PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind

cosinus · 19.03.2013, 23:01

Leider fehlt das andere und wichtigere Log von OTL

raquel · 20.03.2013, 03:32

Hier das andere Logfile von OTL:

Code:

ATTFilter

OTL logfile created on: 19.03.2013 21:13:15 - Run 2
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Raquel\Desktop
64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
3,89 Gb Total Physical Memory | 2,41 Gb Available Physical Memory | 62,03% Memory free
7,78 Gb Paging File | 5,95 Gb Available in Paging File | 76,55% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 448,96 Gb Total Space | 352,07 Gb Free Space | 78,42% Space Free | Partition Type: NTFS
Drive Q: | 15,62 Gb Total Space | 6,38 Gb Free Space | 40,83% Space Free | Partition Type: NTFS
 
Computer Name: RAQUEL-THINK | User Name: Raquel | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - C:\Users\Raquel\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files (x86)\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.)
PRC - C:\ProgramData\Dialog Mobile Broadband\OnlineUpdate\ouc.exe ()
PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
PRC - C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
PRC - C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe ()
PRC - C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe (ABBYY (BIT Software))
PRC - C:\Program Files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe (ABBYY)
PRC - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
PRC - C:\PROGRA~2\ThinkPad\UTILIT~1\SCHTASK.exe (Lenovo Group Limited)
PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcDeskBandHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\SvcGuiHlpr.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
PRC - C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
PRC - C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
PRC - C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
PRC - C:\Programme\Lenovo\ZOOM\TpScrex.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\HOTKEY\TPONSCR.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
PRC - C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
PRC - C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
PRC - C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
PRC - C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
PRC - C:\Programme\Lenovo\VIRTSCRL\virtscrl.exe (Lenovo Group Limited)
PRC - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
PRC - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
PRC - C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
PRC - C:\Windows\FixCamera.exe ()
PRC - C:\Windows\vsnpstd3.exe ()
PRC - C:\Windows\tsnpstd3.exe ()
 
 
========== Modules (No Company Name) ==========
 
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\Engine.dll ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\morphology.dll ()
MOD - C:\Program Files (x86)\ABBYY Lingvo x5\Detoured.dll ()
MOD - C:\Program Files (x86)\NVIDIA Corporation\CoProcManager\detoured.dll ()
MOD - C:\Program Files (x86)\AVG\AVG10\Identity Protection\agent\bin\avgidsmonitor.exe ()
MOD - C:\Programme\Lenovo\AutoLock\cv210.dll ()
MOD - C:\Programme\Lenovo\AutoLock\cxcore210.dll ()
MOD - C:\Program Files (x86)\LENOVO\Message Center Plus\MCPLaunch.exe ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\QtCore4.dll ()
MOD - C:\Windows\FixCamera.exe ()
MOD - C:\Windows\vsnpstd3.exe ()
MOD - C:\Windows\tsnpstd3.exe ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\iconengines\qsvg1.dll ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\QtSvg4.dll ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\QtNetwork4.dll ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\QtGui4.dll ()
MOD - C:\Program Files (x86)\Paragon Software\Slovoed 7\QtXml4.dll ()
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - (TPHDEXLGSVC) -- C:\Windows\SysNative\TPHDEXLG64.exe (Lenovo.)
SRV:64bit: - (IBMPMSVC) -- C:\Windows\SysNative\ibmpmsvc.exe (Lenovo.)
SRV:64bit: - (lxdu_device) -- C:\Windows\SysNative\lxducoms.exe ( )
SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation)
SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated)
SRV - (McComponentHostService) -- C:\Program Files (x86)\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.)
SRV - (Dialog Mobile Broadband. RunOuc) -- C:\Program Files (x86)\Dialog Mobile Broadband\UpdateDog\ouc.exe ()
SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies)
SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated)
SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation)
SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation)
SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe (Microsoft Corporation.)
SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe (Microsoft Corporation.)
SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe (AVG Technologies CZ, s.r.o.)
SRV - (FLEXnet Licensing Service 64) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe (Acresso Software Inc.)
SRV - (FLEXnet Licensing Service) -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.)
SRV - (ABBYY.Licensing.Lingvo.Desktop.15.0) -- C:\Program Files (x86)\Common Files\ABBYY\Lingvo\15.0\Licensing\NetworkLicenseServer.exe (ABBYY)
SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe (NVIDIA Corporation)
SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation)
SRV - (DozeSvc) -- C:\Program Files (x86)\ThinkPad\Utilities\DZSVC64.EXE (Lenovo.)
SRV - (Power Manager DBC Service) -- C:\Program Files (x86)\ThinkPad\Utilities\PWMDBSVC.EXE (Lenovo)
SRV - (HWDeviceService64.exe) -- C:\ProgramData\DatacardService\HWDeviceService64.exe ()
SRV - (AcSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcSvc.exe (Lenovo)
SRV - (AcPrfMgrSvc) -- C:\Program Files (x86)\Lenovo\Access Connections\AcPrfMgrSvc.exe (Lenovo)
SRV - (LENOVO.TPKNRSVC) -- C:\Programme\Lenovo\Communications Utility\TPKNRSVC.exe (Lenovo Group Limited)
SRV - (LENOVO.CAMMUTE) -- C:\Programme\Lenovo\Communications Utility\CamMute.exe (Lenovo Group Limited)
SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG10\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)
SRV - (btwdins) -- C:\Programme\ThinkPad\Bluetooth Software\btwdins.exe (Broadcom Corporation.)
SRV - (EvtEng) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe (Intel(R) Corporation)
SRV - (RegSrvc) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe (Intel(R) Corporation)
SRV - (SUService) -- C:\Program Files (x86)\Lenovo\System Update\SUService.exe (Lenovo Group Limited)
SRV - (WMCoreService) -- C:\Program Files (x86)\Mobile Broadband drivers\WMCore\mini_WMCore.exe (Ericsson AB)
SRV - (HyperW7Svc) -- C:\Programme\Lenovo\RapidBoot\HyperW7Svc64.exe (Lenovo Group Limited)
SRV - (TPHKLOAD) -- C:\Programme\Lenovo\HOTKEY\tphkload.exe (Lenovo Group Limited)
SRV - (TPHKSVC) -- C:\Programme\Lenovo\HOTKEY\TPHKSVC.exe (Lenovo Group Limited)
SRV - (jhi_service) -- C:\Program Files (x86)\Intel\Services\IPT\jhi_service.exe (Intel Corporation)
SRV - (LENOVO.MICMUTE) -- C:\Programme\Lenovo\HOTKEY\micmute.exe (Lenovo Group Limited)
SRV - (SAService) -- C:\Windows\SysWOW64\SASrv.exe (Conexant Systems, Inc.)
SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation)
SRV - (wlidsvc) -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.)
SRV - (Lenovo.VIRTSCRLSVC) -- C:\Programme\Lenovo\VIRTSCRL\lvvsst.exe (Lenovo Group Limited)
SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation)
SRV - (PSI_SVC_2) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.)
SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation)
SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (UleadBurningHelper) -- C:\Program Files (x86)\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - (huawei_wwanecm) -- C:\Windows\SysNative\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_hwusbdev) -- C:\Windows\SysNative\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_cdcacm) -- C:\Windows\SysNative\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_enumerator) -- C:\Windows\SysNative\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (huawei_ext_ctrl) -- C:\Windows\SysNative\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (ew_usbenumfilter) -- C:\Windows\SysNative\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.)
DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation)
DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (CnxtHdAudService) -- C:\Windows\SysNative\drivers\CHDRT64.sys (Conexant Systems Inc.)
DRV:64bit: - (pmxdrv) -- C:\Windows\SysNative\drivers\pmxdrv.sys ()
DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\AVGIDSDriver.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (nvpciflt) -- C:\Windows\SysNative\drivers\nvpciflt.sys (NVIDIA Corporation)
DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (DzHDD64) -- C:\Windows\SysNative\drivers\DZHDD64.SYS (Lenovo.)
DRV:64bit: - (TPPWRIF) -- C:\Windows\SysNative\drivers\TPPWR64V.SYS (Lenovo Group Limited)
DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices)
DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices)
DRV:64bit: - (igfx) -- C:\Windows\SysNative\drivers\igdkmd64.sys (Intel Corporation)
DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.)
DRV:64bit: - (AVGIDSEH) -- C:\Windows\SysNative\drivers\AVGIDSEH.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (SynTP) -- C:\Windows\SysNative\drivers\SynTP.sys (Synaptics Incorporated)
DRV:64bit: - (AVGIDSFilter) -- C:\Windows\SysNative\drivers\AVGIDSFilter.sys (AVG Technologies CZ, s.r.o. )
DRV:64bit: - (WwanUsbServ) -- C:\Windows\SysNative\drivers\WwanUsbMp64.sys (Ericsson AB)
DRV:64bit: - (NETwNs64) -- C:\Windows\SysNative\drivers\NETwNs64.sys (Intel Corporation)
DRV:64bit: - (e1cexpress) -- C:\Windows\SysNative\drivers\e1c62x64.sys (Intel Corporation)
DRV:64bit: - (BTWAMPFL) -- C:\Windows\SysNative\drivers\btwampfl.sys (Broadcom Corporation.)
DRV:64bit: - (btwl2cap) -- C:\Windows\SysNative\drivers\btwl2cap.sys (Broadcom Corporation.)
DRV:64bit: - (btwrchid) -- C:\Windows\SysNative\drivers\btwrchid.sys (Broadcom Corporation.)
DRV:64bit: - (btwavdt) -- C:\Windows\SysNative\drivers\btwavdt.sys (Broadcom Corporation.)
DRV:64bit: - (btwaudio) -- C:\Windows\SysNative\drivers\btwaudio.sys (Broadcom Corporation.)
DRV:64bit: - (Shockprf) -- C:\Windows\SysNative\drivers\ApsX64.sys (Lenovo.)
DRV:64bit: - (TPDIGIMN) -- C:\Windows\SysNative\drivers\ApsHM64.sys (Lenovo.)
DRV:64bit: - (risdxc) -- C:\Windows\SysNative\drivers\risdxc64.sys (REDC)
DRV:64bit: - (5U877) -- C:\Windows\SysNative\drivers\5U877.sys (Ricoh co.,Ltd.)
DRV:64bit: - (l36wgps) -- C:\Windows\SysNative\drivers\l36wgps64.sys (Ericsson AB)
DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation)
DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation)
DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company)
DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation)
DRV:64bit: - (IBMPMDRV) -- C:\Windows\SysNative\drivers\ibmpmdrv.sys (Lenovo.)
DRV:64bit: - (iaStor) -- C:\Windows\SysNative\drivers\iaStor.sys (Intel Corporation)
DRV:64bit: - (Mbm3Mdm) -- C:\Windows\SysNative\drivers\Mbm3Mdm.sys (MCCI Corporation)
DRV:64bit: - (Mbm3DevMt) -- C:\Windows\SysNative\drivers\Mbm3DevMt.sys (MCCI Corporation)
DRV:64bit: - (Mbm3CBus) -- C:\Windows\SysNative\drivers\Mbm3CBus.sys (MCCI Corporation)
DRV:64bit: - (Mbm3mdfl) -- C:\Windows\SysNative\drivers\Mbm3mdfl.sys (MCCI Corporation)
DRV:64bit: - (MEIx64) -- C:\Windows\SysNative\drivers\HECIx64.sys (Intel Corporation)
DRV:64bit: - (lenovo.smi) -- C:\Windows\SysNative\drivers\smiifx64.sys (Lenovo Group Limited)
DRV:64bit: - (ecnssndisfltr) -- C:\Windows\SysNative\drivers\wwussf64.sys (Ericsson AB)
DRV:64bit: - (ecnssndis) -- C:\Windows\SysNative\drivers\wwuss64.sys (Ericsson AB)
DRV:64bit: - (psadd) -- C:\Windows\SysNative\drivers\psadd.sys (Lenovo (United States) Inc.)
DRV:64bit: - (TVTI2C) -- C:\Windows\SysNative\drivers\tvti2c.sys (Lenovo (United States) Inc.)
DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.)
DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation)
DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation)
DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology)
DRV:64bit: - (TPM) -- C:\Windows\SysNative\drivers\tpm.sys (Microsoft Corporation)
DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation)
DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation)
DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation)
DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.)
DRV:64bit: - (adfs) -- C:\Windows\SysNative\drivers\adfs.sys (Adobe Systems, Inc.)
DRV:64bit: - (SNPSTD3) -- C:\Windows\SysNative\drivers\snpstd3.sys (Sonix Co. Ltd.)
DRV - (PCDSRVC{127174DC-C366ED8B-06020101}_0) -- c:\Programme\PC-Doctor\pcdsrvc_x64.pkms (PC-Doctor, Inc.)
DRV - (PHCORE) -- C:\Programme\Lenovo\RapidBoot\PHCORE64.sys (Lenovo Group Limited)
DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation)
DRV - (smihlp) -- C:\Programme\ThinkVantage Fingerprint Software\smihlp.sys (UPEK Inc.)
DRV - (adfs) -- C:\Windows\SysWow64\drivers\adfs.sys (Adobe Systems, Inc.)
DRV - (SNPSTD3) -- C:\Windows\SysWOW64\drivers\snpstd3.sys (Sonix Co. Ltd.)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{555C2C35-405E-4E9D-9849-A4E570B264E6}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{B97997D3-E859-4A99-B63D-05468230A595}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=LEMDF8&pc=MALC&src=IE-SearchBox
 
 
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1000\..\SearchScopes,DefaultScope = 
 
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.lenovo.com/welcome/thinkpad [binary data]
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\..\SearchScopes,DefaultScope = 
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\..\SearchScopes\{0D8023A6-08DD-479D-BDEB-A8CC81B91839}: "URL" = hxxp://search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms}
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\..\SearchScopes\{D6DCE754-35C3-4CFA-B9C1-A9AA43EFBE05}: "URL" = hxxp://yandex.ru/yandsearch?clid=1782902&text={searchTerms}
IE - HKU\S-1-5-21-169101723-969563805-3752687339-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..extensions.enabledAddons: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..browser.search.defaultenginename: "Yahoo"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=utf-8&fr=greentree_ff1&type=827316&ilc=12&p="
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316"
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files (x86)\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files (x86)\AVG\AVG10\Firefox4\ [2012.12.31 18:10:21 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Components: C:\Users\Raquel\Thunderbird\App\thunderbird\components [2013.03.12 06:45:08 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.4\extensions\\Plugins: C:\Users\Raquel\Thunderbird\App\thunderbird\plugins [2013.03.12 06:45:09 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Components: C:\Thunderbird\App\thunderbird\components
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 3.1.15\extensions\\Plugins: C:\Thunderbird\App\thunderbird\plugins
 
[2011.07.28 00:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raquel\AppData\Roaming\mozilla\Extensions
[2011.07.28 00:36:23 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raquel\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6}
[2013.03.19 19:56:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Raquel\AppData\Roaming\mozilla\Firefox\Profiles\ckwwzcou.default\extensions
[2012.12.31 18:10:21 | 000,000,000 | ---D | M] (AVG Safe Search) -- C:\PROGRAM FILES (X86)\AVG\AVG10\FIREFOX4
 
========== Chrome  ==========
 
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}{google:searchClient}{google:sourceId}{google:instantExtendedEnabledParameter}ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&q={searchTerms}&{google:cursorPosition}sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://www.google.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\25.0.1364.172\pdf.dll
CHR - plugin: AVG Internet Security (Enabled) = C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\10.0.0.1409_0\plugins/avgnpss.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll
CHR - plugin: NVIDIA 3D Vision (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll
CHR - plugin: NVIDIA 3D VISION (Enabled) = C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll
CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files (x86)\Microsoft Silverlight\4.0.60831.0\npctrl.dll
CHR - Extension: YouTube = C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: Google Mail = C:\Users\Raquel\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2009.06.11 02:30:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssiea.dll (AVG Technologies CZ, s.r.o.)
O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.)
O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Program Files (x86)\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files (x86)\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4:64bit: - HKLM..\Run: [AcWin7Hlpr] C:\Program Files (x86)\Lenovo\Access Connections\AcTBenabler.exe (Lenovo)
O4:64bit: - HKLM..\Run: [ALCKRESI.EXE] C:\Programme\Lenovo\AutoLock\ALCKRESI.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [ForteConfig] C:\Programme\CONEXANT\ForteConfig\fmapp.exe ()
O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [LENOVO.TPKNRRES] C:\Programme\Lenovo\Communications Utility\TpKnrres.exe (Lenovo Group Limited)
O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation)
O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe ()
O4:64bit: - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4:64bit: - HKLM..\Run: [TpShocks] C:\Windows\SysNative\TpShocks.exe (Lenovo.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files (x86)\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [FixCamera] C:\Windows\FixCamera.exe ()
O4 - HKLM..\Run: [Lingvo Launcher] C:\Program Files (x86)\ABBYY Lingvo x5\LvAgent.exe (ABBYY (BIT Software))
O4 - HKLM..\Run: [PWMTRV] rundll32 C:\PROGRA~2\ThinkPad\UTILIT~1\PWMTR64V.DLL,PwrMgrBkGndMonitor File not found
O4 - HKLM..\Run: [RotateImage] C:\Program Files (x86)\Integrated Camera Driver\X64\RCIMGDIR.exe (Ricoh co.,Ltd.)
O4 - HKLM..\Run: [Slovoed 7] C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe ()
O4 - HKLM..\Run: [snpstd3] C:\Windows\vsnpstd3.exe ()
O4 - HKLM..\Run: [tsnpstd3] C:\Windows\tsnpstd3.exe ()
O4 - HKU\S-1-5-21-169101723-969563805-3752687339-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-169101723-969563805-3752687339-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-169101723-969563805-3752687339-1000..\RunOnce: [spchecker] C:\Program Files (x86)\AVG\AVG10\Notification\SPCheckerTE.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169101723-969563805-3752687339-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169101723-969563805-3752687339-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-169101723-969563805-3752687339-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8:64bit: - Extra context menu item: Translate with &ABBYY Lingvo x5 - C:\Program Files (x86)\ABBYY Lingvo x5\Lingvo.exe (ABBYY (BIT Software))
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~4\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie_ctx.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~4\Office14\EXCEL.EXE/3000 File not found
O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O8 - Extra context menu item: Translate with &ABBYY Lingvo x5 - C:\Program Files (x86)\ABBYY Lingvo x5\Lingvo.exe (ABBYY (BIT Software))
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : &Связанные заметки OneNote - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\ThinkPad\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\ThinkPad\Bluetooth Software\btsendto_ie.htm ()
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.)
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4F05559E-D165-48E9-8A42-F0691F2DEA7A}: NameServer =  
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{923870C9-DBE0-46B4-9E9F-381D7541A584}: DhcpNameServer = 192.168.1.1
O18:64bit: - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgppa.dll (AVG Technologies CZ, s.r.o.)
O18:64bit: - Protocol\Handler\livecall - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found
O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found
O18:64bit: - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Handler\msnim - No CLSID value found
O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found
O18:64bit: - Protocol\Handler\skype4com - No CLSID value found
O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found
O18:64bit: - Protocol\Handler\wlpg - No CLSID value found
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files (x86)\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O18:64bit: - Protocol\Filter\text/xml - No CLSID value found
O20:64bit: - AppInit_DLLs: (C:\Windows\System32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation)
O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\psfus: DllName - (C:\Program Files\ThinkVantage Fingerprint Software\psqlpwd.dll) - C:\Programme\ThinkVantage Fingerprint Software\psqlpwd.dll (UPEK Inc.)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgchsva.exe /sync)
O34 - HKLM BootExecute: (C:\PROGRA~2\AVG\AVG10\avgrsa.exe /sync /restart)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.03.19 19:36:38 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.03.19 19:36:19 | 000,000,000 | ---D | C] -- C:\JRT
[2013.03.19 19:34:37 | 000,549,920 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Raquel\Desktop\JRT.exe
[2013.03.19 06:38:01 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.03.18 23:16:08 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.03.18 21:44:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.03.18 21:44:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.03.18 21:44:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.03.18 21:39:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.03.18 21:39:06 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.03.18 20:58:42 | 005,041,875 | R--- | C] (Swearware) -- C:\Users\Raquel\Desktop\ComboFix.exe
[2013.03.13 05:18:38 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Raquel\Desktop\aswMBR.exe
[2013.03.13 05:18:31 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Raquel\Desktop\tdsskiller.exe
[2013.03.12 19:08:48 | 000,000,000 | ---D | C] -- C:\Windows\Minidump
[2013.03.12 18:03:51 | 000,000,000 | ---D | C] -- C:\Users\Raquel\Desktop\mbar-1.01.0.1021
[2013.03.10 05:05:13 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2013.03.08 17:11:51 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Raquel\Desktop\OTL.exe
[2013.02.28 09:01:34 | 000,000,000 | ---D | C] -- C:\Users\Raquel\AppData\Roaming\Malwarebytes
[2013.02.28 08:59:28 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ MALWAREBYTES ANTI-MALWARE 
[2013.02.28 08:59:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.02.28 08:59:26 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys
[2013.02.28 08:59:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.02.28 08:59:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware
[2013.02.27 20:27:04 | 000,000,000 | ---D | C] -- C:\Users\Raquel\Documents\Reisekostenabrechnung Dezember 2012
[2013.02.27 20:20:26 | 000,000,000 | ---D | C] -- C:\Users\Raquel\AppData\Roaming\{35DE4F28-A4BE-4F10-A49C-975D40B597D0}
[2013.02.27 20:20:06 | 000,000,000 | ---D | C] -- C:\Users\Raquel\AppData\Roaming\{E0F63152-C24E-4A21-83E2-41B815A52919}
[2013.02.27 20:19:56 | 000,000,000 | ---D | C] -- C:\TEMP
[2013.02.20 17:05:56 | 000,000,000 | ---D | C] -- C:\Users\Raquel\AppData\Local\ABBYY
[2013.02.20 16:56:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY Lingvo x5
[2013.02.20 16:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ABBYY Lingvo x5
[2013.02.20 16:55:10 | 000,000,000 | ---D | C] -- C:\ProgramData\ABBYY
[2013.02.20 16:55:10 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\ABBYY
[2013.02.20 16:51:44 | 000,000,000 | ---D | C] -- C:\Users\Raquel\Local Settings
[2013.02.19 09:57:36 | 000,000,000 | ---D | C] -- C:\Users\Raquel\AppData\Roaming\Softland
[2013.02.19 09:57:34 | 000,025,480 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmn7.dll
[2013.02.19 09:57:34 | 000,020,872 | ---- | C] (Softland) -- C:\Windows\SysNative\dopdfmi7.dll
[2013.02.19 09:57:33 | 001,700,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll
[2013.02.19 09:57:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\doPDF 7
[2013.02.19 09:57:32 | 000,000,000 | ---D | C] -- C:\Program Files\Softland
[2011.08.03 15:51:26 | 018,459,352 | ---- | C] (Frank Heindörfer, Philip Chinery                            ) -- C:\Users\Raquel\PDFCreator-1_2_2_setup.exe
 
========== Files - Modified Within 30 Days ==========
 
[2013.03.19 21:14:00 | 000,000,382 | ---- | M] () -- C:\Windows\tasks\SystemToolsDailyTest.job
[2013.03.19 21:11:00 | 000,000,528 | ---- | M] () -- C:\Windows\tasks\PCDoctorBackgroundMonitorTask.job
[2013.03.19 21:07:06 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.03.19 21:07:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.03.19 21:07:04 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.03.19 20:09:47 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:09:47 | 000,031,072 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.03.19 20:06:49 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.03.19 20:06:49 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.03.19 20:06:49 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.03.19 20:06:49 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.03.19 20:06:49 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.03.19 20:02:40 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.03.19 20:01:51 | 3132,542,976 | -HS- | M] () -- C:\hiberfil.sys
[2013.03.19 19:35:05 | 000,549,920 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Raquel\Desktop\JRT.exe
[2013.03.19 17:25:58 | 113,875,165 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\incavi.avm
[2013.03.19 07:41:44 | 000,609,993 | ---- | M] () -- C:\Users\Raquel\Desktop\adwcleaner.exe
[2013.03.18 21:06:03 | 005,041,875 | R--- | M] (Swearware) -- C:\Users\Raquel\Desktop\ComboFix.exe
[2013.03.14 20:53:35 | 000,000,512 | ---- | M] () -- C:\Users\Raquel\Desktop\MBR.dat
[2013.03.14 05:25:39 | 000,002,194 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.03.14 05:10:47 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe
[2013.03.14 05:10:47 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
[2013.03.13 19:44:41 | 540,969,815 | ---- | M] () -- C:\Windows\MEMORY.DMP
[2013.03.13 05:21:14 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Raquel\Desktop\aswMBR.exe
[2013.03.13 05:20:06 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Raquel\Desktop\tdsskiller.exe
[2013.03.12 06:47:08 | 013,786,977 | ---- | M] () -- C:\Users\Raquel\Desktop\mbar-1.01.0.1021.zip
[2013.03.12 06:42:52 | 000,377,856 | ---- | M] () -- C:\Users\Raquel\Desktop\gmer_2.1.19155.exe
[2013.03.09 19:59:42 | 000,171,929 | ---- | M] () -- C:\Users\Raquel\Documents\VISA Receipt.pdf
[2013.03.09 08:27:02 | 000,005,356 | ---- | M] () -- C:\Users\Raquel\Documents\Scan AVG AntiVirus_28.02.13.csv
[2013.03.08 17:11:55 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Raquel\Desktop\OTL.exe
[2013.03.08 17:11:25 | 000,000,000 | ---- | M] () -- C:\Users\Raquel\defogger_reenable
[2013.03.08 17:09:12 | 000,050,477 | ---- | M] () -- C:\Users\Raquel\Desktop\Defogger.exe
[2013.03.03 20:22:53 | 000,200,526 | ---- | M] () -- C:\Users\Raquel\Documents\3 - Resume - Lina Valdshmit.pdf
[2013.03.01 19:03:47 | 000,135,961 | ---- | M] () -- C:\Users\Raquel\Desktop\wordhilfe_raquel.jpg
[2013.03.01 15:30:26 | 000,076,337 | ---- | M] () -- C:\Users\Raquel\Documents\Out of Office.jpg
[2013.02.28 15:18:08 | 000,110,277 | ---- | M] () -- C:\Users\Raquel\Documents\UrbanRail.Net _ Asia _ Thailand _ Bangkok Metro.pdf
[2013.02.28 08:59:27 | 000,001,120 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 21:40:42 | 001,174,971 | ---- | M] () -- C:\Users\Raquel\Desktop\DSC_1236.JPG
[2013.02.27 07:56:50 | 001,470,881 | ---- | M] () -- C:\Users\Raquel\Desktop\DSC_1200.JPG
[2013.02.26 06:56:33 | 000,358,485 | ---- | M] () -- C:\Windows\SysNative\drivers\AVG\iavichjg.avm
[2013.02.25 19:09:56 | 000,220,896 | ---- | M] () -- C:\Users\Raquel\Desktop\IMG_0024 (640x480).jpg
[2013.02.24 14:11:22 | 000,258,908 | ---- | M] () -- C:\Users\Raquel\Desktop\Saiga.jpg
[2013.02.24 14:07:50 | 000,139,216 | ---- | M] () -- C:\Users\Raquel\Desktop\IMG_0005 (640x480).jpg
[2013.02.22 09:49:33 | 000,002,953 | ---- | M] () -- C:\Users\Raquel\Desktop\AAAA_Schutz der Biodiversität in der grenzübergreifenden Region Nord Tian shan Gebirge - Verknüpfung.lnk
[2013.02.21 20:59:40 | 000,009,842 | ---- | M] () -- C:\Users\Raquel\Desktop\Marktwert NICHT-vornutzungsbelastet_FORMEL.jpg
[2013.02.21 07:03:00 | 002,979,592 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
[2013.02.20 16:56:38 | 000,002,021 | ---- | M] () -- C:\Users\Public\Desktop\ABBYY Lingvo x5.lnk
 
========== Files Created - No Company Name ==========
 
[2013.03.19 07:41:11 | 000,609,993 | ---- | C] () -- C:\Users\Raquel\Desktop\adwcleaner.exe
[2013.03.18 21:44:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.03.18 21:44:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.03.18 21:44:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.03.18 21:44:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.03.18 21:44:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.03.14 20:53:35 | 000,000,512 | ---- | C] () -- C:\Users\Raquel\Desktop\MBR.dat
[2013.03.12 19:08:42 | 540,969,815 | ---- | C] () -- C:\Windows\MEMORY.DMP
[2013.03.12 06:42:49 | 013,786,977 | ---- | C] () -- C:\Users\Raquel\Desktop\mbar-1.01.0.1021.zip
[2013.03.12 06:42:46 | 000,377,856 | ---- | C] () -- C:\Users\Raquel\Desktop\gmer_2.1.19155.exe
[2013.03.09 19:58:26 | 000,171,929 | ---- | C] () -- C:\Users\Raquel\Documents\VISA Receipt.pdf
[2013.03.09 08:27:02 | 000,005,356 | ---- | C] () -- C:\Users\Raquel\Documents\Scan AVG AntiVirus_28.02.13.csv
[2013.03.08 17:11:25 | 000,000,000 | ---- | C] () -- C:\Users\Raquel\defogger_reenable
[2013.03.08 17:09:12 | 000,050,477 | ---- | C] () -- C:\Users\Raquel\Desktop\Defogger.exe
[2013.03.03 20:22:51 | 000,200,526 | ---- | C] () -- C:\Users\Raquel\Documents\3 - Resume - Lina Valdshmit.pdf
[2013.03.01 19:03:42 | 000,135,961 | ---- | C] () -- C:\Users\Raquel\Desktop\wordhilfe_raquel.jpg
[2013.03.01 15:30:26 | 000,076,337 | ---- | C] () -- C:\Users\Raquel\Documents\Out of Office.jpg
[2013.02.28 15:17:10 | 000,110,277 | ---- | C] () -- C:\Users\Raquel\Documents\UrbanRail.Net _ Asia _ Thailand _ Bangkok Metro.pdf
[2013.02.28 08:59:27 | 000,001,120 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2013.02.27 21:35:29 | 001,174,971 | ---- | C] () -- C:\Users\Raquel\Desktop\DSC_1236.JPG
[2013.02.27 20:22:37 | 000,044,310 | ---- | C] () -- C:\Users\Raquel\Documents\steuer_ausfuhrbescheinigung.pdf
[2013.02.27 07:56:24 | 001,470,881 | ---- | C] () -- C:\Users\Raquel\Desktop\DSC_1200.JPG
[2013.02.25 19:09:49 | 000,220,896 | ---- | C] () -- C:\Users\Raquel\Desktop\IMG_0024 (640x480).jpg
[2013.02.24 14:11:21 | 000,258,908 | ---- | C] () -- C:\Users\Raquel\Desktop\Saiga.jpg
[2013.02.24 14:07:46 | 000,139,216 | ---- | C] () -- C:\Users\Raquel\Desktop\IMG_0005 (640x480).jpg
[2013.02.22 09:49:33 | 000,002,953 | ---- | C] () -- C:\Users\Raquel\Desktop\AAAA_Schutz der Biodiversität in der grenzübergreifenden Region Nord Tian shan Gebirge - Verknüpfung.lnk
[2013.02.21 20:59:38 | 000,009,842 | ---- | C] () -- C:\Users\Raquel\Desktop\Marktwert NICHT-vornutzungsbelastet_FORMEL.jpg
[2013.02.20 16:56:38 | 000,002,021 | ---- | C] () -- C:\Users\Public\Desktop\ABBYY Lingvo x5.lnk
[2013.02.19 09:57:34 | 000,007,549 | ---- | C] () -- C:\Windows\SysNative\dopdf7.ctm
[2011.09.01 14:03:49 | 001,036,288 | ---- | C] () -- C:\Windows\SysWow64\lxdudrs.dll
[2011.09.01 14:03:49 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\lxducaps.dll
[2011.09.01 14:03:49 | 000,069,632 | ---- | C] () -- C:\Windows\SysWow64\lxducnv4.dll
[2011.08.21 23:47:39 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys
[2011.08.18 02:06:07 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI
[2011.08.07 17:38:05 | 006,015,435 | ---- | C] () -- C:\Users\Raquel\FSViewer46.zip
[2011.08.07 13:59:11 | 000,020,480 | ---- | C] () -- C:\Windows\FixCamera.exe
[2011.08.07 13:59:10 | 000,270,336 | ---- | C] () -- C:\Windows\tsnpstd3.exe
[2011.08.07 13:59:10 | 000,155,648 | ---- | C] ( ) -- C:\Windows\SysWow64\rsnpstd3.dll
[2011.08.07 13:59:10 | 000,053,248 | ---- | C] ( ) -- C:\Windows\csnpstd3.dll
[2011.08.07 13:47:17 | 000,000,022 | ---- | C] () -- C:\Users\Raquel\00086510_w2000xpvista_v1.0.zip
[2011.07.29 01:07:16 | 000,000,000 | ---- | C] () -- C:\Windows\nsreg.dat
[2011.06.15 07:33:58 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll
[2011.06.14 22:05:19 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin
[2011.06.14 22:05:18 | 000,213,332 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin
[2011.06.14 22:05:18 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin
[2011.06.14 22:04:22 | 000,029,895 | R--- | C] () -- C:\Windows\ConnectionProfiles.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 10:25:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2010.11.21 08:53:55 | 014,174,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2010.11.21 08:54:02 | 012,872,192 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 07:10:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 08:54:25 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 07:11:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
 
========== Files - Unicode (All) ==========
[2013.02.21 21:15:51 | 000,017,351 | ---- | M] ()(C:\Users\Raquel\Desktop\?????? ????.docx) -- C:\Users\Raquel\Desktop\Привет Саша.docx
[2013.02.21 21:15:50 | 000,017,351 | ---- | C] ()(C:\Users\Raquel\Desktop\?????? ????.docx) -- C:\Users\Raquel\Desktop\Привет Саша.docx
[2013.02.15 19:41:24 | 000,000,000 | ---D | M](C:\Users\Raquel\Documents\????????) -- C:\Users\Raquel\Documents\Протакол
[2013.02.15 19:36:45 | 000,000,000 | ---D | C](C:\Users\Raquel\Documents\????????) -- C:\Users\Raquel\Documents\Протакол

< End of report >

cosinus · 20.03.2013, 13:29

Zitat:

C:\Program Files (x86)\Paragon Software\Slovoed 7\Slovoed.exe ()

Hm, wasndas, kennst du das?
Bitte diese Datei bei und hochladen, Anleitung => http://www.trojaner-board.de/54791-a...tml#post349565

raquel · 01.04.2013, 11:30

Hallo cosinus,
sieht so aus, als ob meine Antwort viele Tage zuvor nicht hochgeladen wurde...und da wart ich auf Antwort, dumm auch! Slovoed ist ein Übersetzungsprogramm das ich gekauft habe. Vor dem Kauf habe ich eine Testversion runtergeladen.

Datei hab ich hochgeladen, den Link von diesem THema angegeben und meinen Benutzernamen. Ich hoffe das reicht, damit Du sie findest.

cosinus · 01.04.2013, 20:33

Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren

Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt:

ESET Online Scanner

Hier findest du eine bebilderte Anleitung zu ESET Online Scanner
Lade und starte Eset Online Scanner
Setze einen Haken bei Ja, ich bin mit den Nutzungsbedingungen einverstanden und klicke auf Starten.
Aktiviere die "Erkennung von eventuell unerwünschten Anwendungen" und wähle folgende Einstellungen.
Klicke auf Starten.
Die Signaturen werden heruntergeladen, der Scan beginnt automatisch.
Klicke am Ende des Suchlaufs auf Fertig stellen.
Schließe das Fenster von ESET.
Explorer öffnen.
C:\Programme\Eset\EsetOnlineScanner\log.txt (bei 64 Bit auch C:\Programme (x86)\Eset\EsetOnlineScanner\log.txt) suchen und mit Deinem Editor öffnen (bebildert).
Logfile hier posten.
Deinstallation: Systemsteuerung => Software / Programme deinstallieren => Eset Online Scanner V3 entfernen.
Manuell folgenden Ordner löschen und Papierkorb leeren => C:\Programme\Eset

raquel · 03.04.2013, 05:28

Hier der Log des Quickscans:

Code:

ATTFilter

Malwarebytes Anti-Malware 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.04.02.06

Windows 7 Service Pack 1 x64 NTFS
Internet Explorer 9.0.8112.16421
Raquel :: RAQUEL-THINK [Administrator]

02.04.2013 19:39:27
mbam-log-2013-04-02 (19-39-27).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 255394
Laufzeit: 3 Minute(n), 22 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Dann habe ich alle Festplatte, USB und Intenretdongle an den Rehcner angeschlossen und Eset Online Scanner durchlaufen lassen:

Code:

ATTFilter

ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3721e6879414bf44b31683a6b3124055
# engine=13131
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-02 04:51:42
# local_time=2013-04-02 10:21:42 (+0530, Sri Lanka Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 89 31710 108091046 0 0
# compatibility_mode=5893 16776574 100 94 52513280 116552542 0 0
# scanned=122734
# found=0
# cleaned=0
# scan_time=3546
ESETSmartInstaller@High as downloader log:
all ok
ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=3721e6879414bf44b31683a6b3124055
# engine=13535
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-03 04:21:52
# local_time=2013-04-03 09:51:52 (+0530, Sri Lanka Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=1032 16777213 100 89 73120 108132456 0 0
# compatibility_mode=5893 16776574 100 94 52554690 116593952 0 0
# scanned=424076
# found=131
# cleaned=0
# scan_time=9246
sh=B0FB70192B26C18858893F09E9D75D2E52F3F475 ft=0 fh=0000000000000000 vn="Win32/Bundpil.A worm" ac=I fn="E:\desktop.ini"
sh=35C0AFDCB64B40CDF1A61199B74035C749E3E093 ft=0 fh=0000000000000000 vn="Win32/Bundpil.L worm" ac=I fn="E:\Elements (466GB).lnk"
sh=029A3A047AF1E0813E7D3797CE542449ADD5E1BF ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg100.lnk"
sh=F4981A76F6F56BB3B4E111C8F22CE6E7FBDA32E4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg101.lnk"
sh=F5B860C472100E16596DEBB5C740FF4E33AC9D1F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg102.lnk"
sh=95535DE9DBAC25D264F0F36B7B9B4D1FC331E3A1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg103.lnk"
sh=1239FF35852CADA8302475D37503AB82499075B7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg104.lnk"
sh=374444E40C175C92BA9055E0F233CD2E7D195A7D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg105.lnk"
sh=7B896489DD9A01A69B0F4E431994F518433A72C0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg106.lnk"
sh=D7638473A06C7AFF2F05EB20FB0D730E29527C7A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg107.lnk"
sh=749072F2E03D3F498A943E474C2F042BDF32FD37 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg108.lnk"
sh=E55E6DDCEB8C262DAEA2C65235D1F13988052457 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg109.lnk"
sh=DB28EBBC3EBA7388861DBCB9587DF3FB107EA12C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg110.lnk"
sh=4DB9A07BBA082FB9F9D22E1CC8DC7E6B87FE70D1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg111.lnk"
sh=2429A3187FCE9C3517EE52F6279FDE96F1528BC8 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg112.lnk"
sh=FB23B5BAC0174C77544996181AF66A1289F19AE9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg113.lnk"
sh=8C25F6B03A5D739BE3658526BF003DADD54BD989 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg114.lnk"
sh=B307584A0A598F6F86169B5FEEFD8F72BE769058 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg115.lnk"
sh=2333AE9D63A42472071C87737E0C4F372EDA788C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg62.lnk"
sh=8C78AC696D279A832702C21A93E796AAABEFEB01 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg63.lnk"
sh=C8AC1B260617EDC4B97704393F284D79A99D5084 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg64.lnk"
sh=1DB80617CA8DFED0325F503D8B89BA5E55DDC1B3 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg65.lnk"
sh=28A287796852C890F6EB03CD2BECE6437FC2DDB2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg66.lnk"
sh=E164B97D7DB852E3589E6FDEB746E51D72C35F07 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg67.lnk"
sh=978D4667AFD1DE663E87BE8F87CAE08962954FF2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg68.lnk"
sh=78783624336C1AE19E2C6631A98EC6E1A1FABFB7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg69.lnk"
sh=0F2D01B336FBEB1E0F7A0BBE3DED154BB947B96F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg70.lnk"
sh=EC0B449C7F16256984DC1113E32C2CFAB2222CCC ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg71.lnk"
sh=F1C611A87C0C1D5BE030F8B5ACD152BA53718CC5 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg72.lnk"
sh=8F0A87B1981E358D8E0DE929B74850D00FF1F3FA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg73.lnk"
sh=392213A93384F96B4DF545B841EDBA96A5A3EBBA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg74.lnk"
sh=58A85555EBCA3C4EDEAC3BACBAE7A42975FF4A9D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg75.lnk"
sh=842218F5915343756162AB4866B6EB74D1B64EFA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg76.lnk"
sh=3D9A96E9373A811A0C08626012FBF4EE49EC1173 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg77.lnk"
sh=8A0720170BA201E71BB0B7281C8F63CCFCB56013 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg79.lnk"
sh=B2235FB9BD4D1799333C593A145F099542BF1E46 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg80.lnk"
sh=290BE2DD13958148A23A7152EB4D1787B61C744B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg81.lnk"
sh=CD20915765E9094761C6EE1969C5B1D808D45C7F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg82.lnk"
sh=310628D2806C810E5D77E68A87F416A7BA0D7F5B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg83.lnk"
sh=BE33C0EDCCCE6C9D19BFAF74E7E592B212F2880A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg84.lnk"
sh=24A6A747F0701B695A436E401C46B3DCEE7007A6 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg85.lnk"
sh=9DABF62216C1101304C3CAB4D5DD5503B5FADA9D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg86.lnk"
sh=90D4F88B4CE0B97E77FB0216EA374F28D12CF3DE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg87.lnk"
sh=4DE5FEBDCBCBE9E5894CC655C7825FFFCA44FD79 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg88.lnk"
sh=71AE9C29E485E2A455DE1B4E1744DFA76E939FCB ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg89.lnk"
sh=7925958BE22341C25B4920A086B093713BB8920E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg90.lnk"
sh=6F90ACA9B1EDBA72BBC8F2A3A8DB98820F4DC87B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg91.lnk"
sh=745D4985235D70689006385D32DBDBF39968336B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg92.lnk"
sh=171FA1CEBD81A050C91219D589D797510B4DFFD5 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg93.lnk"
sh=54B198F635F74BF26C8A8F7B46AE2EEC041A105F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dg94.lnk"
sh=330894D7B69B382957B32EF5D66E7CF5276BCC11 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh116.lnk"
sh=2A510ACD7B532EE522313A9F91FA5140222EB6F2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh117.lnk"
sh=A580A2F1B7D50D18DF4A6DBD0CA52B6CD88BCB38 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh118.lnk"
sh=FB7959C527794F2CC55B1CC617AF6EA6B934EBBA ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh119.lnk"
sh=03E4CB69BB026B1A60B0D476187CF437F344BB96 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh120.lnk"
sh=9C73D9C85C64D29D95B6519273027DF06B9E8FF2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh121.lnk"
sh=DFB446EADCD3E6C044A68E4C2818CB2880ECB010 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh122.lnk"
sh=71AA035A22B48D94FAF8B16583DEF8C84FB363BD ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh123.lnk"
sh=904A9AB563027751292BD6FE1FA3B4144246DAAD ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh124.lnk"
sh=30C432BB6640699DD800738C5EF5ED6C0FAC0643 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh125.lnk"
sh=44589EE32536C0945782DF80BD40DE2C6190BEF4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh126.lnk"
sh=C2C8EC7E54B6F69F5895E3F098F1E2E17EDF3E92 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh127.lnk"
sh=1D3BD0F11CF5AD0CAD6D274576E2D09D1444430D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh128.lnk"
sh=D5F867E69454A512979EDF4448C5399AE329605A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh129.lnk"
sh=31301310382E10895F88F3D703BB0B17F13B38B7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh130.lnk"
sh=63758709D7E345BC91A3841D92E127551842EDB9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh131.lnk"
sh=C507D8C544C9BE501848C473C6ABB6A2AB929076 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh135.lnk"
sh=FFD2E53D6D23040E76EC1BDF0292C6B13DBB66F7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh136.lnk"
sh=964FF8A645D174B173060F1AE141952DC66EEB3D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh137.lnk"
sh=D55C8AA5401DD7D77ABAB214DA9B2AA9A7841815 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh138.lnk"
sh=F01E9B2F87E82AEC39870E1082A2A5B94D7BF04E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh139.lnk"
sh=398C4568587EEFCAE9FA56B91384A7EE1DB6FB8C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh140.lnk"
sh=AA051C55A6C89B528535EC43689273229116D4E4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh141.lnk"
sh=35F07DE60A9AB428CF0170F7F592BA8B9D4B98EB ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh142.lnk"
sh=7CAA92E73AE7443AABFF1C65D9B3C296923942B9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh143.lnk"
sh=F77D8E47A7CA14FDB1EBDDD8803EE17ABDC61EB9 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh144.lnk"
sh=83B8A7B13E74563C99220CFF5A1C07445C193909 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh145.lnk"
sh=2058129C37E5DE1FBE85350BC07178F133B9CE52 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh146.lnk"
sh=C7FD9A0BC94EE71177E71089899B1A4D18E2FE75 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh147.lnk"
sh=FACA9BFDE752EE1E6D58A439D71E4BC3D47D353A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh148.lnk"
sh=91A6882B67052C4FE3C56C87D4A43A175F656E35 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh149.lnk"
sh=2AEEBA26FC86CB1AA8D5DACFE63C9BBB2671534E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh150.lnk"
sh=1CB62F8E40AB2D1A8938F908E4836B014DB85581 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh152.lnk"
sh=21D1A27DF950711B48ADAEAFE4D9A28D9191549C ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh153.lnk"
sh=2CC5CF34E4B7CA84F0E0432982872F16E413D986 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh154.lnk"
sh=1292DE2CE218ECAE0D523722EB180916EAA368F1 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh155.lnk"
sh=8484AECAA8097B1ED6502B421B8220C3E11E20DC ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh156.lnk"
sh=F77F4FDA747C41F925FA425F3F41D56E19044EDE ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh157.lnk"
sh=CB4A8CC3871B0DF0BA4A986C1BBBA9C55B41D814 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh158.lnk"
sh=3DFB7A70B71FB78BBAAA923DF08311BE37342D85 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh159.lnk"
sh=DD0F865FE479128C8AA8DD27E23A686D713AB838 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh160.lnk"
sh=4526122DDA7A4755E5CAD4D96C7B40F34F8A9CB7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh161.lnk"
sh=559BA9FD0524F3FDEC0DFF1823875E8E24EFE4A4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh162.lnk"
sh=A35CCA1FC4222F27330CA5E366E88255DC7AFAD8 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh163.lnk"
sh=5A8B4CD22E872C91C88B7D644124F49F54C5EC6A ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh164.lnk"
sh=6B684B605426932324AC13EA32EBD649F92C85D8 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh165.lnk"
sh=2DE52E5C83CAB9DBDBA1EEF5662A09D333466E3D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh166.lnk"
sh=EAEBCC15AAD90F7E1E05CF62779D4A318DEA3C77 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh167.lnk"
sh=3D171B181A7FB96A7393BE627128D20EBCC2E73D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh168.lnk"
sh=B2D533664DA88E99E67EDC92CC781F776EBAF6E7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh172.lnk"
sh=72E1339C793617C96FE742081EE60925E22DEC21 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh173.lnk"
sh=EBCA4A572835DC5168C8EFED17B646A53C8967B4 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh174.lnk"
sh=4E7AC2E357CE99C012AD1F921A562892A79EB993 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh175.lnk"
sh=40F1C16CBFFA11320E49296A204AD338B5726D88 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh176.lnk"
sh=BB31AF4F55AA3D5D7E799A434F0364D2FE41C365 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh177.lnk"
sh=542169278796B1FB2D028F854CE1BA9C5B89B611 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh178.lnk"
sh=921D6B07EB78673FBC38D5506532A25F53179433 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh179.lnk"
sh=CEFE492DD3EE5E16DDF96E73137436ACA45AB927 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh180.lnk"
sh=3012B025B8B3C31EC1698D84CBF487781A037663 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh181.lnk"
sh=7577AA83FD6F829E6C27C098957D69C5A9EC5212 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh182.lnk"
sh=458A4E3DFEF02936D4BA904B2DE2A2E2B61663D7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh183.lnk"
sh=EBE42E39F9372BBB89FA0F3CA5B91224E8DCF755 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh184.lnk"
sh=029D5273B03D22D487D34C525B9270275EDB2723 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh185.lnk"
sh=6F3154E7A2BD72460953175181F3E717CF571333 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh186.lnk"
sh=1D0B85E2060008520EA70EDCCE8FE2C30E64C387 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh187.lnk"
sh=C94DC26FCB1E902958C678CD4B9AE1688197E91F ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh188.lnk"
sh=546AEE49DD4A6F145C07B07A1F91AE2BB6CE8A71 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh189.lnk"
sh=5D302C3F7EEB56FA18A67D56C37012E09B6CB03B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh190.lnk"
sh=C39CAC7C09A0C6F5F88479059C77B7FC6CED88E2 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh191.lnk"
sh=15BFC63D2D8403A7DD43FF48034BDC9BA5CAFF36 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh192.lnk"
sh=625E355746205CD4AF5BEBD09182F9346BEFFBFC ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh193.lnk"
sh=6CE5EB2B09511A01F986A4A3661754F37EA3AF90 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh194.lnk"
sh=AFD392FA071DA22DF3D98CB3B26E0FC54253182B ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh195.lnk"
sh=C1EEF996A96DF30D4885D39CCE0494266BF4F8A0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh196.lnk"
sh=62F13CD6419EE559ACC0E6AD79A737DDC96E6DA7 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh197.lnk"
sh=955DD2A49F6824B8AA74A42AF0E59020AB1E3B99 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh198.lnk"
sh=3BCA57D651659FDB6BCA8FF6B6238C0C831C4087 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh199.lnk"
sh=BBFA75B8664B86F8CA9F74B91092025F62A9AA66 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh200.lnk"
sh=48F69549C15EC9AA0E509E8835CE35FE7BD2204E ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh201.lnk"
sh=7716A73A155A70EBF05E7B3B624BE2595CC3EC1D ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh202.lnk"
sh=5466BA3772F29AD34C8A97E206827ADBCFF83BD0 ft=0 fh=0000000000000000 vn="Win32/Dorkbot.D worm" ac=I fn="E:\*\RECYCLER\S-1-5-21-57989841-413027322-1417001333-500\Dh203.lnk"

cosinus · 03.04.2013, 14:56

Bitte mal den Papierkork leeren

Sieht soweit ok aus

Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat.

Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie )

Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller
Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird.

Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?

raquel · 03.04.2013, 15:41

Hört sich ja gut an!

Bez. Papierkorb leeren - meinst du das wegen der Funde unter
E:\*\RECYCLER\?

Das ist auf meiner Festplatte - auf meinem Rechner hatte ich kaum was im Papierkorb.

Auf der Festplatte ist seit dem Virus nur noch eine Verknüpfung. Zuerst konnte ich über die Verknüpfung noch auf meine Dateien zugreifen, aber nachdem mein Virusprogramm was in Quarantäne (siehe mein erstes posting) geschoben hat kann ich die Verknüpfung nicht mehr öffnen. Ich trau mich nicht irgendwas auf der Festplatte anzuklicken, jetzt, da er Rechner wieder sauber ist.

was kan ich tun um wieder an die Daten zu kommen?
Danke!

cosinus · 03.04.2013, 19:43

Lass dir zuerst mal alle Dateien anzeigen => http://www.trojaner-board.de/59624-a...-sichtbar.html
Danach sollte auch alle Ordner wieder angezeigt werden - halbtransparent, da sie noch die Atrribute "versteckt" und "system" tragen

Starte anschließend die Eingabeaufforderung über Start, Alle Programme, Zubehör

Musst in der Eingabeauforderung jeweils für jeden versteckten Ordner diesen Befehl ausführen:

Code:

ATTFilter

attrib -s -h "x:\ordner" /s /d

x: => Muss angepasst werden, den passenden Buchstaben verwenden
"ordner" muss dann der jew. richtige Ordnername sein

raquel · 04.04.2013, 04:11

Ja, so hat es geklapp! Danke!

Nach Sichtbarmachen der Ordner erschienen erstmal nicht meine Ordnerstruktur sondern leere Order mit Namen aus einer Zahlen + Buchstabenkolonne. Ein namenloser Eintrag auf der angezeigten Liste der Objekte auf der Festplatte erschein nicht als Order, sonder mit einem Symbol mit dem sonst Laufwerke angezeigt werden. Nach der Operation attrib etc wurde der Ordner auch wieder als solcher angezeigt.

Es sind also alle Dateien wieder da!

Kann ich den $Recyle.BIN löschen? Und die Verknüpfung? Und dann einfach meine bekannte Ordnerstruktur wieder herstellen?

Danke auch für die Anleitung, die Dateiendungen sichtbar zu machen, danach hatte ich schon mal gesucht. Und Dank für die Tipps bez. Cookies!

19.03.2013, 23:01	#16
cosinus /// Winkelfunktion /// TB-Süch-Tiger™	PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind Leider fehlt das andere und wichtigere Log von OTL __________________ Logfiles bitte immer in CODE-Tags posten

PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind

Plagegeister aller Art und deren Bekämpfung: PUM.UserWLoad, trojan.ransom gefunden, auf externer Festplatte nur noch Verknüpfungen seitdem, die jetzt unzugänglich sind