Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
GVU Trojaner wgsdgsdgdsdsd.dll h1n1

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Plagegeister aller Art und deren Bekämpfung: GVU Trojaner wgsdgsdgdsdsd.dll h1n1

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 2 von 2 1 2
Alt 31.12.2012, 09:14   #16
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Scan mit SystemLook

Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus.

Lade SystemLook von jpshortstuff von einem der folgenden Spiegel herunter und speichere das Tool auf dem Desktop (falls noch nicht vorhanden).

Download Mirror #1

User mit 64Bit-Windows-Versionen benutzen diese Version => http://jpshortstuff.247fixes.com/SystemLook_x64.exe
  • Doppelklick auf die SystemLook.exe, um das Tool zu starten.
    Vista- und Windows 7-User unbedingt mit Rechtsklick und als Administrator starten.
  • Kopiere den Inhalt der folgenden Codebox in das Textfeld des Tools:

    Code:
    ATTFilter
    :regfind 
Startup
  • Klicke nun auf den Button Look, um den Scan zu starten.
  • Wenn der Suchlauf beendet ist, wird sich Dein Editor mit den Ergebnissen öffnen, diese hier in den Thread posten.
  • Die Ergebnisse werden auf dem Desktop als SystemLook.txt gespeichert.
__________________
Mfg, t'john
Das TB unterstützen

Alt 31.12.2012, 17:49   #17
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
hier die Ergebnisse beim neuerlichen Scan:

SystemLook 30.07.11 by jpshortstuff
Log created at 17:46 on 31/12/2012 by Arne
Administrator - Elevation successful

========== regfind ==========

Searching for "Startup"
[HKEY_CURRENT_USER\Software\ATI\ACE\Settings\Runtime]
"RuntimeStartUp"="2,2555497"
[HKEY_CURRENT_USER\Software\ATI\ACE\Settings\Runtime]
"RuntimeStartUpProcTime"="2,5272162"
[HKEY_CURRENT_USER\Software\Fenomen Games\Ashley Jones - The Heart Of Egypt]
"StartupPath"="C:\Program Files\DEUTSCHLAND SPIELT\AshleyJonesReiseInsAlteAegyptenCD"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Common\General]
"Startup"="STARTUP"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Excel\Security\Trusted Locations\Location4]
"Path"="C:\Program Files\Microsoft Office\Office12\STARTUP\"
[HKEY_CURRENT_USER\Software\Microsoft\Office\12.0\Word\Security\Trusted Locations\Location2]
"Path"="%APPDATA%\Microsoft\Word\Startup"
[HKEY_CURRENT_USER\Software\Microsoft\Office\9.0\Common\General]
"Startup"="StartUp"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup"="C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\StartupHasBeenRun]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\WHCIconStartup]
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Media Center\Settings\MCE.PerUserSettings]
"SqmSetingsStartupAndWindowsBehavior"="0"
[HKEY_CURRENT_USER\Software\VB and VBA Program Settings\DVDAuthorGUI\Startup]
[HKEY_LOCAL_MACHINE\SOFTWARE\ABBYY\Sprint\6.00\Installer]
"WordIconPath"="C:\Users\Arne\AppData\Roaming\Microsoft\Word\StartUp\Finereader6.sprint.dot"
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Shockwave 11\uicontrol\remoteshowatstartup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Adobe\Shockwave 11\uicontrol\remoteshowatstartuptext]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.ADEFile.9\Shell\Open\Command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Application.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Application.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.BlankDatabaseTemplate.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.BlankDatabaseTemplate.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /NEWDB "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.BlankProjectTemplate.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /NEWDB "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.BlankProjectTemplate.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /NEWDB "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.DatabaseWizardTemplate.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /DBWIZ "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.DatabaseWizardTemplate.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /DBWIZ "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Extension.9\shell\open\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.MDEFile.9\Shell\Open\Command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Project.9\shell\open\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.DataAccessPage.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.DataAccessPage.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.DataAccessPage.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.DataAccessPage.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenDataAccessPage "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Diagram.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Diagram.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenDiagram "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenForm "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenForm "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Preview\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenForm "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\Preview\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenForm "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\print\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Form.1\shell\printto\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1","%2","%3","%4"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Macro.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Macro.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Macro.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Macro.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [ShellOpenMacro "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Module.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Module.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenModule "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\open\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\Preview\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\Preview\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenQuery "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\print\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Query.1\shell\printto\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1","%2","%3","%4"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenReport "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenReport "%1",2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenReport "%1",2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\print\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Report.1\shell\printto\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1","%2","%3","%4"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.StoredProcedure.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.StoredProcedure.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.StoredProcedure.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.StoredProcedure.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenStoredProcedure "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenTable "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenTable "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\open\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [OpenTable "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\Preview\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenTable "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\Preview\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenTable "%1", 2]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\print\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.Table.1\shell\printto\command]
@="C:\PROGRA~1\MIF5BA~1\Office\MSACCESS.EXE /NOSTARTUP /SHELLSYSTEM [PrintTo "%1","%2","%3","%4"][ShellQuit]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.View.1\shell\Design\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.View.1\shell\Design\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenView "%1", 1]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.View.1\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Shortcut.View.1\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP /SHELLSYSTEM [OpenView "%1"]"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.WizardDataFile.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.WizardDataFile.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Workgroup.9\shell\Open\command]
@=""C:\Program Files\Microsoft Office\Office\MSACCESS.EXE" /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Access.Workgroup.9\shell\Open\command]
"command"=".0!!!gxsf(Ng]qF`H{LsACCESSFiles>plT]jI{jf(=1&L[-81-] /NOSTARTUP "%1""
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{273eb5e7-88b0-4843-bfef-e2c81d43aae5}]
@="Application Startup Link"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{29F458BE-8866-11D5-A3DD-00B0D0F3BAA7}\LocalServer32]
@=""C:\Program Files\Mozilla Thunderbird\thunderbird.exe" /MAPIStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{A7A63E5C-3877-4840-8727-C1EA9D7A4D50}]
@="Secure Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Features\87EF4D886AE6BFD4F92CB83C610F2CDF]
"Startup"="ACDSee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Fax\Client\ServiceStartup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\CARETBROWSING]
"ValueName"="EnableOnStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\TEXTSIZE]
"ValueName"="ResetTextSizeOnStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\AdvancedOptions\ACCESSIBILITY\ZOOMLEVEL]
"ValueName"="ResetZoomOnStartup2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"path"="C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"backup"="C:\Windows\pss\runctf.lnk.Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"location"="C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"backupExtension"=".Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageDetect\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\PackageIndex\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~0.0.0.0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385]
"InstallName"="Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514]
"InstallName"="Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7600.16385]
"InstallName"="Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-SecureStartup-Basic-Package~31bf3856ad364e35~x86~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385]
"InstallName"="Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514]
"InstallName"="Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~de-DE~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7600.16385]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7600.16385]
"InstallName"="Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7600.16385.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7601.17514]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\Packages\Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7601.17514]
"InstallName"="Microsoft-Windows-SecureStartup-Package~31bf3856ad364e35~x86~~6.1.7601.17514.mum"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30249157_1417662801]
"1_Startup"="2012/09/12/11:54:18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30249157_1417662801]
"1_StartupFinish"="2012/09/12/11:54:46"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30249157_1454790866]
"1_Startup"="2012/09/12/11:54:18"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30249157_1454790866]
"1_StartupFinish"="2012/09/12/11:54:46"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30251226_1877924623]
"1_Startup"="2012/09/22/22:11:52"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30251226_1877924623]
"1_StartupFinish"="2012/09/22/22:12:11"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3172272613]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3172272613]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3290052819]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3290052819]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3354948932]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3354948932]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3958669984]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3958669984]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3993614045]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_3993614045]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_4012646078]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254854_4012646078]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1072697145]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1072697145]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1177529328]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1177529328]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1235249428]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_1235249428]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_781288637]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_781288637]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_829336721]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_829336721]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_847432752]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_847432752]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_954604939]
"1_Startup"="2012/10/10/21:12:07"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30254855_954604939]
"1_StartupFinish"="2012/10/10/21:12:40"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1670349938]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1670349938]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1820734200]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1820734200]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1881262306]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_1881262306]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2346767117]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2346767117]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2408231224]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2408231224]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2765315847]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_2765315847]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_3057348356]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_3057348356]
"1_StartupFinish"="2012/11/15/11:37:50"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_3163896542]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262043_3163896542]
"1_StartupFinish"="2012/11/15/11:37:51"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262044_2512315599]
"1_Startup"="2012/11/15/11:37:13"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30262044_2512315599]
"1_StartupFinish"="2012/11/15/11:37:51"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_2942078306]
"1_Startup"="2012/12/13/17:41:47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_2942078306]
"1_StartupFinish"="2012/12/13/17:42:04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_2974838363]
"1_Startup"="2012/12/13/17:41:47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_2974838363]
"1_StartupFinish"="2012/12/13/17:42:04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3265466870]
"1_Startup"="2012/12/13/17:41:47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3265466870]
"1_StartupFinish"="2012/12/13/17:42:04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3332078986]
"1_Startup"="2012/12/13/17:41:47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3332078986]
"1_StartupFinish"="2012/12/13/17:42:04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3562647388]
"1_Startup"="2012/12/13/17:41:47"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30267718_3562647388]
"1_StartupFinish"="2012/12/13/17:42:04"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30269323_4275088344]
"1_Startup"="2012/12/21/17:17:53"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Component Based Servicing\SessionsPending\30269323_4275088344]
"1_StartupFinish"="2012/12/21/17:18:27"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Desktop\NameSpace\{5399E694-6CE5-4D6C-8FCE-1D8870FDCBA0}]
@="ControlPanelStartupPage"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}]
"Name"="Common Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{82A5EA35-D9CD-47C5-9629-E15D2F714E6E}]
"RelativePath"="StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}]
"Name"="Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\FolderDescriptions\{B97D20BB-F46A-4C97-BA10-5E3608430854}]
"RelativePath"="StartUp"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Common Startup"="C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Common Startup"="%ProgramData%\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Group Policy\GPStartup]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\Microsoft Office\Office\Startup\"="1"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\css\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\images\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders]
"C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\js\"=""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\09C923FDCDEFEDE4781D1F876729118B]
"00006FCA9B229EC4896DC2FC53B9CA70"="C:\Program Files\ABBYY FineReader 6.0 Sprint\StartUp2.dll"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\158FFC6101127E34BB81DD17CFD60451]
"87EF4D886AE6BFD4F92CB83C610F2CDF"="C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\menu.html"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\44A77F6C09BF92541B61E5A25E027E68]
"87EF4D886AE6BFD4F92CB83C610F2CDF"="C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\css\main.css"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6A3CD1B8766D1C7489C36D4CA762C179]
"87EF4D886AE6BFD4F92CB83C610F2CDF"="C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\js\functions.js"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7AF65E8F7E632D11AA98000A9CF0750B]
"704000001E872D116BF00006799C897E"="C:\Program Files\Microsoft Office\Office\Startup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BA37D6612ACA1D11099A000680F963DB]
"704000001E872D116BF00006799C897E"="C:\Program Files\Microsoft Office\Office\Startup\"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E54789E886B70DB48A3A97F904C8B54F]
"87EF4D886AE6BFD4F92CB83C610F2CDF"="C:\Program Files\ACD Systems\ACDSee Pro\4.0\Startup\images\acdsee-3-screen1.jpg"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E5E557D47594A2C5B8EFDC4AC0D590EA]
"0E4B77E0B8D039F44B9192EC48896E6B"="C:\Program Files\The Games Company\Simon the Sorcerer 5\xulrunner\components\appstartup.xpt"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\87EF4D886AE6BFD4F92CB83C610F2CDF\Features]
"Startup"="PlVyhy-Q7=yuL]1GeIFSXj5D**]%o9KQ^ZL9`Xo)xwVoU!&2G@46c9[E?YUw7fReTpjC(?C(G=h~E1XXACDSee"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..estartup-fverecover_31bf3856ad364e35_none_b683f6d61b9db0c0]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-s..restartup-repairbde_31bf3856ad364e35_none_8a12a56e1511b28d]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-core_31bf3856ad364e35_none_8f9feb1cdf809e68]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-notify_31bf3856ad364e35_none_aa3c1294cb4b32be]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-prompt_31bf3856ad364e35_none_063c4bf252dab5c5]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-service_31bf3856ad364e35_none_b87693e6af2c1d06]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-tool-exe_31bf3856ad364e35_none_817afc61027a7802]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-tool_31bf3856ad364e35_none_8ee86e12e00a1897]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-ui-libs_31bf3856ad364e35_none_3ad90a7e656f085e]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup-wmi_31bf3856ad364e35_none_0be16e71247b4558]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\Winners\x86_microsoft-windows-securestartup_31bf3856ad364e35_none_5944a934070f9dec]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WINEVT\Publishers\{c914f0df-835a-4a22-8c70-732c9a80c634}]
@="Microsoft-Windows-StartupRepair"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Perflib\009]
"Help"="3 The System performance object consists of counters that apply to more than one instance of a component processors on the computer. 5 The Memory performance object consists of counters that describe the behavior of physical and virtual memory on the computer. Physical memory is the amount of random access memory on the computer. Virtual memory consists of the space in physical memory and on disk. Many of the memory counters monitor paging, which is the movement of pages of code and data between disk and physical memory. Excessive paging, a symptom of a memory shortage, can cause delays which interfere with all system processes. 7 % Processor Time is the percentage of elapsed time that the processor spends to execute a non-Idle thread. It is calculated by measuring the percentage of time that the processor spends executing the idle thread and then subtracting that value from 100%. (Each processor has an idle thread tha
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\LightweightCallHandlers\PNIDUI\Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Network\LightweightCallHandlers\PNIDUI\Startup\NCSI_TrayIconStartup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Terminal Server\Wds\rdpwd]
"StartupPrograms"="rdpclip"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\eventlog\System\Microsoft-Windows-StartupRepair]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\LightweightCallHandlers\PNIDUI\Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Network\LightweightCallHandlers\PNIDUI\Startup\NCSI_TrayIconStartup]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Terminal Server\Wds\rdpwd]
"StartupPrograms"="rdpclip"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\services\eventlog\System\Microsoft-Windows-StartupRepair]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\LightweightCallHandlers\PNIDUI\Startup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Network\LightweightCallHandlers\PNIDUI\Startup\NCSI_TrayIconStartup]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd]
"StartupPrograms"="rdpclip"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\services\eventlog\System\Microsoft-Windows-StartupRepair]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\ATI\ACE\Settings\Runtime]
"RuntimeStartUp"="2,2555497"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\ATI\ACE\Settings\Runtime]
"RuntimeStartUpProcTime"="2,5272162"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Fenomen Games\Ashley Jones - The Heart Of Egypt]
"StartupPath"="C:\Program Files\DEUTSCHLAND SPIELT\AshleyJonesReiseInsAlteAegyptenCD"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Office\12.0\Common\General]
"Startup"="STARTUP"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Office\12.0\Excel\Security\Trusted Locations\Location4]
"Path"="C:\Program Files\Microsoft Office\Office12\STARTUP\"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Office\12.0\Word\Security\Trusted Locations\Location2]
"Path"="%APPDATA%\Microsoft\Word\Startup"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Office\9.0\Common\General]
"Startup"="StartUp"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders]
"Startup"="C:\Users\Arne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\StartupHasBeenRun]
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\SessionInfo\1\WHCIconStartup]
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Microsoft\Windows\CurrentVersion\Media Center\Settings\MCE.PerUserSettings]
"SqmSetingsStartupAndWindowsBehavior"="0"
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\VB and VBA Program Settings\DVDAuthorGUI\Startup]
[HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Explorer\User Shell Folders]
"Startup"="%USERPROFILE%\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup"

Searching for " "
[HKEY_CURRENT_USER\Software\Gabest\Media Player Classic\Shaders]
"0"="sharpen complex 2|ps_2_a|//////////////////////////////////////////////////// \n// Sharpen complex v2 (nécessite ps >=2a)\n//////////////////////////////////////////////////// \nsampler s0 : register(s0); \nfloat4 p0 : register(c0); \nfloat4 p1 : register(c1); \n\n// résolution de l'image\n#define width (p0[0]) \n#define height (p0[1]) \n// "largeur" d'un pixel\n#define px (p1[0])\n#define py (p1[1])\n\n\n//////////////////////////////////////////////////// \n// Paramètres\n//////////////////////////////////////////////////// \n // pour le calcul du flou\n#define moyenne 0.6\n#define dx (moyenne*px)\n#define dy (moyenne*py)\n\n#define CoefFlou 2\n#define CoefOri (1+ CoefFlou)\n\n // pour le sharpen\n#define SharpenEdge 0.2\n#define Sharpen_val0 2 \n#define Sharpen_val1 ((Sharpen_val0-1) / 8.0)\n\n\n//////////////////////////////////////////////////// \nfloat4 main( float2 tex : TEXCOORD0 ) : COLOR \n{ \n // recup du pi
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1\Target Id 0\Logical Unit Id 0]
"SerialNumber"=" 9VP6FALP"
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 1\Target Id 0\Logical Unit Id 0]
"Identifier"="ST31000528AS CC44"
[HKEY_LOCAL_MACHINE\HARDWARE\DEVICEMAP\Scsi\Scsi Port 0\Scsi Bus 2\Target Id 0\Logical Unit Id 0]
"SerialNumber"="K1UA43B2357 "
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WSMAN\Plugin\Microsoft.PowerShell]
"ConfigXML"=" <PlugInConfiguration xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Name="microsoft.powershell" Filename="%windir%\system32\pwrshplugin.dll" SDKVersion="1" XmlRenderingType="text" > <InitializationParameters> <Param Name="PSVersion" Value="2.0"/> </InitializationParameters> <Resources> <Resource ResourceUri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" SupportsOptions="true" ExactMatch="true"> <Security xmlns="hxxp://schemas.microsoft.com/wbem/wsman/1/config/PluginConfiguration" Uri="hxxp://schemas.microsoft.com/powershell/microsoft.powershell" ExactMatch="true" Sddl="O:NSG:BAD:P(A;;GA;;;BA)S:P(AU;FA;GA;;;WD)(AU;SA;GXGW;;;WD)"/> <Capability Type="Shell"/> </Resource> </Res
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Enum\WpdBusEnumRoot\UMB\2&37c186b&4&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_128MB&REV_2.00#241F1E4164D2D80D& 0#]
"DeviceDesc"="128MB "
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Enum\WpdBusEnumRoot\UMB\2&37c186b&4&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_128MB&REV_2.00#241F1E4164D2D80D& 0#]
"DeviceDesc"="128MB "
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Enum\WpdBusEnumRoot\UMB\2&37c186b&4&STORAGE#VOLUME#_??_USBSTOR#DISK&VEN_&PROD_128MB&REV_2.00#241F1E4164D2D 80D&0#]
"DeviceDesc"="128MB "
[HKEY_USERS\S-1-5-21-2364746036-3938550401-4069990109-1000\Software\Gabest\Media Player Classic\Shaders]
"0"="sharpen complex 2|ps_2_a|//////////////////////////////////////////////////// \n// Sharpen complex v2 (nécessite ps >=2a)\n//////////////////////////////////////////////////// \nsampler s0 : register(s0); \nfloat4 p0 : register(c0); \nfloat4 p1 : register(c1); \n\n// résolution de l'image\n#define width (p0[0]) \n#define height (p0[1]) \n// "largeur" d'un pixel\n#define px (p1[0])\n#define py (p1[1])\n\n\n//////////////////////////////////////////////////// \n// Paramètres\n//////////////////////////////////////////////////// \n // pour le calcul du flou\n#define moyenne 0.6\n#define dx (moyenne*px)\n#define dy (moyenne*py)\n\n#define CoefFlou 2\n#define CoefOri (1+ CoefFlou)\n\n // pour le sharpen\n#define SharpenEdge 0.2\n#define Sharpen_val0 2 \n#define Sharpen_val1 ((Sharpen_val0-1) / 8.0)\n\n\n//////////////////////////////////////////////////// \nfloat4 main( float2 tex : TE

-= EOF =-
__________________
Alt 01.01.2013, 12:56   #18
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1




Fixen mit OTL

Lade (falls noch nicht vorhanden) OTL von Oldtimer herunter und speichere es auf Deinem Desktop (nicht woanders hin).

  • Deaktiviere etwaige Virenscanner wie Avira, Kaspersky etc.
  • Starte die OTL.exe.
    Vista- und Windows 7-User starten mit Rechtsklick auf das Programm-Icon und wählen "Als Administrator ausführen".
  • Kopiere folgendes Skript in das Textfeld unterhalb von Benuterdefinierte Scans/Fixes:
  • Der Fix fängt mit :OTL an. Vergewissere dich, dass du ihn richtig kopiert hast.


Code:
ATTFilter
:OTL
:reg

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"path"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"backup"=-


[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"location"= -
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
"backupExtension"=-

[-HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk]
  • Schließe alle Programme.
  • Klicke auf den Fix Button.
  • Wenn OTL einen Neustart verlangt, bitte zulassen.
  • Kopiere den Inhalt des Logfiles hier in Code-Tags in Deinen Thread.
    Nachträglich kannst Du das Logfile hier einsehen => C:\_OTL\MovedFiles\<datum_nummer.log>

Hinweis für Mitleser: Obiges OTL-Script ist ausschließlich für diesen User in dieser Situtation erstellt worden.
Auf keinen Fall auf anderen Rechnern anwenden, das kann andere Systeme nachhaltig schädigen!
__________________
__________________
Alt 01.01.2013, 19:07   #19
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
hier das Logfile vom Fix mit OTL (Neustart wurde nicht erforderlich).

Code:
ATTFilter
========== OTL ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk\\path deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk\\backup deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk\\location deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk\\backupExtension deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupfolder\C:^Users^Arne^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^runctf.lnk\ deleted successfully.
 
OTL by OldTimer - Version 3.2.69.0 log created on 01012013_190117

Alt 01.01.2013, 19:15   #20
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Sind die Eintraege weg?

__________________
Mfg, t'john
Das TB unterstützen

Alt 02.01.2013, 17:20   #21
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
muss gestehen, dass ich den angegebenen Pfad (C:Users/Arne/AppData usw.) nicht einmal ansatzweise finden kann, so dass ich Dir nicht sagen kann, ob die Einträge weg sind. Auch wenn ich z.B. Users durch Benutzer ersetze, ist spätestens der Ordner AppData nicht vorhanden.

Habe zudem beim Aufruf von Firefox weiterhin die Meldung:

"Server ist ausgelastet.Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf "Wechseln zu", um zu der anderen Anwendung zu wechseln und das Problem zu beheben."

Das hängt wahrscheinlich auch immer noch mit meinem Problem zusammen, oder ?

Hallo,
habe den Pfad jetzt doch gefunden. Die Ordner waren nur ausgeblendet. Sorry ! Ich gehe davon aus, dass "StartUp" im Deutschen der Autostart-Ordner ist. Dort sind keine Einträge vorhanden.
Die verdächtige Zeile unter "Systemstart" in der Systemkonfiguration ist auch verschwunden.
Auch die Meldung ("Server ist ausgelastet. Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf "Wechseln zu", um zu der anderen Anwendung zu wechseln und das Problem zu beheben.") ist nicht ständig erschienen. Während ich jetzt online bin z.B. auch nicht.

Alt 03.01.2013, 04:39   #22
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Re-Installiere Firefox.

Gibt es noch Probleme mit dem Rechner?
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.01.2013, 17:56   #23
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
werde Firefox reinstallieren. Das Fenster mit der Meldung ("Server ist ausgelastet
Dieser Vorgang kann nicht ausgeführt werden, da die andere Anwendung aktiv ist. Klicken Sie auf "Wechseln zu", um zu der anderen Anwendung zu wechseln und das Problem zu beheben.") erscheint teilweise allerdings auch unmittelbar nach dem Hochfahren des Rechners, ohne dass ich den Browser gestartet habe.

Alt 03.01.2013, 19:28   #24
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Bitte mal ausfuehren:
http://www.trojaner-board.de/72874-s...eparieren.html

Danach:
- neustarten
nochmal versuchen
__________________
Mfg, t'john
Das TB unterstützen

Alt 03.01.2013, 22:05   #25
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
habe zweimal den sfc-Lauf durchgeführt. Beide Male war das Ergebnis: "Der Windows-Ressourcenschutz hat keine Integritätsverletzungen gefunden".
Die Meldung mit "Server ist ausgelastet usw." erscheint auch nur unregelmäßig. Bei der jetzigen Nutzung (schon über zwei Stunden) ist z.B. noch gar nichts erschienen.

Nach der Lektüre anderer Themen zum gleichen Problem, muss ich noch gestehen, dass ich bei der Anwendung CCleaner die Fehlerbehebung in der Registry unterlassen hatte, weil die entsprechende Anleitung davon abgeraten hatte. Deine Antwort darauf war in der Regel dies aber trotzdem zu tun.
Sollte ich hier sonst nochmal tätig werden ?

Alt 04.01.2013, 12:30   #26
t'john
/// Helfer-Team
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Mach mir bitte mal ein Screenshot von der Meldung.
__________________
Mfg, t'john
Das TB unterstützen

Alt 06.01.2013, 11:25   #27
arniek
 
GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Standard

GVU Trojaner wgsdgsdgdsdsd.dll h1n1


Hallo,
hat etwas länger gedauert bis die Meldung mal wieder erschienen ist. Wie schon mal gesagt: Sie erscheint unregelmäßig und verschwindet manchmal nach kurzer Zeit schon wieder. Habe mal einen Screenshot mit dem Snipping Tool von Windows 7 gemacht.
Name: Unbenannt.PNG Hits: 196 Größe: 15,4 KB

Antwort
Seite 2 von 2 1 2

Themen zu GVU Trojaner wgsdgsdgdsdsd.dll h1n1
antivir, aufforderung, bekannte, bestimmte, bestimmten, einfach, eingefangen, gefangen, gefunde, häufig, meldung, modul, neustart, programm, start, trojan.backdoor, trojaner, versucht, virenprogramm, virus, windows, windows 7, zicken


« falsche Weiterleitung bei Suchmaschinenanfragen | GVU Trojaner - OTLPE scan crashes bei firefox settings »


Ähnliche Themen: GVU Trojaner wgsdgsdgdsdsd.dll h1n1


  1. jetzt auch ich, aber keine Problem mit dem System... runctf im Autostart/ wgsdgsdgdsgsd.dll,H1N1
    Log-Analyse und Auswertung - 21.01.2013 (25)
  2. H1N1 Datei fehlt in meiner rundll Datei, was tun?
    Log-Analyse und Auswertung - 19.01.2013 (13)
  3. H1N1 nicht in system32.dll gefunden & wgsdgsdgdsgsd.exe
    Log-Analyse und Auswertung - 16.01.2013 (9)
  4. Computer gesperrt; wgsdgsdgdsgsd.exe,H1N1
    Plagegeister aller Art und deren Bekämpfung - 14.01.2013 (3)
  5. "Ihr Computer wurde gesperrt", wgsdgsdgdsgsd.exe , H1N1
    Plagegeister aller Art und deren Bekämpfung - 13.01.2013 (10)
  6. Fehlermeldung: wgsdgsdgdsgsd.exe -- Eintrag H1N1 fehlt (Win8)
    Plagegeister aller Art und deren Bekämpfung - 12.01.2013 (13)
  7. Ihr Computer ist Gesperrt! Msconfig=>Systemstart wgsdgsdgdsgsd.dll,H1N1 deaktiviert
    Plagegeister aller Art und deren Bekämpfung - 25.12.2012 (2)
  8. wgsdgsdgdsgsd.dll,H1N1 & runctf.reg (BAfS Trojaner + Webcam Aktivierung)
    Log-Analyse und Auswertung - 20.12.2012 (2)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema GVU Trojaner wgsdgsdgdsdsd.dll h1n1 - Scan mit SystemLook Hiermit prüfe ich, ob für diese Infektion übliche Einträge noch vorhanden sind. Das Tool ändert nichts, wirft mir nur die nötigen Infos aus. Lade SystemLook von jpshortstuff - GVU Trojaner wgsdgsdgdsdsd.dll h1n1...
Archiv
Du betrachtest: GVU Trojaner wgsdgsdgdsdsd.dll h1n1 auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58