| |
| |||||||
Log-Analyse und Auswertung: GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
| |
12.09.2012, 20:34
| #1 |
 |  GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Grüße euch, auch auf den euch gefahr zu nerven: Ich Scanne gerade mit Malwarebytes, die gefundenen Infizierten Dateien Löschen oder nicht Löschen?? In der Anleitung steht löschen, aber dann steht das hier auch: 1. Starte einen vollständigen Scan mit Anleitung: Malwarebytes Anti-Malware - Funde bitte in Quarantäne und nichts löschen. Am besten nichts selbst machen sondern Thema starten. Also doch erst in Quarantäne und dann die Infizierten Dateis Posten?? Gruß Sabrina. |
|
12.09.2012, 21:06
| #2 |
| | GÜV Trojaner hier die Log files Malwarebytes Anti-Malware (Test) 1.65.0.1400
__________________www.malwarebytes.org Datenbank Version: v2012.09.12.06 Windows 7 Service Pack 1 x64 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 McFuest :: MCFUEST-PC [Administrator] Schutz: Deaktiviert 12.09.2012 21:11:19 mbam-log-2012-09-12 (21-11-19).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 327687 Laufzeit: 24 Minute(n), 46 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 15 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{07B18EA1-A523-4961-B6BB-170DE4475CCA} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{1D4DB7D2-6EC9-47a3-BD87-1E41684E07BB} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{25560540-9571-4D7B-9389-0F166788785A} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{3DC201FB-E9C9-499C-A11F-23C360D7C3F8} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{63D0ED2C-B45B-4458-8B3B-60C69BBBD83C} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{98D9753D-D73B-42D5-8C85-4469CDA897AB} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{9FF05104-B030-46FC-94B8-81276E4E27DF} (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.SkinLauncher (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.SkinLauncher.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.SkinLauncherSettings (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.SkinLauncherSettings.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.ThirdPartyInstaller (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\MyWebSearch.ThirdPartyInstaller.1 (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 8 C:\Program Files (x86)\Windows Live\Messenger\msimg32.dll (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Windows Live\Messenger\riched20.dll (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\McFuest\AppData\LocalLow\FunWebProducts\Installr\Cache\00B12B57.exe (PUP.MyWebSearch) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\f3PSSavr.scr (PUP.FunWebProducts) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\McFuest\AppData\Local\Temp\wgsdgsdgdsgsd.exe (Exploit.Drop.GS) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\System32\f3PSSavr.scr (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Windows\SysWOW64\f3PSSavr.scr (Trojan.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\McFuest\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ctfmon.lnk (Trojan.Ransom.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) KAnn mir bitte jemand helfen? Die Files sind jetzt in Quarantäne... was muss ich nun machen?? Vielen Dank im vorraus..... |
|
14.09.2012, 21:46
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Bitte ESET ausführen, danach sehen wir weiter!
__________________Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
|
15.09.2012, 09:52
| #4 |
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?Code:
ATTFilter C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\escortShld.dll Win32/Toolbar.Funmoods application
C:\Program Files (x86)\Yontoo\YontooIEClient.dll a variant of Win32/Adware.Yontoo.A application
C:\ProgramData\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip Win32/Bagle.gen.zip worm
C:\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\All Users\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch101.zip Win32/Bagle.gen.zip worm
C:\Users\All Users\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll a variant of Win32/Adware.Yontoo.B application
C:\Users\McFuest\AppData\Local\Temp\yontoo-c2.exe multiple threats
C:\Users\McFuest\AppData\Local\Temp\YontooSetup-S.exe multiple threats
C:\Users\McFuest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17\2c458b11-47a56c09 a variant of Win32/Kryptik.ALTS trojan
C:\Users\McFuest\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40\180881e8-760e26d8 a variant of Java/Exploit.CVE-2012-4681.AB trojan
C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\extensions\plugin@yontoo.com\content\overlay.js Win32/Adware.Yontoo application
C:\Users\McFuest\Desktop\pcp_claro.exe a variant of Win32/InstallBrain.E application
C:\Users\McFuest\Downloads\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
C:\Users\McFuest\Downloads\SoftonicDownloader_fuer_jdownloader.exe a variant of Win32/SoftonicDownloader.D application
C:\Users\McFuest\Videos\iLividSetupV1.exe Win32/Toolbar.SearchSuite application
|
|
16.09.2012, 11:52
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Hauptsächlich Werbemüll, Toolbars usw. adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
16.09.2012, 18:48
| #6 | ||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?
|
|
17.09.2012, 09:43
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Bitte in CODE-Tags und nicht irgendwelchen anderen Formatierungen die Logs posten! Bitte mal den aktuellen adwCleaner runterladen, es gibt seit kurzem eine neuer Version, also die alte adwcleaner löschen und neu runterladen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 12:00
| #8 |
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/17/2012 um 12:59:58 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : McFuest - MCFUEST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\McFuest\Downloads\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
Gefunden : PC Performer Manager
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gefunden : C:\user.js
Datei Gefunden : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\searchplugins\Conduit.xml
Datei Gefunden : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\searchplugins\Web Search.xml
Datei Gefunden : C:\windows\Tasks\OpenCandyHelper.job
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\Yontoo
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\IBUpdaterService
Ordner Gefunden : C:\ProgramData\Partner
Ordner Gefunden : C:\ProgramData\pc performer manager
Ordner Gefunden : C:\ProgramData\Tarma Installer
Ordner Gefunden : C:\Users\McFuest\AppData\Local\Conduit
Ordner Gefunden : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gefunden : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh
Ordner Gefunden : C:\Users\McFuest\AppData\Local\Ilivid Player
Ordner Gefunden : C:\Users\McFuest\AppData\Local\Temp\Smartbar
Ordner Gefunden : C:\Users\McFuest\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\McFuest\AppData\LocalLow\FunWebProducts
Ordner Gefunden : C:\Users\McFuest\AppData\LocalLow\MyWebSearch
Ordner Gefunden : C:\Users\McFuest\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\McFuest\AppData\Roaming\loadtbs
Ordner Gefunden : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\extensions\plugin@yontoo.com
Ordner Gefunden : C:\Users\McFuest\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gefunden : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\pcperf~1\22587~1.187\{61d8b~1\pcpmngr.dll C:\windows\SysWOW64\nvinit.dll
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gefunden : HKCU\Software\bProtector
Schlüssel Gefunden : HKCU\Software\DataMngr
Schlüssel Gefunden : HKCU\Software\DataMngr_Toolbar
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\Software\BabylonToolbar
Schlüssel Gefunden : HKLM\Software\bProtector
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2967869
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT3175297
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\DataMngr
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gefunden : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gefunden : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gefunden : HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=hp&babsrc=lnkry_nt
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
[HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms}
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\prefs.js
Gefunden : user_pref("browser.search.defaultthis.engineName", "GIGA Deutsch Customized Web Search");
Gefunden : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&Sea[...]
Gefunden : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=[...]
Gefunden : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
|
|
17.09.2012, 12:36
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 12:44
| #10 |
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?Code:
ATTFilter # AdwCleaner v2.002 - Datei am 09/17/2012 um 13:40:05 erstellt
# Aktualisiert am 16/09/2012 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : McFuest - MCFUEST-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\McFuest\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
Gestoppt & Gelöscht : PC Performer Manager
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Datei Gelöscht : C:\user.js
Datei Gelöscht : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\searchplugins\Conduit.xml
Datei Gelöscht : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\searchplugins\Web Search.xml
Datei Gelöscht : C:\windows\Tasks\OpenCandyHelper.job
Gelöscht mit Neustart : C:\ProgramData\pc performer manager
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\Yontoo
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\IBUpdaterService
Ordner Gelöscht : C:\ProgramData\Partner
Ordner Gelöscht : C:\ProgramData\Tarma Installer
Ordner Gelöscht : C:\Users\McFuest\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\niapdbllcanepiiimjjndipklodoedlc
Ordner Gelöscht : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\oikliheaihindkomebcajofjponhlhhh
Ordner Gelöscht : C:\Users\McFuest\AppData\Local\Ilivid Player
Ordner Gelöscht : C:\Users\McFuest\AppData\Local\Temp\Smartbar
Ordner Gelöscht : C:\Users\McFuest\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\McFuest\AppData\LocalLow\FunWebProducts
Ordner Gelöscht : C:\Users\McFuest\AppData\LocalLow\MyWebSearch
Ordner Gelöscht : C:\Users\McFuest\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\McFuest\AppData\Roaming\loadtbs
Ordner Gelöscht : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\extensions\plugin@yontoo.com
Ordner Gelöscht : C:\Users\McFuest\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Daten Gelöscht : HKLM\..\Windows [AppInit_DLLs] = c:\progra~3\pcperf~1\22587~1.187\{61d8b~1\pcpmngr.dll C:\windows\SysWOW64\nvinit.dll
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Fun Web Products
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\FunWebProducts
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\MyWebSearch
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\bProtector
Schlüssel Gelöscht : HKCU\Software\DataMngr
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{006EE092-9658-4FD6-BD8E-A21A348E59F5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\Software\BabylonToolbar
Schlüssel Gelöscht : HKLM\Software\bProtector
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B12E99ED-69BD-437C-86BE-C862B9E5444D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortEng.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\escort.escortIEPane.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2967869
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT3175297
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{819FFE20-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{8FFDF636-0D87-4B33-B9E9-79A53F6E1DAE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D372567D-67C1-4B29-B3F0-159B52B3E967}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Layers.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\DataMngr
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{08858AF6-42AD-4914-95D2-AC3AB0DC8E28}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{819FFE22-35C7-4925-8CDA-4E0E2DB94302}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{99066096-8989-4612-841F-621A01D54AD7}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\oikliheaihindkomebcajofjponhlhhh
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{15D2D75C-9CB2-4EFD-BAD7-B9B4CB4BC693}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{8E9CF769-3D3B-40EB-9E2D-76E7A205E4D2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Tarma Installer
Schlüssel Gelöscht : HKU\.DEFAULT\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKCU\Software\Mozilla\Firefox\Extensions [{b64982b1-d112-42b5-b1e4-d3867c4533f8}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\5.0\User Agent\Post Platform [FunWebProducts]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
Wiederhergestellt : [HKCU\Software\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKCU\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-18\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-19\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-20\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Wiederhergestellt : [HKU\S-1-5-21-2966652974-3111672095-50612590-1000\Software\Microsoft\Internet Explorer\SearchScopes - DefaultScope]
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=hp&babsrc=lnkry_nt --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Page] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Search Bar] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - Default_Search_URL] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Search - SearchAssistant] = hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d-4792-a3be-560eb8bd0027&affid=111585&searchtype=ds&babsrc=lnkry&q={searchTerms} --> hxxp://www.google.com
-\\ Mozilla Firefox v15.0 (de)
Profilname : default
Datei : C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\prefs.js
C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\user.js ... Gelöscht !
Gelöscht : user_pref("browser.search.defaultthis.engineName", "GIGA Deutsch Customized Web Search");
Gelöscht : user_pref("browser.search.defaulturl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT2967869&Sea[...]
Gelöscht : user_pref("browser.startup.homepage", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=[...]
Gelöscht : user_pref("keyword.URL", "hxxp://feed.helperbar.com/?publisher=OC&dpid=OC&co=DE&userid=4064f4cd-373d[...]
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [11627 octets] - [16/09/2012 19:45:38]
AdwCleaner[R2].txt - [11798 octets] - [17/09/2012 12:57:37]
AdwCleaner[R3].txt - [11856 octets] - [17/09/2012 12:59:58]
AdwCleaner[S1].txt - [12729 octets] - [17/09/2012 13:40:05]
########## EOF - C:\AdwCleaner[S1].txt - [12790 octets] ##########
|
|
17.09.2012, 12:46
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 13:01
| #12 |
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Soweit läuft Win einwandfrei, der einzige leere Ordner in Programme ist Autostart.... |
|
17.09.2012, 14:40
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
17.09.2012, 15:43
| #14 |
| | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne?Code:
ATTFilter OTL logfile created on: 17.09.2012 16:12:11 - Run 1 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\McFuest\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,37 Gb Available Physical Memory | 60,58% Memory free 7,81 Gb Paging File | 6,09 Gb Available in Paging File | 77,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 653,00 Gb Total Space | 567,90 Gb Free Space | 86,97% Space Free | Partition Type: NTFS Drive D: | 30,69 Gb Total Space | 27,66 Gb Free Space | 90,12% Space Free | Partition Type: NTFS Drive E: | 1,90 Gb Total Space | 1,14 Gb Free Space | 59,82% Space Free | Partition Type: FAT Drive G: | 7,45 Gb Total Space | 7,35 Gb Free Space | 98,62% Space Free | Partition Type: FAT32 Computer Name: MCFUEST-PC | User Name: McFuest | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 16:09:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\McFuest\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe PRC - [2012.07.16 13:23:56 | 003,524,536 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe PRC - [2012.07.16 13:23:56 | 000,975,800 | ---- | M] (Samsung) -- C:\Program Files (x86)\Samsung\Kies\Kies.exe PRC - [2011.09.10 04:35:51 | 000,329,056 | ---- | M] (Lenovo) -- C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe PRC - [2011.09.10 04:33:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe PRC - [2011.03.04 12:38:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.12.05 03:39:24 | 000,136,488 | ---- | M] (CyberLink) -- C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe PRC - [2010.10.14 09:59:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.14 09:59:44 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.03.05 16:07:20 | 002,260,480 | RHS- | M] (Safer-Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe PRC - [2009.01.26 15:31:10 | 001,153,368 | ---- | M] (Safer Networking Ltd.) -- C:\Program Files (x86)\Spybot - Search & Destroy\SDWinSec.exe ========== Modules (No Company Name) ========== MOD - [2012.08.27 08:53:03 | 000,115,137 | ---- | M] () -- C:\Users\McFuest\AppData\Local\Temp\99cab429-f99d-4f69-9d04-113ad532bd0f\CliSecureRT.dll MOD - [2012.08.03 20:54:44 | 000,221,696 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\26e0457a9776a0e9f23e3986686d90a5\System.ServiceProcess.ni.dll MOD - [2012.08.03 20:54:10 | 001,218,560 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Management\d0e1cdaff8f9055187f8e7b52c060dff\System.Management.ni.dll MOD - [2012.08.03 20:52:23 | 000,762,880 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\31fab24c51c0cfe8b8115f24545f169f\System.Runtime.Remoting.ni.dll MOD - [2012.08.03 20:52:14 | 001,782,272 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xaml\b68bee05c7e518172982cc92059c3315\System.Xaml.ni.dll MOD - [2012.08.03 20:08:32 | 018,019,840 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\d239f585ee55f833dbe21e897e1265ac\PresentationFramework.ni.dll MOD - [2012.08.03 20:08:14 | 011,522,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationCore\b7de318e9fd1ef519ca6c1f3b5dba8e0\PresentationCore.ni.dll MOD - [2012.08.03 20:08:07 | 000,595,968 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\PresentationFramewo#\608d29d7cc89f3a9a195c91354561915\PresentationFramework.Aero.ni.dll MOD - [2012.08.03 20:08:05 | 013,198,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\00a4922fbf869a79c043b665035516b6\System.Windows.Forms.ni.dll MOD - [2012.08.03 20:07:56 | 003,881,984 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\WindowsBase\a6e37a05b8d0cedbc5c3ea266ae3fc31\WindowsBase.ni.dll MOD - [2012.08.03 20:07:55 | 007,069,184 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Core\09bd2126bba2ab4f29ed52afde1470d7\System.Core.ni.dll MOD - [2012.08.03 20:07:48 | 005,617,664 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Xml\9abe44a0f82070ead5f1256683a4d25a\System.Xml.ni.dll MOD - [2012.08.03 20:07:48 | 001,666,048 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Drawing\4230ed1c7990e4ee8352baf67a2a85fa\System.Drawing.ni.dll MOD - [2012.08.03 20:07:43 | 000,982,528 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System.Configuration\a84262e1224189f93e10cd3c403a9527\System.Configuration.ni.dll MOD - [2012.08.03 20:07:41 | 009,092,096 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\System\a6be120e49f895ef6b00e9918402395b\System.ni.dll MOD - [2012.08.03 20:07:33 | 014,414,336 | ---- | M] () -- C:\windows\assembly\NativeImages_v4.0.30319_32\mscorlib\c1af4ec9a36f671617a8ecaec00373f4\mscorlib.ni.dll MOD - [2012.07.16 13:24:06 | 000,021,432 | ---- | M] () -- C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe MOD - [2012.05.30 20:06:48 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.05.30 20:06:30 | 001,242,512 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.09.10 04:35:50 | 000,013,664 | ---- | M] () -- C:\Program Files (x86)\Lenovo\VeriFace\ChooseLang.dll MOD - [2011.09.10 04:33:50 | 000,100,256 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeySupport.exe MOD - [2011.02.16 19:53:14 | 000,133,024 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\WindowsApiHookDll32.dll MOD - [2011.02.16 19:51:10 | 000,161,696 | ---- | M] () -- C:\Program Files (x86)\Lenovo\Onekey Theater\ActiveDetect32.dll ========== Services (SafeList) ========== SRV - [2012.09.09 11:34:24 | 000,250,568 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.08 15:40:32 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2011.03.28 21:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.04 12:38:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.12.14 20:04:56 | 000,953,632 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\Lenovo\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2010.11.07 11:04:00 | 000,499,200 | ---- | M] (Red Bend Ltd.) [Auto | Running] -- C:\Programme\Intel\WiMAX\Bin\DMAgent.exe -- (DMAgent) SRV - [2010.11.07 10:56:30 | 000,869,376 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiMAX\Bin\AppSrv.exe -- (WiMAXAppSrv) SRV - [2010.11.05 01:15:28 | 000,579,488 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\ConnSvc.exe -- (Lenovo ReadyComm ConnSvc) SRV - [2010.10.14 09:59:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.14 09:59:44 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.09.22 20:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.08.13 22:22:48 | 000,509,192 | ---- | M] (Lenovo Group Limited) [On_Demand | Stopped] -- C:\Program Files (x86)\Lenovo\ReadyComm\AppSvc.exe -- (Lenovo ReadyComm AppSvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.15 22:05:31 | 000,314,016 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\atksgt.sys -- (atksgt) DRV:64bit: - [2012.09.15 22:05:30 | 000,043,680 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\lirsgt.sys -- (lirsgt) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudserd.sys -- (ssudserd) DRV:64bit: - [2012.06.04 09:59:20 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) DRV:64bit: - [2012.06.04 09:59:20 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) DRV:64bit: - [2012.04.25 12:11:36 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.09.10 11:57:48 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.09.10 11:57:48 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.09.10 04:45:24 | 000,039,008 | ---- | M] (Lenovo.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\LhdX64.sys -- (LHDmgr) DRV:64bit: - [2011.09.10 04:45:21 | 000,029,792 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC) DRV:64bit: - [2011.09.10 04:29:46 | 000,057,952 | ---- | M] (Lenovo) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\fbfmon.sys -- (fbfmon) DRV:64bit: - [2011.09.10 04:29:46 | 000,013,408 | ---- | M] (Lenovo) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\BPntDrv.sys -- (BPntDrv) DRV:64bit: - [2011.06.10 06:34:52 | 000,539,240 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.03.24 16:35:42 | 001,413,168 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.03.15 12:09:16 | 000,311,400 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvstor.sys -- (RSUSBVSTOR) DRV:64bit: - [2011.03.04 12:38:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.01.27 02:57:12 | 012,273,408 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.01.15 18:21:04 | 000,036,352 | ---- | M] (Elaborate Bytes AG) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\VClone.sys -- (VClone) DRV:64bit: - [2010.12.14 13:13:32 | 000,349,224 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (BTWAMPFL) DRV:64bit: - [2010.12.14 13:13:10 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.14 13:13:10 | 000,021,416 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.12.14 13:13:08 | 000,138,280 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.14 13:13:08 | 000,106,536 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.05 03:39:44 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.10.25 19:56:14 | 000,075,264 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\bpenum.sys -- (bpenum) DRV:64bit: - [2010.10.14 18:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.14 09:59:42 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.09.27 11:09:30 | 008,200,552 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtsuvc.sys -- (rtsuvc) DRV:64bit: - [2010.08.19 15:51:44 | 002,366,464 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.07.21 16:20:06 | 000,121,840 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2009.07.15 19:55:36 | 000,011,280 | ---- | M] (Lenovo) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDMirror.sys -- (wdmirror) DRV:64bit: - [2009.07.15 11:38:22 | 000,079,376 | ---- | M] (Lenovo) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WDBridge.sys -- (Bridge0) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.18 13:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://lenovo.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.lenovo.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.lenovo.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=LENN&bmod=LENN IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.lenovo.com/ [binary data] IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\URLSearchHook: {1ce76c93-a797-4ca2-ab3c-f4a6cfba3440} - No CLSID value found IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes,bProtectorDefaultScope = {0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9} IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LENDF8&pc=MALN&src=IE-SearchBox IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://www.claro-search.com/?q={searchTerms}&affID=114506&tt=3712_3&babsrc=SP_clro&mntrId=42a37583000000000000e89a8fb9287c IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7LENN_deDE488 IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01 FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_4_402_265.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_265.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.26 14:50:31 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 15:40:32 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.08 15:40:32 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.06.18 13:35:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McFuest\AppData\Roaming\mozilla\Extensions [2012.09.17 13:40:13 | 000,000,000 | ---D | M] (No name found) -- C:\Users\McFuest\AppData\Roaming\mozilla\Firefox\Profiles\kiat697y.default\extensions [2012.09.13 18:40:12 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\McFuest\AppData\Roaming\mozilla\Firefox\Profiles\kiat697y.default\extensions\ffxtlbr@claro.com [2012.07.11 20:37:48 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\McFuest\AppData\Roaming\mozilla\Firefox\Profiles\kiat697y.default\extensions\software@loadtubes.com [2012.07.25 17:32:51 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\McFuest\AppData\Roaming\mozilla\firefox\profiles\kiat697y.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.09.13 15:10:42 | 000,006,522 | ---- | M] () -- C:\Users\McFuest\AppData\Roaming\mozilla\firefox\profiles\kiat697y.default\searchplugins\bProtect.xml [2012.09.08 15:40:30 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.09.08 15:40:32 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.15 00:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.08.29 20:11:02 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.15 00:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.15 00:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.15 00:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.15 00:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c CHR - homepage: hxxp://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c CHR - Extension: No name found = C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\dcillohgikpecbmgioknapdpcjofaafl\1.0_0\ CHR - Extension: No name found = C:\Users\McFuest\AppData\Local\Google\Chrome\User Data\Default\Extensions\icmlaeflemplmjndnaapfdbbnpncnbda\7.0.1466_0\ O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD) O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found. O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\ssv.dll (Oracle Corporation) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found. O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found. O4:64bit: - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4:64bit: - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\Utility.exe (Lenovo(beijing) Limited) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelWirelessWiMAX] C:\Program Files\Intel\WiMAX\Bin\WiMAXCU.exe (Intel® Corporation) O4:64bit: - HKLM..\Run: [Lenovo EE Boot Optimizer] C:\Program Files (x86)\Lenovo\Boot Optimizer\PopWnd.exe (Lenovo) O4:64bit: - HKLM..\Run: [OnekeyStudio] C:\Program Files (x86)\Lenovo\Onekey Theater\OnekeyStudio.exe (Lenovo) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [Energy Management] C:\Program Files (x86)\Lenovo\Energy Management\Energy Management.exe (Lenovo (Beijing) Limited) O4 - HKLM..\Run: [EnergyUtility] C:\Program Files (x86)\Lenovo\Energy Management\utility.exe (Lenovo(beijing) Limited) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [MuteSync] C:\PROGRA~2\Lenovo\LENOVO~1\MuteSync.exe (Lenovo) O4 - HKLM..\Run: [UpdateP2GShortCut] C:\Program Files (x86)\Lenovo\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePRCShortCut] C:\Program Files\Lenovo\OneKey App\OneKey Recovery\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VeriFaceManager] C:\Program Files (x86)\Lenovo\VeriFace\PManage.exe (Lenovo) O4 - HKLM..\Run: [YouCam Mirage] C:\Program Files (x86)\Lenovo\YouCam\YCMMirage.exe (CyberLink) O4 - HKLM..\Run: [YouCam Tray] C:\Program Files (x86)\Lenovo\YouCam\YouCam.exe (CyberLink Corp.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\Run: [Power2GoExpress] NA File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\Run: [swg] "C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [ISUSPM Startup] C:\PROGRA~2\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [KiesAirMessage] C:\Program Files (x86)\Samsung\Kies\KiesAirMessage.exe -startup File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [KiesPreload] C:\Program Files (x86)\Samsung\Kies\Kies.exe (Samsung) O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\Lenovo\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\Lenovo\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files (x86)\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000010 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000010 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CFB79642-3EE2-4C6E-A401-013B844F878B}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E3359A94-C66F-4D78-B80B-59952BB2ED00}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (c:\progra~3\pcperf~1\22587~1.187\{61d8b~1\pcpmngr.dll) - File not found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{0cb5119b-fefc-11e1-9ae9-3859f9f7b1a8}\Shell - "" = AutoRun O33 - MountPoints2\{0cb5119b-fefc-11e1-9ae9-3859f9f7b1a8}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe O33 - MountPoints2\{a0a07c22-ffcd-11e1-821b-3859f9f7b1a8}\Shell - "" = AutoRun O33 - MountPoints2\{a0a07c22-ffcd-11e1-821b-3859f9f7b1a8}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: Skype - hkey= - key= - File not found MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.clmp3enc - C:\PROGRA~2\Lenovo\Power2Go\CLMP3Enc.ACM (CyberLink Corp.) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\windows\SysWow64\iccvid.dll (Radius Inc.) Drivers32: vidc.i420 - C:\windows\SysWow64\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.yv12 - C:\windows\SysWow64\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.17 16:08:59 | 000,600,064 | ---- | C] (OldTimer Tools) -- C:\Users\McFuest\Desktop\OTL.exe [2012.09.15 22:41:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Elaborate Bytes [2012.09.15 22:13:13 | 000,000,000 | ---D | C] -- C:\ProgramData\InstallShield [2012.09.15 22:06:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AGEIA Technologies [2012.09.15 22:06:13 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\AGEIA [2012.09.15 21:56:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Focus [2012.09.15 21:08:37 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Roaming\DAEMON Tools Lite [2012.09.15 21:07:57 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2012.09.15 20:17:48 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\JDownloader 0.9 [2012.09.15 08:22:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.13 18:37:45 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\searchplugins [2012.09.13 18:37:45 | 000,000,000 | ---D | C] -- C:\windows\SysWow64\Extensions [2012.09.13 16:09:00 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\RegCleaner [2012.09.13 15:10:56 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Roaming\Claro [2012.09.13 15:10:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Claro LTD [2012.09.13 15:10:35 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Roaming\PerformerSoft [2012.09.13 15:10:22 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Start Menu [2012.09.13 15:09:07 | 026,440,904 | ---- | C] (AppWork GmbH) -- C:\Users\McFuest\Desktop\JDownloaderSetup_0.9.581.exe [2012.09.13 13:22:55 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Desktop\Nails [2012.09.12 21:10:27 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Roaming\Malwarebytes [2012.09.12 21:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.12 21:10:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.12 21:10:22 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.09.12 21:10:22 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.12 20:39:03 | 000,000,000 | -HSD | C] -- C:\found.001 [2012.09.12 20:06:00 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\ElevatedDiagnostics [2012.09.12 18:29:38 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0 [2012.09.12 15:57:11 | 000,000,000 | -HSD | C] -- C:\found.000 [2012.09.12 13:01:05 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{2607042F-DF19-4E70-B117-8B75DFEFF08F} [2012.09.11 17:31:24 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{2C3C5855-0093-4137-B068-A5CD73E79843} [2012.09.10 13:03:12 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{080DA6E0-2A82-4FD0-A14F-0423E3F9B4C4} [2012.09.08 15:40:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.06 19:48:54 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Desktop\fb [2012.09.06 10:49:46 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{BB2F69E2-753A-4904-968B-567758C59503} [2012.09.06 10:49:28 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{D8D2834B-6713-411E-AD85-0BE207E106FD} [2012.09.02 12:28:58 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{1AAB7DB0-A6CC-4077-9643-6FD014B44A2B} [2012.08.31 17:12:43 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{89E15FA0-BE81-4BD0-ADDB-6F65B770579F} [2012.08.31 17:12:21 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{74AB6929-FF66-472B-A480-E308ADE61FCD} [2012.08.27 09:05:33 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{0488D656-C728-4CBB-9F37-5F3F6558702D} [2012.08.27 09:05:17 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{D2358BFB-15A9-4DEE-8289-A43CEECAE33A} [2012.08.26 14:57:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.08.26 14:51:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\avast! Free Antivirus [2012.08.26 14:51:10 | 000,285,328 | ---- | C] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe [2012.08.26 14:51:10 | 000,071,600 | ---- | C] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.08.26 14:50:21 | 000,041,224 | ---- | C] (AVAST Software) -- C:\windows\avastSS.scr [2012.08.26 14:50:12 | 000,227,648 | ---- | C] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.08.26 14:49:52 | 000,000,000 | ---D | C] -- C:\ProgramData\AVAST Software [2012.08.26 14:49:52 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software [2012.08.26 14:48:57 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Documents\Simply Super Software [2012.08.26 14:48:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Simply Super Software [2012.08.26 14:08:37 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{DA21E93E-2B5C-4F66-AA75-85FB0C8E157E} [2012.08.26 14:08:18 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{672E0693-4D32-4B21-B708-CD7A0D7058B6} [2012.08.26 12:22:47 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Desktop\Film [2012.08.26 12:20:17 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Desktop\Musik [2012.08.26 12:13:07 | 000,000,000 | ---D | C] -- C:\Users\McFuest\Desktop\Abnehm Journey [2012.08.25 10:09:08 | 000,000,000 | ---D | C] -- C:\ProgramData\Energy Management [2012.08.24 19:46:15 | 000,000,000 | ---D | C] -- C:\Program Files\DTB [2012.08.23 16:33:37 | 000,000,000 | ---D | C] -- C:\Users\McFuest\AppData\Local\{7615E5D3-55BA-4BCF-BCD4-420CAB27B84E} ========== Files - Modified Within 30 Days ========== [2012.09.17 16:12:06 | 000,000,710 | ---- | M] () -- C:\windows\tasks\OpenCandyHelperRun.job [2012.09.17 16:10:27 | 001,498,742 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012.09.17 16:10:27 | 000,654,400 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012.09.17 16:10:27 | 000,616,242 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012.09.17 16:10:27 | 000,130,240 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012.09.17 16:10:27 | 000,106,622 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012.09.17 16:09:02 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\McFuest\Desktop\OTL.exe [2012.09.17 16:01:00 | 000,001,112 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.17 16:01:00 | 000,001,108 | ---- | M] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.17 15:31:00 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012.09.17 13:49:01 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 13:49:01 | 000,021,072 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 13:42:17 | 000,165,543 | ---- | M] () -- C:\windows\SysNative\fastboot.set [2012.09.17 13:41:32 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012.09.17 13:41:16 | 3146,108,928 | -HS- | M] () -- C:\hiberfil.sys [2012.09.15 22:05:31 | 000,314,016 | ---- | M] () -- C:\windows\SysNative\drivers\atksgt.sys [2012.09.15 22:05:30 | 000,043,680 | ---- | M] () -- C:\windows\SysNative\drivers\lirsgt.sys [2012.09.15 20:18:22 | 000,000,000 | ---- | M] () -- C:\Users\McFuest\Desktop\JDownloader.lnk [2012.09.13 16:09:46 | 000,000,958 | ---- | M] () -- C:\Users\McFuest\Desktop\RegCleaner.lnk [2012.09.13 15:09:55 | 000,679,904 | ---- | M] () -- C:\Users\McFuest\Desktop\pcp_claro.exe [2012.09.13 15:09:51 | 026,440,904 | ---- | M] (AppWork GmbH) -- C:\Users\McFuest\Desktop\JDownloaderSetup_0.9.581.exe [2012.09.12 21:10:23 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 20:34:57 | 083,023,306 | ---- | M] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\windows\SysNative\drivers\mbam.sys [2012.08.26 14:51:10 | 000,000,000 | ---- | M] () -- C:\windows\SysWow64\config.nt [2012.08.21 11:13:12 | 000,071,600 | ---- | M] (AVAST Software) -- C:\windows\SysNative\drivers\aswMonFlt.sys [2012.08.21 11:12:33 | 000,041,224 | ---- | M] (AVAST Software) -- C:\windows\avastSS.scr [2012.08.21 11:12:23 | 000,227,648 | ---- | M] (AVAST Software) -- C:\windows\SysWow64\aswBoot.exe [2012.08.21 11:12:02 | 000,285,328 | ---- | M] (AVAST Software) -- C:\windows\SysNative\aswBoot.exe ========== Files Created - No Company Name ========== [2012.09.16 13:02:37 | 000,000,710 | ---- | C] () -- C:\windows\tasks\OpenCandyHelperRun.job [2012.09.15 22:05:31 | 000,314,016 | ---- | C] () -- C:\windows\SysNative\drivers\atksgt.sys [2012.09.15 22:05:30 | 000,043,680 | ---- | C] () -- C:\windows\SysNative\drivers\lirsgt.sys [2012.09.15 20:18:22 | 000,000,000 | ---- | C] () -- C:\Users\McFuest\Desktop\JDownloader.lnk [2012.09.15 20:18:21 | 000,002,082 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Deinstallationsprogramm.lnk [2012.09.15 20:18:21 | 000,002,068 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader Update.lnk [2012.09.15 20:18:21 | 000,002,033 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\JDownloader.lnk [2012.09.13 16:09:02 | 000,000,958 | ---- | C] () -- C:\Users\McFuest\Desktop\RegCleaner.lnk [2012.09.13 15:09:07 | 000,679,904 | ---- | C] () -- C:\Users\McFuest\Desktop\pcp_claro.exe [2012.09.12 21:10:23 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.12 15:51:32 | 083,023,306 | ---- | C] () -- C:\ProgramData\dsgsdgdsgdsgw.pad [2012.08.26 14:51:26 | 000,001,112 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineUA.job [2012.08.26 14:51:25 | 000,001,108 | ---- | C] () -- C:\windows\tasks\GoogleUpdateTaskMachineCore.job [2012.08.26 14:51:10 | 000,000,000 | ---- | C] () -- C:\windows\SysWow64\config.nt [2012.07.12 14:40:38 | 000,005,407 | ---- | C] () -- C:\windows\wininit.ini [2012.07.11 20:38:00 | 000,107,520 | RHS- | C] () -- C:\windows\SysWow64\TAKDSDecoder.dll [2012.06.26 16:02:40 | 000,030,568 | ---- | C] () -- C:\windows\MusiccityDownload.exe [2012.06.26 16:02:38 | 000,974,848 | ---- | C] () -- C:\windows\SysWow64\cis-2.4.dll [2012.06.26 16:02:38 | 000,081,920 | ---- | C] () -- C:\windows\SysWow64\issacapi_bs-2.3.dll [2012.06.26 16:02:38 | 000,065,536 | ---- | C] () -- C:\windows\SysWow64\issacapi_pe-2.3.dll [2012.06.26 16:02:38 | 000,057,344 | ---- | C] () -- C:\windows\SysWow64\issacapi_se-2.3.dll [2012.06.16 18:46:27 | 000,032,256 | ---- | C] () -- C:\windows\SysWow64\AVSredirect.dll [2012.06.16 14:34:29 | 000,016,648 | ---- | C] () -- C:\windows\SysWow64\LogAPI.dll [2012.06.16 13:27:11 | 000,016,200 | ---- | C] () -- C:\windows\SysWow64\drivers\LenovoVCD.sys [2011.09.10 04:35:54 | 002,086,240 | ---- | C] () -- C:\windows\SysWow64\LenovoVeriface.Interface.dll [2011.09.10 04:35:54 | 001,500,512 | ---- | C] () -- C:\windows\SysWow64\Apblend.dll [2011.09.10 04:35:54 | 001,171,456 | ---- | C] () -- C:\windows\SysWow64\PicNotify.dll [2011.09.10 04:35:54 | 000,472,416 | ---- | C] () -- C:\windows\SysWow64\Lenovo.VerifaceStub.dll [2011.09.10 04:35:42 | 001,044,480 | ---- | C] () -- C:\windows\SysWow64\3DImageRenderer.dll [2011.09.10 04:21:14 | 000,008,192 | ---- | C] () -- C:\windows\SysWow64\drivers\IntelMEFWVer.dll [2011.03.04 12:18:02 | 000,960,940 | ---- | C] () -- C:\windows\SysWow64\igkrng600.bin [2011.03.04 12:18:00 | 000,213,332 | ---- | C] () -- C:\windows\SysWow64\igfcg600m.bin [2011.03.04 12:17:59 | 000,145,804 | ---- | C] () -- C:\windows\SysWow64\igcompkrng600.bin ========== LOP Check ========== [2012.08.08 16:19:15 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Canneverbe Limited [2012.09.13 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Claro [2012.07.11 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\convert [2012.09.15 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\DAEMON Tools Lite [2012.06.16 14:34:36 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Lenovo [2012.06.17 19:15:01 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\OpenOffice.org [2012.09.16 13:24:01 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\PerformerSoft [2012.08.03 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Samsung [2012.09.16 13:31:12 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\systweak [2012.09.17 16:12:06 | 000,000,710 | ---- | M] () -- C:\windows\Tasks\OpenCandyHelperRun.job [2012.09.14 23:53:22 | 000,032,628 | ---- | M] () -- C:\windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.16 14:44:21 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Adobe [2012.08.03 20:18:54 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Apple Computer [2012.08.08 16:19:15 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Canneverbe Limited [2012.09.13 15:10:56 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Claro [2012.07.11 13:42:25 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\convert [2012.07.18 19:17:01 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\CyberLink [2012.09.15 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\DAEMON Tools Lite [2012.07.18 22:00:59 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\dvdcss [2012.06.16 13:11:03 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Google [2012.06.16 12:23:07 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Identities [2012.07.11 20:15:30 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\InstallShield [2012.06.16 14:34:36 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Lenovo [2012.06.16 13:14:58 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Macromedia [2012.09.12 21:10:27 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Malwarebytes [2011.02.22 13:42:06 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Media Center Programs [2012.08.08 16:19:48 | 000,000,000 | --SD | M] -- C:\Users\McFuest\AppData\Roaming\Microsoft [2012.06.18 13:35:10 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Mozilla [2012.06.17 19:15:01 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\OpenOffice.org [2012.09.16 13:24:01 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\PerformerSoft [2012.08.03 20:15:25 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Samsung [2012.09.13 13:26:45 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\Skype [2012.09.16 13:31:12 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\systweak [2012.09.12 19:27:34 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\vlc [2012.06.25 17:48:31 | 000,000,000 | ---D | M] -- C:\Users\McFuest\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > [2012.07.11 20:37:41 | 012,697,088 | ---- | M] () -- C:\Users\McFuest\AppData\Roaming\convert\convert.exe < %SYSTEMDRIVE%\*.exe > [2008.04.11 08:03:48 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\drivers\iaStor.sys [2011.02.18 10:11:54 | 000,439,320 | ---- | M] (Intel Corporation) MD5=53CC5BF8B5A219119953C7ABB19A7705 -- C:\windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_52b32c0ad3e84c62\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.09.10 11:57:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.09.10 11:57:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\drivers\iaStorV.sys [2011.09.10 11:57:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.09.10 11:57:48 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.09.10 11:57:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.09.10 11:57:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\drivers\nvstor.sys [2011.09.10 11:57:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.09.10 11:57:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > ========== Alternate Data Streams ========== @Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9 < End of report > |
|
17.09.2012, 20:21
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = 127.0.0.1:8080
IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\SOFTWARE\Microsoft\Internet Explorer\Main,bProtector Start Page = http://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c
IE - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = http://www.claro-search.com/?q={searchTerms}&affID=114506&tt=3712_3&babsrc=SP_clro&mntrId=42a37583000000000000e89a8fb9287c
FF - prefs.js..extensions.enabledAddons: software@loadtubes.com:1.01
FF - prefs.js..extensions.enabledAddons: ffxtlbr@claro.com:1.5.0
CHR - homepage: http://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c
CHR - homepage: http://www.claro-search.com/?affID=114506&tt=3712_3&babsrc=HP_clro&mntrId=42a37583000000000000e89a8fb9287c
[2012.09.13 18:40:12 | 000,000,000 | ---D | M] (Claro Toolbar) -- C:\Users\McFuest\AppData\Roaming\mozilla\Firefox\Profiles\kiat697y.default\extensions\ffxtlbr@claro.com
[2012.07.11 20:37:48 | 000,000,000 | ---D | M] (loadtbs) -- C:\Users\McFuest\AppData\Roaming\mozilla\Firefox\Profiles\kiat697y.default\extensions\software@loadtubes.com
[2012.09.13 15:10:42 | 000,006,522 | ---- | M] () -- C:\Users\McFuest\AppData\Roaming\mozilla\firefox\profiles\kiat697y.default\searchplugins\bProtect.xml
O2 - BHO: (no name) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No CLSID value found.
O2 - BHO: (Claro LTD Helper Object) - {000F18F2-09EB-4A59-82B2-5AE4184C39C3} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\bh\claro.dll (Montera Technologeis LTD)
O3 - HKLM\..\Toolbar: (Claro LTD Toolbar) - {9E131A93-EED7-4BEB-B015-A0ADB30B5646} - C:\Program Files (x86)\Claro LTD\claro\1.6.4.1\claroTlbr.dll (Montera Technologeis LTD)
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\Run: [FactoryTest] C:\Windows\Test.bat File not found
O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1001..\Run: [SpybotSD TeaTimer] C:\Program Files (x86)\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2966652974-3111672095-50612590-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011.08.04 18:13:52 | 000,000,110 | -H-- | M] () - G:\autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{0cb5119b-fefc-11e1-9ae9-3859f9f7b1a8}\Shell - "" = AutoRun
O33 - MountPoints2\{0cb5119b-fefc-11e1-9ae9-3859f9f7b1a8}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe
O33 - MountPoints2\{a0a07c22-ffcd-11e1-821b-3859f9f7b1a8}\Shell - "" = AutoRun
O33 - MountPoints2\{a0a07c22-ffcd-11e1-821b-3859f9f7b1a8}\Shell\AutoRun\command - "" = E:\autorun\autorun.exe
@Alternate Data Stream - 150 bytes -> C:\ProgramData\Temp:CB0AACC9
:Files
C:\found.*
C:\Program Files (x86)\Yontoo
C:\ProgramData\Tarma Installer
C:\Users\McFuest\AppData\LocalLow\Sun\Java\Deployment\cache
C:\Users\McFuest\AppData\Roaming\Mozilla\Firefox\Profiles\kiat697y.default\extensions\plugin@yontoo.com
C:\Users\McFuest\Desktop\pcp_claro.exe
C:\Users\McFuest\Downloads\iLividSetupV1.exe
C:\Users\McFuest\AppData\Local\{*
C:\ProgramData\*.pad
c:\install.exe
C:\Program Files (x86)\RegCleaner
C:\Users\McFuest\AppData\Roaming\Claro
C:\Program Files (x86)\Claro LTD
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu GUV Trojaner ! Infizierten Dateien löschen oder Quarantäne? |
| administrator, anleitung, anti-malware, appdata, autostart, beste, besten, dateien, dll, explorer, file, gefahr, gefundenen, gelöscht, gen, infizierte, infizierten, leitung, live, log, log file, löschen, löschen?, malwarebytes, messenger, microsoft, nerve, nerven, nicht löschen, nichts, poste, posten, quarantäne, roaming, rundll, scan, scanne, software, speicher, starte, system32, temp, thema, troja, trojan.agent, trojaner, windows live |
Button.
.
und speichere das Logfile als ESET.txt auf dem Desktop.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Hybrid-Darstellung
