A8D448F4-0431-45AC-9F5E-E1B434AB2249}]
2007-06-01 14:52	159744	----a-w-	c:\program files (x86)\ASUS\ASUS Data Security Manager\ShlExt\x64\OverlayIconShlExt1_64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49	70656	----a-w-	c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-03-05 1928976]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2009-09-01 323584]
"ETDWare"="c:\program files\Elantech\ETDCtrl.exe" [2009-09-30 621440]
"Setwallpaper"="c:\programdata\SetWallpaper.cmd" [BU]
"OODefragTray"="c:\program files\OO Software\Defrag\oodtray.exe" [2010-11-25 4011336]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2011-02-11 162328]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2011-02-11 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2011-02-11 417304]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Nach Microsoft &Excel exportieren - d:\harun'~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\SümHar\AppData\Roaming\Mozilla\Firefox\Profiles\xcz6s0jh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - prefs.js: network.proxy.type - 0
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Toolbar-Locked - (no file)
Wow6432Node-HKLM-Run-Wireless Console 3 - c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe
.
.
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files (x86)\Cyberlink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\System*]
"OODEFRAG14.00.00.01PROFESSIONAL"="1472A0ABB602BF3BB3B69D3DB32B6017AF2A512FFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74CFEBC9E127BECC74C5D575E7D6A3B98089DB7CE019D40AA5C5D575E7D6A3B9808A6A0AC4980AC793375A03BB06CDA84513EA34EEE58FC7209B427DAA63BD8DE86150B7BCCD6CA5EA78E6678E907EE0C3757506822991440E4CB7967963FFDC8062311E28FFEF0BA2BB1006AF8479452873C7416AE81255D2156B1841AC3753DD5DABF541F843AF434EB654854EB31439B81E96517A68AD7B2942F2B60D82F0F29C6A0DA7611CE3D51AE62CF6656409180A4626052C43303C3A82A5A0EB22FCEE6508B87886F6507C6CE96418C0D50B0F502E31B4CB82472B29AAB17B9280F54294A316C3A91CC8B0B06F4611A39035B705CC5A9E286F2828F561264F1367ABA3EE693A2620EE5C54AF147F754290F0E195A36A5E956CBD0A02B0E50B37DB1E1A94089C5D09BA577E31327D2F34F3E0A4C07B42E28F16C3E60CAA56775BF08EB21D23DF346171624EB5005C228406ED31ACE966458C6AAF2794FB3BC9DE5E6410FFCAED275835313A871A59B14B713B54885046CA9E9EBD8513264E609FC4B0B9285AF08890490D196261FB6CB11B1BC4D61FAF1BF122C1C7AD33A8108B2C2BAFC14E7C09EE0902FE57D5E70D951E439D77D4BA031197A30BFF58B2ADDDCF40157B452ABC6092E40F86E24A73D1B5AC0C7D6992D887D7A4B1E428004C2F21857D8D7BCFC060C555CE6D002C4673BD5ACAFD0DFC9C4E36368C7C299B4620F7878F2D149EBD49F0AA0FCE3DF2DBD9D2C99DA31E932D91200C322E8A568DDF37662465B7035219BDEEC3947FBCF9A55C7E8C52359A32EF43061C5844CCCC90487592B11FB97CCFDFDE4CF81E31B4D17A7C01EB421601E18E685804F07942B47B263A9720BD62BE72570A87CFC06163E5D09CA578BAC76302A3C5564A27701E9144D0265113B079CA5BD5E847D07ACC78F6FE36335D27B931853F7C3C22FB93BDD24A7B0D28E9A0664B9C04A711CB9D5F7E436120FA0E3BE5EDB524F5B7ABA2FD1BC3E81EC231AB0D91CD3E4B8455B2FE51EC181DDE75B4E3FAB83CE379BD95EC92EA2E84DC9294F945ACD4D8808A3BB3B95BAB4397D008693DFDA6FF3D9E4043252635AB7DCE0B3B5319CE0E6EC1A8AED070A128E3CE4CE46D25F3F037F9C818949C0AD42B54D59F1A15D61AF7FB6CD0974CC639F809231D6A94A302A5B335866F6B321D6B6715C13EFE4F214D1685B29A252D8802D02DB57C7889C84C05132EF00E6D336C0C07C75233A9F17F6912C021B21829AA6A3A3F0DABB3EFD0592DAE15336C9713CA4208B0819550F0908DFD92BEE57A8D7D9FD5DCDBA34D80308C08D9CB6ECEF167BCFDA2E7165AAA315368AE2AA333E2E7B056CD38C022C9A35F95750AD88EBBC14"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\ASUS\SmartLogon\sensorsrv.exe
c:\program files (x86)\ASUS\ControlDeck\ControlDeckStartUp.exe
c:\program files (x86)\ASUS\ASUS Data Security Manager\ADSMSrv.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-16  15:48:15 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2012-07-16 13:48
ComboFix2.txt  2012-07-15 16:46
ComboFix3.txt  2012-07-14 15:08
.
Vor Suchlauf: 16 Verzeichnis(se), 76.166.193.152 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 76.119.867.392 Bytes frei
.
- - End Of File - - EEC8CF1B91737AF2E4FCC82BC9B1636E
         

Nachdem der Online Scan durch war stand nur "No threats found".

Folglich auch keine "List of found threats".


Antwort

Themen zu GVU Trojaner unter Windows 7
0xc0000034, anzeige, bildschirm, booten, chkdsk, dateien, desktop, detected, download, error, fehler, forum, frage, infizierte, laptop, netzwerk, opera, problem, programm, registry, remote user, scan, shut down, stop: 0x0000007b, stop: 0x0000007b (0xf78da528, system, trojaner, trojaner?, voll, windows



Ähnliche Themen: GVU Trojaner unter Windows 7


  1. Begrenzte Internetverbindung unter Windows 10; keinerlei Probleme unter Ubuntu
    Netzwerk und Hardware - 05.09.2015 (13)
  2. GVU Trojaner unter Windows 8
    Log-Analyse und Auswertung - 31.05.2013 (28)
  3. GVU Trojaner unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 20.05.2013 (3)
  4. GVU Trojaner unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 09.03.2013 (22)
  5. GVU-Trojaner unter Windows VISTA
    Log-Analyse und Auswertung - 04.02.2013 (30)
  6. GVU Trojaner unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (14)
  7. GVU TROJANER UNTER WINDOWS 7 (32 bit Version)
    Log-Analyse und Auswertung - 08.08.2012 (4)
  8. GVU Trojaner (mit Webcam?) unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 04.08.2012 (36)
  9. GUV Trojaner unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 30.07.2012 (6)
  10. GVU Trojaner unter Windows 7 mit Webcam
    Plagegeister aller Art und deren Bekämpfung - 15.07.2012 (23)
  11. BKA-Trojaner unter Windows XP
    Plagegeister aller Art und deren Bekämpfung - 11.07.2012 (1)
  12. Windows-Verschlüsselungs-Trojaner unter Windows 7 auf einem MAC
    Log-Analyse und Auswertung - 14.06.2012 (3)
  13. Verschlüsselungs-Trojaner unter Windows 7
    Plagegeister aller Art und deren Bekämpfung - 10.06.2012 (1)
  14. Windows-Verschlüsselungs-Trojaner unter Windows XP
    Log-Analyse und Auswertung - 16.05.2012 (9)
  15. BKA Trojaner unter Windows 7 64
    Plagegeister aller Art und deren Bekämpfung - 21.03.2012 (9)
  16. Trojaner TR/Download.Gen unter Windows 7
    Log-Analyse und Auswertung - 09.03.2010 (1)
  17. Trojaner TR/BOHLamp unter Windows XP
    Log-Analyse und Auswertung - 25.11.2009 (15)

Zum Thema GVU Trojaner unter Windows 7 - Hallo liebes Forum, Habe mir kürzlich diesen "GVU Trojaner" eingefangen und umgehend dieses Board hier aufgesucht. Das Problem ist im Prinzip exakt dasselbe wie bei vieln anderen Usern auch. Ich - GVU Trojaner unter Windows 7...
Archiv
Du betrachtest: GVU Trojaner unter Windows 7 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.