Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: GVU-Trojaner , Win7 , abgesicherte Modus geht nicht

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 26.04.2013, 15:55   #1
Discreated
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Hallo,

ich brauche dringend hilfe da mein Laptop vom GVU-Trojaner befallen ist.

Ich habe schon OTLPE by OldTimer Scannen lassen.

ich hoffe mir kann schnell geholfen werden denn diesen Laptop brauche ich auch geschäftlich...


OTLPE - ErgebnisOTL Logfile:
Code:
ATTFilter
OTL logfile created on: 4/26/2013 6:45:21 PM - Run 
OTLPE by OldTimer - Version 3.1.48.0     Folder = X:\Programs\OTLPE
64bit-Windows 7 Ultimate Service Pack 1 (Version = 6.1.7601) - Type = System
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files (x86)
Drive C: | 100.00 Mb Total Space | 75.86 Mb Free Space | 75.87% Space Free | Partition Type: NTFS
Drive D: | 231.70 Gb Total Space | 174.69 Gb Free Space | 75.40% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
 
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
 
========== Win32 Services (SafeList) ==========
 
SRV:64bit: - [2009/07/13 21:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Program Files\Windows Defender\MpSvc.dll -- (WinDefend)
SRV:64bit: - [2009/07/13 21:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\appmgmts.dll -- (AppMgmt)
SRV - [2013/03/13 08:40:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/12/18 10:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto] -- D:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012/10/03 09:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand] -- D:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012/06/01 11:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand] -- D:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/04/10 13:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto] -- D:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2012/02/10 06:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand] -- D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.EXE -- (BBUpdate)
SRV - [2012/02/10 06:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto] -- D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.EXE -- (BBSvc)
SRV - [2010/03/18 08:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2009/06/10 17:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled] -- D:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009/06/04 14:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto] -- D:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTmon.exe -- (IAANTMON) Intel(R)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012/06/28 10:32:34 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System] -- D:\Windows\System32\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012/06/27 09:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012/06/11 08:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012/06/11 08:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012/06/11 08:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012/06/11 08:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2011/03/10 12:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- D:\Windows\System32\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011/03/04 07:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System] -- D:\Windows\System32\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011/03/04 07:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot] -- D:\Windows\System32\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010/11/20 07:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010/11/20 07:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010/11/20 06:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010/04/26 11:39:55 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010/04/26 11:26:25 | 000,260,216 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010/04/26 11:24:41 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009/12/01 11:37:28 | 001,270,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2009/11/02 14:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand] -- D:\Windows\System32\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009/07/13 20:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009/07/13 20:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009/07/13 20:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009/06/10 16:38:56 | 000,000,308 | ---- | M] () [File_System | On_Demand] -- D:\Windows\System32\wbem\ntfs.mof -- (Ntfs)
DRV:64bit: - [2009/06/10 16:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009/06/10 16:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009/06/10 16:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\evbda.sys -- (ebdrv)
DRV:64bit: - [2009/06/10 16:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\system32\DRIVERS\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009/06/10 16:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009/05/19 08:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AcpiVpc.sys -- (ACPIVPC)
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
 
 
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
IE - HKU\NetworkService_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 8E CD 53 1F 6F CD 01  [binary data]
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKU\Papa_ON_D\Software\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKU\Papa_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - prefs.js..CT3241949.browser.search.defaultthis.engineName: true
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF64_11_6_602_180.dll ()
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@canon.com/EPPEX: D:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: D:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: D:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin: D:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: D:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: D:\Program Files (x86)\Microsoft Office\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\Wow6432Node\MozillaPlugins\@nokia.com/EnablerPlugin: D:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\Wow6432Node\MozillaPlugins\Adobe Reader: D:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012/06/28 11:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012/06/28 11:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012/06/28 11:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/07/31 09:16:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\wow6432node\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013/02/27 09:48:48 | 000,000,000 | ---D | M]
 
[2010/12/15 18:34:01 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Papa\AppData\Roaming\Mozilla\Extensions
[2013/04/16 05:02:20 | 000,000,000 | ---D | M] (No name found) -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions
[2013/04/16 05:02:20 | 000,000,000 | ---D | M] (FileConverter 1.3) -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2012/06/29 03:45:40 | 000,000,853 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\11-suche.xml
[2012/06/29 03:45:40 | 000,002,209 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\englische-ergebnisse.xml
[2012/12/31 10:03:51 | 000,001,064 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\fileconverter-13-customized-web-search.xml
[2012/06/29 03:45:40 | 000,010,506 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\gmx-suche.xml
[2012/06/29 03:45:40 | 000,002,368 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\lastminute.xml
[2012/06/29 03:45:40 | 000,005,489 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\webde-suche.xml
[2011/01/08 14:39:13 | 000,002,057 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\youtube-videosuche.xml
[2012/10/23 11:19:24 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\extensions
[2012/10/23 11:19:24 | 000,000,000 | ---D | M] (Java Console) -- D:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012/06/28 10:34:56 | 000,000,000 | ---D | M] (Anti-Banner) -- D:\Program Files (x86)\Mozilla Firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012/06/28 10:34:45 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- D:\Program Files (x86)\Mozilla Firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012/07/31 09:16:06 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions
[2012/07/31 09:16:06 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- D:\Program Files (x86)\Mozilla Firefox\distribution\extensions\toolbar@web.de
File not found (No name found) -- 
() (No name found) -- D:\USERS\PAPA\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\8YGWDA3K.DEFAULT\EXTENSIONS\TOOLBAR@WEB.DE.XPI
[2012/06/01 11:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- D:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012/06/01 12:33:00 | 000,001,392 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/06/01 12:33:00 | 000,002,252 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012/06/01 12:33:00 | 000,001,153 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012/06/01 12:33:00 | 000,006,805 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/06/01 12:33:00 | 000,001,178 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/06/01 12:33:00 | 000,001,105 | ---- | M] () -- D:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009/06/10 17:00:26 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O2 - BHO: (Bing Bar Helper) - {1dad3af3-ef2f-4f64-ac4b-11789189fcb6} - D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O2 - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - D:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - D:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKU\Papa_ON_D\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - D:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] D:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKU\LocalService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\NetworkService_ON_D..\Run: [Sidebar] D:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation)
O4 - HKU\Papa_ON_D..\Run: []  File not found
O4 - HKU\Papa_ON_D..\Run: [NokiaSuite.exe] D:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin]  File not found
O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin]  File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Add to Google Photos Screensa&ver - D:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - D:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O13:64bit: - gopher Prefix: missing
O13 - gopher Prefix: missing
O15:64bit: - Papa_ON_D\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15:64bit: - Papa_ON_D\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) -  File not found
O20 - HKU\Papa_ON_D Winlogon: Shell - (explorer.exe) - D:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKU\Papa_ON_D Winlogon: Shell - (C:\Users\Papa\AppData\Roaming\skype.dat) - D:\Users\Papa\AppData\Roaming\skype.dat ()
O20:64bit: - Winlogon\Notify\klogon: DllName - %SystemRoot%\System32\klogon.dll - D:\Windows\System32\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) -  File not found
64bit: O35 - HKLM\..comfile [open] -- "%1" %* File not found
64bit: O35 - HKLM\..exefile [open] -- "%1" %* File not found
O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013/04/16 09:48:35 | 000,000,000 | ---D | C] -- D:\Users\Papa\Desktop\Unfallschaden Albach-Lammas
[2013/04/10 12:34:45 | 000,000,000 | ---D | C] -- D:\f03381205d1c8bcd09
[2013/04/10 06:22:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mstscax.dll
[2013/04/10 06:22:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mstscax.dll
[2013/04/10 06:22:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\aaclient.dll
[2013/04/10 06:22:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\aaclient.dll
[2013/04/10 06:22:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\tsgqec.dll
[2013/04/10 06:22:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\tsgqec.dll
[2013/04/10 06:19:53 | 000,735,232 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\msfeeds.dll
[2013/04/10 06:19:49 | 000,627,712 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\msfeeds.dll
[2013/04/10 06:19:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ieui.dll
[2013/04/10 06:19:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\mshtmled.dll
[2013/04/10 06:19:35 | 000,134,144 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\url.dll
[2013/04/10 06:19:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ieui.dll
[2013/04/10 06:19:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\url.dll
[2013/04/10 06:19:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\mshtmled.dll
[2013/04/10 06:18:53 | 005,550,424 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\ntoskrnl.exe
[2013/04/10 06:18:52 | 003,913,560 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntoskrnl.exe
[2013/04/10 06:18:51 | 003,968,856 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\ntkrnlpa.exe
[2013/04/10 06:18:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\smss.exe
[2013/04/10 06:18:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\csrsrv.dll
[2013/04/10 06:18:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- D:\Windows\SysWow64\apisetschema.dll
[2011/04/07 14:56:27 | 001,224,704 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkserv.dll
[2011/04/07 14:56:27 | 000,991,232 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkusb1.dll
[2011/04/07 14:56:27 | 000,643,072 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkpmui.dll
[2011/04/07 14:56:27 | 000,585,728 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbklmpm.dll
[2011/04/07 14:56:27 | 000,413,696 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkinpa.dll
[2011/04/07 14:56:27 | 000,397,312 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkiesc.dll
[2011/04/07 14:56:27 | 000,180,904 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkppls.exe
[2011/04/07 14:56:27 | 000,163,840 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkprox.dll
[2011/04/07 14:56:27 | 000,094,208 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkpplc.dll
[2011/04/07 14:56:26 | 000,696,320 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkhbn3.dll
[2011/04/07 14:56:26 | 000,684,032 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcomc.dll
[2011/04/07 14:56:26 | 000,537,256 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcoms.exe
[2011/04/07 14:56:26 | 000,421,888 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcomm.dll
[2011/04/07 14:56:26 | 000,385,704 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkih.exe
[2011/04/07 14:56:26 | 000,381,608 | ---- | C] ( ) -- D:\Windows\SysWow64\lxbkcfg.exe
[1 D:\Users\Papa\Desktop\*.tmp files -> D:\Users\Papa\Desktop\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013/04/25 15:07:07 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat
[2013/04/25 15:07:04 | 000,000,004 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\skype.ini
[2013/04/25 14:58:43 | 000,015,104 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 14:58:43 | 000,015,104 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013/04/25 14:50:58 | 1579,626,496 | -HS- | M] () -- D:\hiberfil.sys
[2013/04/25 10:49:13 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job
[2013/04/16 09:50:38 | 000,654,400 | ---- | M] () -- D:\Windows\System32\perfh007.dat
[2013/04/16 09:50:38 | 000,616,242 | ---- | M] () -- D:\Windows\System32\perfh009.dat
[2013/04/16 09:50:38 | 000,130,240 | ---- | M] () -- D:\Windows\System32\perfc007.dat
[2013/04/16 09:50:38 | 000,106,622 | ---- | M] () -- D:\Windows\System32\perfc009.dat
[2013/04/11 05:24:05 | 000,416,312 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT
[1 D:\Users\Papa\Desktop\*.tmp files -> D:\Users\Papa\Desktop\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013/04/25 09:17:30 | 000,000,004 | ---- | C] () -- D:\Users\Papa\AppData\Roaming\skype.ini
[2013/02/25 16:28:37 | 000,000,057 | ---- | C] () -- D:\ProgramData\Ament.ini
[2012/10/13 07:37:58 | 000,005,632 | ---- | C] () -- D:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/06/28 10:37:46 | 000,017,408 | ---- | C] () -- D:\Users\Papa\AppData\Local\WebpageIcons.db
[2012/01/12 06:30:57 | 000,058,880 | ---- | C] () -- D:\Users\Papa\AppData\Roaming\skype.dat
[2011/07/02 10:51:58 | 000,252,928 | ---- | C] () -- D:\Windows\SysWow64\DShowRdpFilter.dll
[2011/04/07 14:56:27 | 000,413,696 | ---- | C] () -- D:\Windows\SysWow64\lxbkutil.dll
[2011/04/07 14:56:27 | 000,274,432 | ---- | C] () -- D:\Windows\SysWow64\LXBKinst.dll
[2010/12/16 18:56:05 | 000,057,344 | ---- | C] () -- D:\Windows\AsfHelper.dll
[2010/12/15 18:15:07 | 000,015,190 | ---- | C] () -- D:\Windows\M3000Twn.ini
[2010/12/15 18:06:59 | 000,982,220 | ---- | C] () -- D:\Windows\SysWow64\igkrng500.bin
[2010/12/15 18:06:59 | 000,439,300 | ---- | C] () -- D:\Windows\SysWow64\igcompkrng500.bin
[2010/12/15 18:06:59 | 000,134,592 | ---- | C] () -- D:\Windows\SysWow64\igfcg500.bin
[2010/12/15 18:06:59 | 000,092,216 | ---- | C] () -- D:\Windows\SysWow64\igfcg500m.bin
[2009/07/14 01:38:36 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat
[2009/07/13 22:35:51 | 000,000,741 | ---- | C] () -- D:\Windows\SysWow64\NOISE.DAT
[2009/07/13 22:34:42 | 000,215,943 | ---- | C] () -- D:\Windows\SysWow64\dssec.dat
[2009/07/13 20:10:29 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin
[2009/07/13 19:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\SysWow64\BWContextHandler.dll
[2009/07/13 18:25:04 | 000,197,632 | ---- | C] () -- D:\Windows\SysWow64\ir32_32.dll
[2009/07/13 17:03:59 | 000,364,544 | ---- | C] () -- D:\Windows\SysWow64\msjetoledb40.dll
[2009/06/10 17:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\SysWow64\mlang.dat
 
========== LOP Check ==========
 
[2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data
[2011/01/03 09:18:46 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonBJ
[2011/01/03 10:31:36 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJEGV
[2012/01/07 08:29:23 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJFax
[2011/01/03 10:01:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\CanonIJScan
[2010/12/15 18:08:41 | 000,000,000 | ---D | M] -- D:\ProgramData\Conexant
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents
[2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente
[2011/01/14 07:46:15 | 000,000,000 | ---D | M] -- D:\ProgramData\DVSE GmbH
[2010/12/16 18:56:05 | 000,000,000 | ---D | M] -- D:\ProgramData\EasyCapture
[2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites
[2012/10/27 08:59:56 | 000,000,000 | ---D | M] -- D:\ProgramData\Nokia
[2012/10/27 08:54:37 | 000,000,000 | ---D | M] -- D:\ProgramData\NokiaInstallerCache
[2012/04/20 06:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Omitec
[2012/10/27 09:04:06 | 000,000,000 | ---D | M] -- D:\ProgramData\PC Suite
[2012/04/20 06:13:03 | 000,000,000 | ---D | M] -- D:\ProgramData\Protect
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu
[2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü
[2009/07/14 01:08:56 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates
[2010/12/15 15:35:19 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen
[2013/04/13 04:41:10 | 000,032,640 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT
 
========== Purity Check ==========
 
 
< End of report >
         
--- --- ---
Angehängte Dateien
Dateityp: txt OTL.txt (62,6 KB, 130x aufgerufen)

Alt 26.04.2013, 16:23   #2
M-K-D-B
/// TB-Ausbilder
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht






Mein Name ist Matthias und ich werde dir bei der Bereinigung deines Computers helfen.


Bitte beachte folgende Hinweise:
  • Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden. Es können mehrere Analyse- und Bereinigungsschritte erforderlich sein.
    Abschließend entfernen wir wieder alle verwendeten Programme und ich gebe dir ein paar Tipps für die Zukunft mit auf den Weg.
  • Bei Anzeichen von illegaler Software wird der Support ohne Diskussion eingestellt.
  • Bitte arbeite alle Schritte in der vorgegebenen Reihefolge nacheinander ab.
  • Lies dir die Anleitungen sorgfältig durch. Solltest du Probleme haben, stoppe mit deiner Bearbeitung und beschreibe mir dein Problem so gut es geht.
  • Führe nur Scans durch, zu denen du von mir oder einem anderen Helfer aufgefordert wirst.
  • Bitte kein Crossposting (posten in mehreren Foren).
  • Installiere oder deinstalliere während der Bereinigung keine Software außer du wirst dazu aufgefordert.
  • Solltest du mir nicht innerhalb von 3 Tagen antworten, gehe ich davon aus, dass du keine Hilfe mehr benötigst. Dann lösche ich dein Thema aus meinem Abo.
    Solltest du einmal länger abwesend sein, so gib mir bitte Bescheid!
  • Alle zu verwendenen Programme sind auf dem Desktop abzuspeichern und von dort zu starten!
    Ich kann Dir niemals eine Garantie geben, dass auch ich alles finde. Eine Formatierung ist meist der schnellere und immer der sicherste Weg.
    Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass Du clean bist.




Warnung: Dieses Skript wurde nur für diesen User und diese spezielle Situation geschrieben. Auf anderen Computern ausgeführt kann es nachhaltige Schäden anrichten!
Hinweis: Wenn du deinen Benutzernamen unkenntlich gemacht hast, musst du wieder deinen richtigen Namen einsetzen, ansonsten wird das Skript nicht funktionieren.

  • Starte den infizierten Rechner mit der OTLpe-CD und starte OTLpe.
  • Falls du keine Internetverbindung hast:
    1. Drücke Windows-Taste + R > notepad (reinschreiben) > OK
    2. Kopiere das Fixskript in den Editor und speichere die Datei als Fix.txt
    3. Kopiere dir die Fix.txt auf einen USB-Stick.
    4. Schließe den Stick an den infizierten Rechner an und kopiere dir die Datei auf den Desktop.
  • Füge das Skript in das Feld Custom Scans / Fixes ein:
Code:
ATTFilter
:OTL
[2013/04/16 05:02:20 | 000,000,000 | ---D | M] (FileConverter 1.3) -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}
[2012/12/31 10:03:51 | 000,001,064 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\fileconverter-13-customized-web-search.xml
O20 - HKU\Papa_ON_D Winlogon: Shell - (C:\Users\Papa\AppData\Roaming\skype.dat) - D:\Users\Papa\AppData\Roaming\skype.dat ()
[2013/04/25 15:07:04 | 000,000,004 | ---- | M] () -- D:\Users\Papa\AppData\Roaming\skype.ini

:commands
[reboot]
         
  • Schließe bitte nun alle anderen Programme.
  • Klicke nun bitte auf den Fix Button.
  • Nach dem Neustart findest Du ein Textdokument auf deinem Desktop. (Auch zu finden unter C:\OTLpe\MovedFiles\<datum_nummer.log>)
  • Kopiere nun den Inhalt hier in deinen Thread, möglichst in Code-Tags.
Hinweis: Die Ausführung des Kommandos kann einige Minuten dauern und OTLpe scheint in dieser Zeit nicht zu reagieren. Bitte geduldig sein!
Fragen:
  • Kannst du jetzt wieder in den normalen Modus booten?
__________________

__________________

Alt 26.04.2013, 17:22   #3
Discreated
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Hallo Matthias,

vielen dank für deine hilfe.

ja jetzt kann ich wieder im normalen modus booten.

hier der inhalt der moved-datei

Code:
ATTFilter
 ========== OTL ==========
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\Plugins folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\modules folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\META-INF folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\lib folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\defaults\preferences folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\defaults folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\sl folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\lib\jquery.alerts\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\lib\jquery.alerts folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\lib folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\core folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\WEATHER\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\WEATHER\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\WEATHER folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\TWITTER\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\TWITTER\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\TWITTER\img folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\TWITTER folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\view\style\rsx folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\view\style folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\view\script folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\view folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\Css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH\buildSettings folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\SEARCH folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\RADIO_PLAYER\js\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\RADIO_PLAYER\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\RADIO_PLAYER\css\custom-theme folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\RADIO_PLAYER\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\RADIO_PLAYER folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG\menu_dlg folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG\css\custom-theme folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG\agreement folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\PRICE_GONG folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\Optimizer\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\Optimizer folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION\images\light folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION\images\dark folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\NOTIFICATION folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\MULTI_RSS\js\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\MULTI_RSS\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\MULTI_RSS\img folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\MULTI_RSS\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\MULTI_RSS folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\HIGHLIGHTER\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\HIGHLIGHTER\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\HIGHLIGHTER folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\EMAIL_NOTIFIER\js\plugins folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\EMAIL_NOTIFIER\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\EMAIL_NOTIFIER\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\EMAIL_NOTIFIER folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\APPLICATION_BUTTON\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\APPLICATION_BUTTON\Js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa\APPLICATION_BUTTON folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\wa folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\menu\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\menu\img folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\menu\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\menu folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\gf\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\gf\img folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\gf\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\gf folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\gadgetFrame folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\dlg\ftd\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\dlg\ftd folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui\dlg folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ui folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp\spsd\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp\spsd folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp\spbd\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp\spbd folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\sp folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\options\js\resources folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\options\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\options\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\options\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\options folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\msd folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\api folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ac\res folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ac\img folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ac\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\ac folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\aboutBox\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\aboutBox\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al\aboutBox folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb\al folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\tb folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic\uninstall\dialog\js folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic\uninstall\dialog\images folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic\uninstall\dialog\css folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic\uninstall\dialog folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic\uninstall folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content\logic folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949\content folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome\CT3241949 folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee}\chrome folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\extensions\{78e516ef-11de-47a1-8364-a99b917ec5ee} folder moved successfully.
D:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\fileconverter-13-customized-web-search.xml moved successfully.
Registry value HKEY_USERS\Papa_ON_D\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:C:\Users\Papa\AppData\Roaming\skype.dat deleted successfully.
D:\Users\Papa\AppData\Roaming\skype.dat moved successfully.
D:\Users\Papa\AppData\Roaming\skype.ini moved successfully.
========== COMMANDS ==========
 
OTLPE by OldTimer - Version 3.1.48.0 log created on 04262013_194031
         
__________________

Alt 27.04.2013, 09:21   #4
M-K-D-B
/// TB-Ausbilder
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Servus,



sehr gut.


So geht es weiter:






Schritt 1
Downloade Dir bitte AdwCleaner Logo Icon AdwCleaner auf deinen Desktop.
  • Schließe alle offenen Programme und Browser. Bebilderte Anleitung zu AdwCleaner.
  • Starte die AdwCleaner.exe mit einem Doppelklick.
  • Stimme den Nutzungsbedingungen zu.
  • Klicke auf Optionen und vergewissere dich, dass die folgenden Punkte ausgewählt sind:
    • "Tracing" Schlüssel löschen
    • Winsock Einstellungen zurücksetzen
    • Proxy Einstellungen zurücksetzen
    • Internet Explorer Richtlinien zurücksetzen
    • Chrome Richtlinien zurücksetzen
    • Stelle sicher, dass alle 5 Optionen wie hier dargestellt, ausgewählt sind
  • Klicke auf Suchlauf und warte bis dieser abgeschlossen ist.
  • Klicke nun auf Löschen und bestätige auftretende Hinweise mit Ok.
  • Dein Rechner wird automatisch neu gestartet. Nach dem Neustart öffnet sich eine Textdatei. Poste mir deren Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner\AdwCleaner[Cx].txt. (x = fortlaufende Nummer).






Schritt 2

Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Bitte lade Junkware Removal Tool auf Deinen Desktop

  • Starte das Tool mit Doppelklick. Ab Windows Vista (oder höher) bitte mit Rechtsklick "als Administrator ausführen" starten.
  • Drücke eine beliebige Taste, um das Tool zu starten.
  • Je nach System kann der Scan eine Weile dauern.
  • Wenn das Tool fertig ist wird das Logfile (JRT.txt) auf dem Desktop gespeichert und automatisch geöffnet.
  • Bitte poste den Inhalt der JRT.txt in Deiner nächsten Antwort.







Schritt 3
Scan mit Combofix
WARNUNG an die MITLESER:
Combofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde!

Downloade dir bitte Combofix vom folgenden Downloadspiegel: Link
  • WICHTIG: Speichere Combofix auf deinem Desktop.
  • Deaktiviere bitte alle deine Antivirensoftware sowie Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören. Combofix meckert auch manchmal trotzdem noch, das kannst du dann ignorieren, mir aber bitte mitteilen.
  • Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.
  • Während Combofix läuft bitte nicht am Computer arbeiten, die Maus bewegen oder ins Combofixfenster klicken!
  • Wenn Combofix fertig ist, wird es ein Logfile erstellen.
  • Bitte poste die C:\Combofix.txt in deiner nächsten Antwort (möglichst in CODE-Tags).
Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.






Bitte poste mit deiner nächsten Antwort
  • die Logdatei von AdwCleaner,
  • die Logdatei von JRT,
  • die Logdatei von ComboFix.
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 27.04.2013, 10:30   #5
Discreated
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



hier die Logdateien

AdwCleaner

Code:
ATTFilter
# AdwCleaner v2.202 - Datei am 27/04/2013 um 12:28:01 erstellt
# Aktualisiert am 23/04/2013 von Xplode
# Betriebssystem : Windows 7 Ultimate Service Pack 1 (64 bits)
# Benutzer : Papa - PAPA-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Papa\Desktop\adwcleaner.exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\searchplugins\11-suche.xml
Ordner Gelöscht : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\Smartbar

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{79FB5FC8-44B9-4AF5-BADD-CCE547F953E5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{813A22E0-3E2B-4188-9BDA-ECA9878B8D48}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BCFF5F55-6F44-11D2-86F8-00104B265ED5}

***** [Internet Browser] *****

-\\ Internet Explorer v8.0.7601.17514

[OK] Die Registrierungsdatenbank ist sauber.

-\\ Mozilla Firefox v13.0 (de)

Datei : C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\prefs.js

Gelöscht : user_pref("CT3241949.1000082.isDisplayHidden", "true");
Gelöscht : user_pref("CT3241949.1000082.state", "{\"state\":\"stopped\",\"text\":\"Californi...\",\"description[...]
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_city", "SULZBACH");
Gelöscht : user_pref("CT3241949.1000234.TWC_TMP_country", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_locId", "SZXX2722");
Gelöscht : user_pref("CT3241949.1000234.TWC_location", "Sulzbach, Schweiz");
Gelöscht : user_pref("CT3241949.1000234.TWC_region", "DE");
Gelöscht : user_pref("CT3241949.1000234.TWC_temp_dis", "c");
Gelöscht : user_pref("CT3241949.1000234.TWC_wind_dis", "kmh");
Gelöscht : user_pref("CT3241949.1000234.weatherData", "{\"icon\":\"34.png\",\"temperature\":\"4°C\",\"temperatu[...]
Gelöscht : user_pref("CT3241949.CBOpenMAMSettings.enc", "MA==");
Gelöscht : user_pref("CT3241949.ENABALE_HISTORY", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.ENABLE_RETURN_WEB_SEARCH_ON_THE_PAGE", "{\"dataType\":\"string\",\"data\":\"tru[...]
Gelöscht : user_pref("CT3241949.FirstTime", "true");
Gelöscht : user_pref("CT3241949.FirstTimeFF3", "true");
Gelöscht : user_pref("CT3241949.LoginRevertSettingsEnabled", true);
Gelöscht : user_pref("CT3241949.RevertSettingsEnabled", true);
Gelöscht : user_pref("CT3241949.SearchFromAddressBarUrl", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT324[...]
Gelöscht : user_pref("CT3241949.UserID", "UN01610675519773341");
Gelöscht : user_pref("CT3241949.addressBarTakeOverEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.browser.search.defaultthis.engineName", true);
Gelöscht : user_pref("CT3241949.cb_experience_000.enc", "Mjk=");
Gelöscht : user_pref("CT3241949.cb_firstuse0100.enc", "MQ==");
Gelöscht : user_pref("CT3241949.cb_user_id_000.enc", "Q0I3OTA0MjcxMzkyODhfMTM1NzQyNjI2NDQzMV9GaXJlZm94");
Gelöscht : user_pref("CT3241949.cbcountry_001.enc", "REU=");
Gelöscht : user_pref("CT3241949.cbfirsttime.enc", "TW9uIERlYyAzMSAyMDEyIDE1OjAyOjM4IEdNVCswMTAw");
Gelöscht : user_pref("CT3241949.enableAlerts", "never");
Gelöscht : user_pref("CT3241949.enableFix404ByUser", "FALSE");
Gelöscht : user_pref("CT3241949.event_data.enc", "JTVCJTVE");
Gelöscht : user_pref("CT3241949.fired_events.enc", "AA==");
Gelöscht : user_pref("CT3241949.firstTimeDialogOpened", "true");
Gelöscht : user_pref("CT3241949.fixPageNotFoundErrorByUser", "TRUE");
Gelöscht : user_pref("CT3241949.fixPageNotFoundErrorInHidden", "true");
Gelöscht : user_pref("CT3241949.fixUrls", true);
Gelöscht : user_pref("CT3241949.hxxp___www_socialgrowthtechnologies_com_couponbuddy_v001.APP_WIN_FEATURES.enc",[...]
Gelöscht : user_pref("CT3241949.installType", "Unknown");
Gelöscht : user_pref("CT3241949.isCheckedStartAsHidden", true);
Gelöscht : user_pref("CT3241949.isEnableAllDialogs", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.isFirstTimeToolbarLoading", "false");
Gelöscht : user_pref("CT3241949.isNewTabEnabled", false);
Gelöscht : user_pref("CT3241949.isPerformedSmartBarTransition", "true");
Gelöscht : user_pref("CT3241949.isToolbarShrinked", "{\"dataType\":\"string\",\"data\":\"false\"}");
Gelöscht : user_pref("CT3241949.isWelcomPage", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.key_date.enc", "OA==");
Gelöscht : user_pref("CT3241949.keyword", true);
Gelöscht : user_pref("CT3241949.lastNewTabSettings", "{\"isEnabled\":false,\"newTabUrl\":\"hxxp://search.condui[...]
Gelöscht : user_pref("CT3241949.lastVersion", "10.15.2.523");
Gelöscht : user_pref("CT3241949.migrateAppsAndComponents", true);
Gelöscht : user_pref("CT3241949.navigationAliasesJson", "{\"EB_SEARCH_TERM\":\"\",\"EB_MAIN_FRAME_URL\":\"hxxp%[...]
Gelöscht : user_pref("CT3241949.newSettings", "{\"dataType\":\"boolean\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.price-gong.bornDate", "{\"dataType\":\"string\",\"data\":\"{\\\"Response\\\":\\[...]
Gelöscht : user_pref("CT3241949.price-gong.isManagedApp", "true");
Gelöscht : user_pref("CT3241949.search.searchAppId", "129887071061272563");
Gelöscht : user_pref("CT3241949.search.searchCount", "1");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabled", "false");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabledByUser", "false");
Gelöscht : user_pref("CT3241949.searchInNewTabEnabledInHidden", "true");
Gelöscht : user_pref("CT3241949.selectToSearchBoxEnabled", "{\"dataType\":\"string\",\"data\":\"true\"}");
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_isFirstLoginInvoked", "{\"dataType\":\"boolean\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_login_loginCount", "{\"dataType\":\"number\",\"data\":\"4\[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeCTID", "{\"dataType\":\"string\",\"d[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeDownloadUrl", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_activeToolbarName", "{\"dataType\":\"strin[...]
Gelöscht : user_pref("CT3241949.serviceLayer_service_toolbarGrouping_invoked", "{\"dataType\":\"string\",\"data[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_appTrackingFirstTime_lastUpdate", "1356962544621");
Gelöscht : user_pref("CT3241949.serviceLayer_services_appTracking_lastUpdate", "1356963063731");
Gelöscht : user_pref("CT3241949.serviceLayer_services_appsMetadata_lastUpdate", "1357656325344");
Gelöscht : user_pref("CT3241949.serviceLayer_services_gottenAppsContextMenu_lastUpdate", "1356962552656");
Gelöscht : user_pref("CT3241949.serviceLayer_services_location_lastUpdate", "1366894462952");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.13.40.15_lastUpdate", "1358787836123");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.14.40.128_lastUpdate", "1359469876348");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.14.42.7_lastUpdate", "1361216753539");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.14.65.43_lastUpdate", "1364031439007");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.15.0.562_lastUpdate", "1366042674845");
Gelöscht : user_pref("CT3241949.serviceLayer_services_login_10.15.2.523_lastUpdate", "1366894462611");
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_769c590835a76d075fe33b9a87a87786_lastUpdate", "13576[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_menu_d32f45618f5a02bd965c56155a643855_lastUpdate", "13576[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_otherAppsContextMenu_lastUpdate", "1356962552181");
Gelöscht : user_pref("CT3241949.serviceLayer_services_searchAPI_lastUpdate", "1357656326574");
Gelöscht : user_pref("CT3241949.serviceLayer_services_serviceMap_lastUpdate", "1366894462543");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarContextMenu_lastUpdate", "1356962552738");
Gelöscht : user_pref("CT3241949.serviceLayer_services_toolbarSettings_lastUpdate", "1366894462887");
Gelöscht : user_pref("CT3241949.serviceLayer_services_translation_lastUpdate", "1366894463108");
Gelöscht : user_pref("CT3241949.serviceLayer_services_userApps1ec55dac-8dca-406b-9697-5d68893c1c0c_lastUpdate",[...]
Gelöscht : user_pref("CT3241949.serviceLayer_services_userApps_lastUpdate", "1357552660316");
Gelöscht : user_pref("CT3241949.settingsINI", true);
Gelöscht : user_pref("CT3241949.showToolbarPermission", "false");
Gelöscht : user_pref("CT3241949.smartbar.CTID", "CT3241949");
Gelöscht : user_pref("CT3241949.smartbar.Uninstall", "0");
Gelöscht : user_pref("CT3241949.smartbar.isHidden", true);
Gelöscht : user_pref("CT3241949.smartbar.toolbarName", "FileConverter 1.3 ");
Gelöscht : user_pref("CT3241949.toolbarBornServerTime", "31-12-2012");
Gelöscht : user_pref("CT3241949.toolbarCurrentServerTime", "25-4-2013");
Gelöscht : user_pref("CT3241949.toolbarLoginClientTime", "Sat Mar 23 2013 12:30:23 GMT+0100");
Gelöscht : user_pref("CT3241949.url_history0001.enc", "aHR0cDovL3d3dy5kYXN0ZWxlZm9uYnVjaC5kZS86OjpjbGlja2hhbmRs[...]
Gelöscht : user_pref("CT3241949_Firefox.csv", "[{\"from\":\"Abs Layer\",\"action\":\"loading toolbar\",\"time\"[...]
Gelöscht : user_pref("Smartbar.ConduitSearchEngineList", "");
Gelöscht : user_pref("Smartbar.ConduitSearchUrlList", "");
Gelöscht : user_pref("Smartbar.SearchFromAddressBarSavedUrl", "hxxp://go.web.de/tb/mff_keyurl_search/?su=");
Gelöscht : user_pref("Smartbar.keywordURLSelectedCTID", "CT3241949");
Gelöscht : user_pref("smartbar.conduitSearchAddressUrlList", "hxxp://search.conduit.com/ResultsExt.aspx?ctid=CT[...]
Gelöscht : user_pref("smartbar.machineId", "ZXAODJQYKLCTEW5YRV/GJINM4HMZRHANKN4GSKFSHODF0D/0TCR8O451F55DHP9ARY4[...]
Gelöscht : user_pref("smartbar.originalSearchAddressUrl", "hxxp://go.web.de/tb/mff_keyurl_search/?su=");
Gelöscht : user_pref("smartbar.originalSearchEngine", "Google");

*************************

AdwCleaner[S1].txt - [10479 octets] - [27/04/2013 12:28:01]

########## EOF - C:\AdwCleaner[S1].txt - [10540 octets] ##########
         

JRT

Code:
ATTFilter
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.9.0 (04.26.2013:1)
OS: Windows 7 Ultimate x64
Ran by Papa on 27.04.2013 at 12:33:56,44
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Registry Values



~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E33CF602-D945-461A-83F0-819F76A199F8}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{18DF081C-E8AD-4283-A596-FA578C2EBDC3}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{1dad3af3-ef2f-4f64-ac4b-11789189fcb6}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{3785D0AD-BFFF-47F6-BF5B-A587C162FED9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{72853161-30C5-4D22-B7F9-0BBC1D38A37E}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}
Successfully deleted: [Registry Key] HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\explorer\browser helper objects\{E33CF602-D945-461A-83F0-819F76A199F8}



~~~ Files



~~~ Folders



~~~ FireFox

Emptied folder: C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\minidumps [548 files]



~~~ Event Viewer Logs were cleared





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 27.04.2013 at 12:41:36,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
         

ComboFix

Code:
ATTFilter
ComboFix 13-04-27.04 - Papa 27.04.2013  12:46:08.1.2 - x64
Microsoft Windows 7 Ultimate   6.1.7601.1.1252.49.1031.18.2009.970 [GMT 2:00]
ausgeführt von:: C:\Users\Papa\Desktop\ComboFix.exe
AV: Kaspersky Security Suite CBE *Disabled/Outdated* {C3113FBF-4BCB-4461-D78D-6EDFEC9593E5}
FW: Kaspersky Security Suite CBE *Disabled* {FB2ABE9A-01A4-4539-FCD2-C7EA1246D49E}
SP: Kaspersky Security Suite CBE *Disabled/Updated* {7870DE5B-6DF1-4BEF-ED3D-55AD9712D958}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}


((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))


C:\Users\Papa\4.0


(((((((((((((((((((((((   Dateien erstellt von 2013-03-27 bis 2013-04-27  ))))))))))))))))))))))))))))))


2013-04-27 11:24:31 . 2013-04-27 11:24:31	--------	d-----w-	C:\Users\Default\AppData\Local\temp
2013-04-27 10:33:53 . 2013-04-27 10:33:53	--------	d-----w-	C:\Windows\ERUNT
2013-04-27 10:31:30 . 2013-04-27 10:33:38	--------	d-----w-	C:\JRT
2013-04-26 23:40:38 . 2011-07-13 02:55:05	2237440	----a-r-	C:\OTLPE.exe
2013-04-26 23:40:31 . 2013-04-26 23:40:31	--------	d-----w-	C:\_OTL
2013-04-24 08:41:14 . 2013-04-12 14:45:08	1656680	----a-w-	C:\Windows\system32\drivers\ntfs.sys
2013-04-23 07:36:19 . 2013-04-10 03:46:09	9317456	----a-w-	C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{2E0071F5-B0D5-473F-ACB1-119E50B6D46E}\mpengine.dll
2013-04-10 16:34:45 . 2013-04-10 16:34:48	--------	d-----w-	C:\f03381205d1c8bcd09
2013-04-10 10:22:41 . 2013-03-01 03:36:04	3153408	----a-w-	C:\Windows\system32\win32k.sys
2013-04-10 10:22:23 . 2013-02-15 06:06:11	3717632	----a-w-	C:\Windows\system32\mstscax.dll
2013-04-10 10:22:22 . 2013-02-15 04:37:10	3217408	----a-w-	C:\Windows\SysWow64\mstscax.dll
2013-04-10 10:22:21 . 2013-02-15 06:02:26	158720	----a-w-	C:\Windows\system32\aaclient.dll
2013-04-10 10:22:21 . 2013-02-15 04:34:10	131584	----a-w-	C:\Windows\SysWow64\aaclient.dll
2013-04-10 10:22:20 . 2013-02-15 06:08:40	44032	----a-w-	C:\Windows\system32\tsgqec.dll
2013-04-10 10:22:20 . 2013-02-15 03:25:51	36864	----a-w-	C:\Windows\SysWow64\tsgqec.dll
2013-04-10 10:20:07 . 2013-03-02 05:50:54	9059328	----a-w-	C:\Windows\system32\mshtml.dll
2013-04-10 10:20:00 . 2013-03-02 05:49:38	12294656	----a-w-	C:\Windows\system32\ieframe.dll
2013-04-10 10:18:53 . 2013-03-19 06:04:06	5550424	----a-w-	C:\Windows\system32\ntoskrnl.exe
2013-04-10 10:18:52 . 2013-03-19 05:04:10	3913560	----a-w-	C:\Windows\SysWow64\ntoskrnl.exe
2013-04-10 10:18:51 . 2013-03-19 05:04:13	3968856	----a-w-	C:\Windows\SysWow64\ntkrnlpa.exe
2013-04-10 10:18:49 . 2013-03-19 05:46:56	43520	----a-w-	C:\Windows\system32\csrsrv.dll
2013-04-10 10:18:49 . 2013-03-19 03:06:33	112640	----a-w-	C:\Windows\system32\smss.exe
2013-04-10 10:18:48 . 2013-03-19 04:47:50	6656	----a-w-	C:\Windows\SysWow64\apisetschema.dll
.


((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))

2013-04-10 16:34:49 . 2010-12-15 22:38:39	72702784	----a-w-	C:\Windows\system32\MRT.exe
2013-03-25 20:39:46 . 2013-03-25 20:39:46	4546560	----a-w-	C:\Windows\SysWow64\GPhotos.scr
2013-03-13 12:40:49 . 2012-07-01 12:00:01	693976	----a-w-	C:\Windows\SysWow64\FlashPlayerApp.exe
2013-03-13 12:40:49 . 2011-08-17 08:11:07	73432	----a-w-	C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2013-03-11 23:10:56 . 2010-12-15 20:06:13	282744	------w-	C:\Windows\system32\MpSigStub.exe
2013-02-12 05:45:24 . 2013-03-14 09:30:15	135168	----a-w-	C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2013-02-12 05:45:22 . 2013-03-14 09:30:15	350208	----a-w-	C:\Windows\apppatch\AppPatch64\AcLayers.dll
2013-02-12 05:45:22 . 2013-03-14 09:30:15	308736	----a-w-	C:\Windows\apppatch\AppPatch64\AcGenral.dll
2013-02-12 05:45:22 . 2013-03-14 09:30:15	111104	----a-w-	C:\Windows\apppatch\AppPatch64\acspecfc.dll
2013-02-12 04:48:31 . 2013-03-14 09:30:15	474112	----a-w-	C:\Windows\apppatch\AcSpecfc.dll
2013-02-12 04:48:26 . 2013-03-14 09:30:16	2176512	----a-w-	C:\Windows\apppatch\AcGenral.dll
2013-02-12 04:12:05 . 2013-03-26 09:59:48	19968	----a-w-	C:\Windows\system32\drivers\usb8023.sys


((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))


*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NokiaSuite.exe"="C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-12 23:54:40 1088424]

[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"AVP"="C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe" [2012-04-10 17:21:22 202296]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

R2 BBSvc;BingBar Service;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe [2012-02-10 10:28:06 193816]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 13:27:14 138576]
R3 ose64;Office 64 Source Engine;C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE [2010-01-09 20:20:56 174440]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;C:\Windows\system32\drivers\rdpvideominiport.sys [2010-11-20 11:03:42 20992]
R3 Synth3dVsc;Synth3dVsc;C:\Windows\system32\drivers\synth3dvsc.sys [x]
R3 TsUsbFlt;TsUsbFlt;C:\Windows\system32\drivers\tsusbflt.sys [2010-11-20 11:07:05 59392]
R3 tsusbhub;tsusbhub;C:\Windows\system32\drivers\tsusbhub.sys [x]
R3 VGPU;VGPU;C:\Windows\system32\drivers\rdvgkmd.sys [x]
R3 WSDScan;WSD-Scanunterstützung durch UMB;C:\Windows\system32\DRIVERS\WSDScan.sys [2009-07-14 00:35:37 25088]
S1 funfrm;funfrm; [x]
S1 kl2;kl2;C:\Windows\system32\DRIVERS\kl2.sys [2011-03-04 11:23:28 11864]
S1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;C:\Windows\system32\DRIVERS\klim6.sys [2011-03-10 16:36:24 29488]
S3 ACPIVPC;Lenovo Virtual Power Controller Driver;C:\Windows\system32\DRIVERS\AcpiVpc.sys [2009-05-19 12:43:32 26128]
S3 BBUpdate;BBUpdate;C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe [2012-02-10 10:28:06 240408]
S3 klmouflt;Kaspersky Lab KLMOUFLT;C:\Windows\system32\DRIVERS\klmouflt.sys [2009-11-02 18:27:10 22544]
S3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 20:35:42 187392]


Inhalt des "geplante Tasks" Ordners

2013-04-27 C:\Windows\Tasks\Adobe Flash Player Updater.job
- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-01 12:00:01 . 2013-03-13 12:40:51]


--------- X64 Entries -----------


------- Zusätzlicher Suchlauf -------

uLocal Page = C:\Windows\system32\blank.htm
uDefault_Search_URL = hxxp://www.google.com/ie
mLocal Page = C:\Windows\SysWOW64\blank.htm
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
IE: An OneNote s&enden - C:\PROGRA~1\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - C:\PROGRA~1\MICROS~2\Office14\EXCEL.EXE/3000
FF - ProfilePath - C:\Users\Papa\AppData\Roaming\Mozilla\Firefox\Profiles\8ygwda3k.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://go.web.de/tb/mff_startpage_home

- - - - Entfernte verwaiste Registrierungseinträge - - - -

Wow6432Node-HKLM-Run-<NO NAME> - (no file)
         


Alt 27.04.2013, 15:16   #6
M-K-D-B
/// TB-Ausbilder
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Servus,



Starte bitte OTL.exe.
Wähle unter
Extra Registrierung: Benutze Safe List und klicke auf den Scan Button.
Poste die OTL.txt und die Extras.txt hier in deinen Thread.




Wie läuft dein Rechner derzeit?
__________________
--> GVU-Trojaner , Win7 , abgesicherte Modus geht nicht

Alt 30.04.2013, 15:05   #7
Discreated
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



OTL.txt:
Code:
ATTFilter
OTL logfile created on: 30.04.2013 15:47:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Papa\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 49,16% Memory free
3,92 Gb Paging File | 2,36 Gb Available in Paging File | 60,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,70 Gb Total Space | 173,56 Gb Free Space | 74,91% Space Free | Partition Type: NTFS
 
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.04.30 15:45:17 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Papa\Desktop\OTL.exe
PRC - [2013.03.13 14:40:49 | 001,822,424 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe
PRC - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.10.13 01:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.06.01 17:37:13 | 000,913,888 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe
PRC - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe
PRC - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe
PRC - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.03.13 14:40:48 | 014,717,144 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll
MOD - [2012.10.13 01:55:38 | 000,276,392 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.10.13 01:55:38 | 000,092,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll
MOD - [2012.10.13 01:55:22 | 002,652,584 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.10.13 01:55:22 | 000,363,944 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.10.13 01:55:20 | 011,166,120 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.10.13 01:55:18 | 001,346,472 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.10.13 01:55:18 | 000,205,736 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.10.13 01:55:16 | 001,013,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.10.13 01:55:16 | 000,720,296 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.10.13 01:55:14 | 008,506,792 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.10.13 01:55:14 | 000,520,104 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.10.13 01:55:12 | 002,480,552 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.10.13 01:55:12 | 002,353,576 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.10.13 01:55:08 | 000,445,864 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.10.13 01:55:04 | 000,206,760 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll
MOD - [2012.10.13 01:55:04 | 000,035,240 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll
MOD - [2012.10.13 01:55:02 | 000,032,680 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll
MOD - [2012.10.13 01:54:34 | 000,437,672 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll
MOD - [2012.10.13 01:53:56 | 000,605,608 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.10.13 01:31:20 | 000,391,600 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.10.13 01:31:20 | 000,059,280 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.10.13 01:30:34 | 000,110,080 | ---- | M] () -- C:\Program Files (x86)\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.06.01 17:37:31 | 002,042,848 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll
MOD - [2012.04.10 19:18:26 | 007,008,656 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtGui4.dll
MOD - [2012.04.10 19:18:24 | 001,270,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtScript4.dll
MOD - [2012.04.10 19:18:22 | 000,192,912 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtSql4.dll
MOD - [2012.04.10 19:18:20 | 002,118,032 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtCore4.dll
MOD - [2012.04.10 19:18:20 | 000,758,160 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtNetwork4.dll
MOD - [2012.04.10 19:18:18 | 002,089,360 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\QtDeclarative4.dll
MOD - [2011.04.20 19:56:28 | 000,025,088 | ---- | M] () -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\imageformats\qgif4.dll
MOD - [2011.03.17 01:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
 
 
========== Services (SafeList) ==========
 
SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt)
SRV - [2013.03.13 14:40:51 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012.12.18 16:28:08 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.06.01 17:37:22 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012.04.10 19:21:22 | 000,202,296 | ---- | M] (Kaspersky Lab ZAO) [Auto | Running] -- C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe -- (AVP)
SRV - [2012.02.10 12:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate)
SRV - [2012.02.10 12:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc)
SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 22:20:56 | 000,174,440 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose64)
SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32)
SRV - [2009.06.04 20:03:06 | 000,354,840 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel Matrix Storage Manager\IAANTMon.exe -- (IAANTMON)
 
 
========== Driver Services (SafeList) ==========
 
DRV:64bit: - [2012.06.28 16:32:34 | 000,615,728 | ---- | M] (Kaspersky Lab) [File_System | System | Running] -- C:\Windows\SysNative\drivers\klif.sys -- (KLIF)
DRV:64bit: - [2012.06.27 15:18:52 | 000,026,112 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd)
DRV:64bit: - [2012.06.11 14:17:44 | 000,027,136 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbox64.sys -- (nmwcdc)
DRV:64bit: - [2012.06.11 14:17:44 | 000,019,968 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ccdcmbx64.sys -- (nmwcd)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltjx64.sys -- (UsbserFilt)
DRV:64bit: - [2012.06.11 14:17:44 | 000,009,216 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser_lowerfltx64.sys -- (upperdev)
DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec)
DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata)
DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata)
DRV:64bit: - [2011.03.10 18:36:24 | 000,029,488 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\klim6.sys -- (KLIM6)
DRV:64bit: - [2011.03.04 13:23:28 | 000,011,864 | ---- | M] (Kaspersky Lab ZAO) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\kl2.sys -- (kl2)
DRV:64bit: - [2011.03.04 13:23:24 | 000,460,888 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\kl1.sys -- (KL1)
DRV:64bit: - [2010.12.17 00:56:04 | 000,073,744 | ---- | M] () [Kernel | System | Running] -- C:\Windows\SysNative\drivers\funfrm.sys -- (funfrm)
DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD)
DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV:64bit: - [2010.11.20 13:03:42 | 000,020,992 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV:64bit: - [2010.11.20 12:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser)
DRV:64bit: - [2010.04.26 17:39:55 | 000,717,368 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService)
DRV:64bit: - [2010.04.26 17:26:25 | 000,260,216 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService)
DRV:64bit: - [2010.04.26 17:24:41 | 007,342,432 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx)
DRV:64bit: - [2009.12.01 17:37:28 | 001,270,896 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\BisonC07.sys -- (Cam5607)
DRV:64bit: - [2009.11.02 20:27:10 | 000,022,544 | ---- | M] (Kaspersky Lab) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\klmouflt.sys -- (klmouflt)
DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs)
DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2)
DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor)
DRV:64bit: - [2009.07.14 02:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice)
DRV:64bit: - [2009.07.14 02:35:37 | 000,025,088 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDScan.sys -- (WSDScan)
DRV:64bit: - [2009.07.14 02:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam)
DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation                                            ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167)
DRV:64bit: - [2009.06.10 22:34:38 | 001,311,232 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\BCMWL664.SYS -- (BCM43XX)
DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv)
DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv)
DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a)
DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir)
DRV:64bit: - [2009.06.04 19:54:36 | 000,408,600 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor)
DRV:64bit: - [2009.05.19 14:43:32 | 000,026,128 | ---- | M] (Lenovo Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\AcpiVpc.sys -- (ACPIVPC)
DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = 
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = 
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8C 8E CD 53 1F 6F CD 01  [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope = 
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{4D407032-1879-4731-89E0-82C9C33144C6}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searcerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
========== FireFox ==========
 
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://go.web.de/tb/mff_startpage_home"
FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37
FF - prefs.js..extensions.enabledAddons: toolbar@web.de:2.5
FF - prefs.js..extensions.enabledItems: linkfilter@kaspersky.ru:9.0.0.747
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - user.js - File not found
 
FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found
FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_37: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\virtualKeyboard@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\virtualKeyboard@kaspersky.ru [2012.06.28 17:12:01 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\linkfilter@kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\linkfilter@kaspersky.ru [2012.06.28 17:11:59 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\KavAntiBanner@Kaspersky.ru: C:\Program Files (x86)\Kaspersky Security Suite CBE 12\FFExt\KavAntiBanner@Kaspersky.ru [2012.06.28 17:11:57 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.31 15:16:14 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.27 15:48:48 | 000,000,000 | ---D | M]
 
[2010.12.16 00:34:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Extensions
[2013.04.27 01:40:38 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\Firefox\Profiles\8ygwda3k.default\extensions
[2013.03.22 09:50:38 | 000,549,639 | ---- | M] () (No name found) -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\extensions\toolbar@web.de.xpi
[2012.06.29 09:45:40 | 000,002,209 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\searchplugins\englische-ergebnisse.xml
[2012.06.29 09:45:40 | 000,010,506 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\searchplugins\gmx-suche.xml
[2012.06.29 09:45:40 | 000,002,368 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\searchplugins\lastminute.xml
[2012.06.29 09:45:40 | 000,005,489 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\searchplugins\webde-suche.xml
[2011.01.08 20:39:13 | 000,002,057 | ---- | M] () -- C:\Users\Papa\AppData\Roaming\mozilla\firefox\profiles\8ygwda3k.default\searchplugins\youtube-videosuche.xml
[2012.10.23 17:19:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions
[2012.10.23 17:19:24 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
[2012.06.28 16:34:56 | 000,000,000 | ---D | M] (Anti-Banner) -- C:\Program Files (x86)\mozilla firefox\extensions\KavAntiBanner@kaspersky.ru_bak2
[2012.06.28 16:34:45 | 000,000,000 | ---D | M] (Modul zur Link-Untersuchung) -- C:\Program Files (x86)\mozilla firefox\extensions\linkfilter@kaspersky.ru_bak2
[2012.07.31 15:16:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions
[2012.07.31 15:16:06 | 000,000,000 | ---D | M] (WEB.DE MailCheck) -- C:\Program Files (x86)\mozilla firefox\distribution\extensions\toolbar@web.de
[2012.06.01 17:38:43 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll
[2012.06.01 18:33:00 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012.06.01 18:33:00 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml
[2012.06.01 18:33:00 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml
[2012.06.01 18:33:00 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml
[2012.06.01 18:33:00 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml
[2012.06.01 18:33:00 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml
 
O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts
O2:64bit: - BHO: (IEVkbdBHO Class) - {59273AB4-E7D3-40F9-A1A8-6FA9CCA1862C} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2:64bit: - BHO: (FilterBHO Class) - {E33CF602-D945-461A-83F0-819F76A199F8} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {eec0f710-38b5-4aba-99bf-ec87564a4e13} - C:\Program Files (x86)\Microsoft\BingBar\7.1.361.0\BingExt.dll (Microsoft Corporation.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: []  File not found
O4 - HKLM..\Run: [AVP] C:\Program Files (x86)\Kaspersky Security Suite CBE 12\avp.exe (Kaspersky Lab ZAO)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 28
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200 File not found
O8:64bit: - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8:64bit: - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\SysWow64\GPhotos.scr (Google Inc.)
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Hinzufügen zu Anti-Banner - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ie_banner_deny.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9:64bit: - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\ievkbd.dll (Kaspersky Lab ZAO)
O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9:64bit: - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\x64\klwtbbho.dll (Kaspersky Lab ZAO)
O9 - Extra Button: &Virtuelle Tastatur - {4248FE82-7FCB-46AC-B270-339F08212110} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\ievkbd.dll (Kaspersky Lab ZAO)
O9 - Extra Button: Li&nks untersuchen - {CCF151D8-D089-449F-A5A4-D9909053F20F} - C:\Program Files (x86)\Kaspersky Security Suite CBE 12\klwtbbho.dll (Kaspersky Lab ZAO)
O13 - gopher Prefix: missing
O15 - HKCU\..Trusted Domains: fritz.box ([]* in Lokales Intranet)
O15 - HKCU\..Trusted Ranges: Range1 ([*] in Lokales Intranet)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_37-windows-i586.cab (Java Plug-in 1.6.0_37)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{64C6BDA1-A2C6-4A3C-8479-A39F66767073}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D014BE1B-4D4B-4EF0-83D6-2A0C21709DD0}: DhcpNameServer = 192.168.2.1
O18:64bit: - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help - No CLSID value found
O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation)
O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation)
O20:64bit: - Winlogon\Notify\klogon: DllName - (%SystemRoot%\System32\klogon.dll) - C:\Windows\SysNative\klogon.dll (Kaspersky Lab ZAO)
O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O34 - HKLM BootExecute: (autocheck autochk *)
O35:64bit: - HKLM\..comfile [open] -- "%1" %*
O35:64bit: - HKLM\..exefile [open] -- "%1" %*
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %*
O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.04.27 13:30:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN
[2013.04.27 13:24:31 | 000,000,000 | ---D | C] -- C:\Windows\temp
[2013.04.27 12:43:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe
[2013.04.27 12:43:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe
[2013.04.27 12:43:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe
[2013.04.27 12:43:11 | 000,000,000 | ---D | C] -- C:\ComboFix
[2013.04.27 12:43:05 | 000,000,000 | ---D | C] -- C:\Qoobox
[2013.04.27 12:42:49 | 000,000,000 | ---D | C] -- C:\Windows\erdnt
[2013.04.27 12:33:53 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT
[2013.04.27 12:31:30 | 000,000,000 | ---D | C] -- C:\JRT
[2013.04.27 01:40:38 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013.04.27 01:40:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2013.04.10 18:34:45 | 000,000,000 | ---D | C] -- C:\f03381205d1c8bcd09
[2013.04.10 12:22:23 | 003,717,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll
[2013.04.10 12:22:22 | 003,217,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll
[2013.04.10 12:22:21 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\aaclient.dll
[2013.04.10 12:22:21 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\aaclient.dll
[2013.04.10 12:22:20 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tsgqec.dll
[2013.04.10 12:22:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tsgqec.dll
[2013.04.10 12:19:53 | 000,735,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll
[2013.04.10 12:19:37 | 000,247,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll
[2013.04.10 12:19:36 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll
[2013.04.10 12:19:35 | 000,134,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll
[2013.04.10 12:19:34 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll
[2013.04.10 12:19:34 | 000,132,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll
[2013.04.10 12:19:33 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll
[2013.04.10 12:18:53 | 005,550,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntoskrnl.exe
[2013.04.10 12:18:52 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntoskrnl.exe
[2013.04.10 12:18:51 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntkrnlpa.exe
[2013.04.10 12:18:49 | 000,112,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\smss.exe
[2013.04.10 12:18:49 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\csrsrv.dll
[2013.04.10 12:18:48 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\apisetschema.dll
 
========== Files - Modified Within 30 Days ==========
 
[2013.04.30 15:41:35 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2013.04.30 15:41:28 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.04.30 10:07:13 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 10:07:13 | 000,015,104 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.04.30 09:58:13 | 1579,626,496 | -HS- | M] () -- C:\hiberfil.sys
[2013.04.27 12:35:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI
[2013.04.27 12:35:50 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat
[2013.04.27 12:35:50 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat
[2013.04.27 12:35:50 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat
[2013.04.27 12:35:50 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat
[2013.04.11 11:24:05 | 000,416,312 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT
 
========== Files Created - No Company Name ==========
 
[2013.04.27 12:43:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe
[2013.04.27 12:43:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe
[2013.04.27 12:43:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe
[2013.04.27 12:43:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe
[2013.04.27 12:43:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe
[2013.02.27 17:50:39 | 000,010,631 | ---- | C] () -- C:\Users\Papa\autoppsi_elster_2048.pfx
[2013.02.25 22:28:37 | 000,000,057 | ---- | C] () -- C:\ProgramData\Ament.ini
[2012.10.13 13:37:58 | 000,005,632 | ---- | C] () -- C:\Users\Papa\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.06.28 16:37:46 | 000,017,408 | ---- | C] () -- C:\Users\Papa\AppData\Local\WebpageIcons.db
 
========== ZeroAccess Check ==========
 
[2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64
 
[HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64
"" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64
"" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]

< End of report >
         
Extras.txt:
Code:
ATTFilter
OTL Extras logfile created on: 30.04.2013 15:47:06 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Papa\Desktop
64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
1,96 Gb Total Physical Memory | 0,96 Gb Available Physical Memory | 49,16% Memory free
3,92 Gb Paging File | 2,36 Gb Available in Paging File | 60,10% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 231,70 Gb Total Space | 173,56 Gb Free Space | 74,91% Space Free | Partition Type: NTFS
 
Computer Name: PAPA-PC | User Name: Papa | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
 
========== Shell Spawning ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with &IrfanView] -- "C:\Program Files (x86)\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01  [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
 
========== System Restore Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
 
========== Firewall Settings ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
 
========== Authorized Applications List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0A5DD9A7-37CF-405F-8CF1-56271AD81D26}" = lport=139 | protocol=6 | dir=in | app=system | 
"{0C28AA23-693C-4F62-A3CD-29ED1F4E2757}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1D7D4434-B9BA-40A9-9DE6-DAEB183CF49C}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{1F8CA811-66BA-42C5-ACBC-6CEB884C06A3}" = lport=138 | protocol=17 | dir=in | app=system | 
"{2BDE5164-3538-40DD-B13D-6ECD5D1A0BE0}" = rport=138 | protocol=17 | dir=out | app=system | 
"{347433CB-6BE9-4476-BF2C-CB965F365E72}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{38E885AF-1A16-4124-8B9D-05271708B3F9}" = lport=445 | protocol=6 | dir=in | app=system | 
"{3E541E9F-1CA5-48FF-9907-5DD0497C58A2}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | 
"{589E75A1-2851-40AC-8A42-B37BE347349E}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{6FA1F2C6-25C2-426E-8C35-E9E26497F97A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{7BA56A87-C3F1-460B-BB32-9D8CDBD9AA56}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{9F921096-6DE9-49C4-8CFE-24B82AB9C4D0}" = lport=137 | protocol=17 | dir=in | app=system | 
"{A2116059-7BE1-4870-BE04-C75857941ACB}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A834A3EE-137E-450A-B285-7B56AF44F09F}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{A9095939-724C-4B03-88F0-6913B5FA909B}" = rport=137 | protocol=17 | dir=out | app=system | 
"{A9F77776-5125-4A79-B38F-1278A8CE9386}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{B7F21358-4F5A-4619-828F-848A5CE00B3E}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{BB9197A3-8DD9-45ED-ADE9-89B00D36FA3E}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{C0A26F0E-5ABA-4CEE-AD1B-DB9773D467E6}" = rport=139 | protocol=6 | dir=out | app=system | 
"{C4ED828C-B6A4-4474-87CF-F533E476338E}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{ED7AD717-6AF4-40A6-A164-ACE58549F8CC}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{FE06042F-BFF6-4037-BE0F-818341A4EF9E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02D9A683-BDD2-4455-BE78-FA2218A6E5D0}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{0FE64C13-9285-4105-9B73-F9379D104849}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{10A88D51-5F17-4A9C-9E12-D35B593AEFC0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{148A0E66-50E9-4F5F-B786-BF6CD95B64F4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{1EDEBD28-7021-4BC3-B265-807F93E177FD}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\devicesetup.exe | 
"{2D7B0D54-C70A-4724-B57A-F6A7FE5FC652}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{43EBF073-6480-4E46-8C01-8B547C4C6B08}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{460D2854-DFBC-4BA9-BA0B-0A66C8493274}" = protocol=17 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{4BA5324B-B1F3-4D7F-B828-D90354EBBBA0}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{5AB1978C-10F5-44A8-91D0-740602064E2C}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{5C064A6D-C2A9-4723-9D36-6C72D4318B20}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{6628293D-79E1-4D87-99F1-85A72194E9D3}" = protocol=6 | dir=in | app=c:\windows\syswow64\lxbkcoms.exe | 
"{672F2800-689D-423D-B29C-C75C411E253C}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{6D347638-64D6-4EA1-BA28-A23F16F3161D}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{6E9C5A55-5E20-41DE-9FB9-F2232D17730F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{8305D3D3-B3B9-413D-B3D7-D46762C094EE}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe | 
"{83AE423C-F0F2-49D8-953B-A85066746CFC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{8429D1C7-1AC0-480A-858D-0C9922228C69}" = dir=in | app=c:\program files (x86)\nokia\nokia suite\nokiasuite.exe | 
"{87B8AE5F-610C-49C5-A736-AA259A5C8070}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9A01FF75-3347-45AB-9DB7-45FF9E985792}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{9F25566F-B953-439A-B179-E3EA0E756467}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A36346E2-387A-4D80-8651-732765B91486}" = protocol=6 | dir=out | app=system | 
"{C684A090-4E05-4F21-8A3D-3624F8B3E857}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\groove.exe | 
"{C9F781E2-3D3A-4502-A09A-1A9CBA094678}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{CB01DF3D-5009-4240-8E5C-862A180E0A49}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{D710A860-6EA3-44C5-AD78-5C294ABA085D}" = dir=in | app=c:\program files\hp\hp officejet 6600\bin\hpnetworkcommunicator.exe | 
"{D7637050-8C8B-424F-B961-ACC16B63CA23}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{FFD7A68B-4621-4FFA-80B3-55DE3E7DCDD3}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX340_series" = Canon MX340 series MP Drivers
"{4D668D4F-FAA2-4726-834C-31F4614F312E}" = MSVC80_x64_v2
"{52167B0C-FB5D-43E7-BEC5-24EE6BEE2BA0}" = DVSE Updater
"{680EDA59-9266-44B4-949E-0C24F65DFF82}" = Microsoft_VC100_CRT_SP1_x64
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90140000-0011-0000-1000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{90140000-0015-0407-1000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-1000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-1000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-1000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-1000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-1000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-1000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0409-1000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-1000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0410-1000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-002C-0407-1000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-0043-0000-1000-0000000FF1CE}" = Microsoft Office Office 32-bit Components 2010
"{90140000-0043-0000-1000-0000000FF1CE}_Office14.PROPLUS_{E8B6D35B-0B6F-4DCE-9493-859BF3809A7F}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0043-0407-1000-0000000FF1CE}" = Microsoft Office Shared 32-bit MUI (German) 2010
"{90140000-0043-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8DFD91C7-66AE-4E54-9901-5D5F401AD329}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0044-0407-1000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2010
"{90140000-0044-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-1000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-1000-0000000FF1CE}_Office14.PROPLUS_{8299B64F-1537-4081-974C-033EAB8F098E}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-1000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00BA-0407-1000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2010
"{90140000-00BA-0407-1000-0000000FF1CE}_Office14.PROPLUS_{BBBD3986-9A9D-402A-BA73-CCDE3EF0ED77}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{AB071C8B-873C-459F-ACA9-9EBE03C3E89B}" = MSVC90_x64
"{B6B44AEB-3F57-45D7-9A89-5020135CBF90}" = Studie zur Verbesserung von HP Officejet 6600 Produkten
"{C768E610-4DFB-4A60-A59B-71549EB7BF75}" = HP Officejet 6600 - Grundlegende Software für das Gerät
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F" = Windows-Treiberpaket - Nokia pccsmcfd LegacyDriver  (05/31/2012 7.1.2.0)
"92F4CDC794E6E4E29DC063D292D1C94F6FA1EA1E" = Windows-Treiberpaket - Lenovo (ACPIVPC) System  (05/19/2009 4.4.0.1)
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"COPARTS Online" = COPARTS Online
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Office14.PROPLUS" = Microsoft Office Professional Plus 2010
"WinRAR archiver" = WinRAR
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{26A24AE4-039D-4CA4-87B4-2F83216037FF}" = Java(TM) 6 Update 37
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{85DF2EED-08BC-46FB-90DA-28B0D0A8E8A8}" = HP Update
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{AE1E24C2-E720-42D5-B8E1-48F71A97B4DB}" = Energy Management
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{B2945828-5E6B-44CF-9A08-1492D7D4E234}" = KingBill 2010
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{C818BA3A-226F-4ED0-9CEF-96A0DF300211}" = HP Officejet 6600 Hilfe
"{CA6BCA2F-EDEB-408F-850B-31404BE16A61}" = I.R.I.S. OCR
"{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar
"{DD1F8244-01DA-45C2-88DB-23A7F9764D82}" = TRW easycheck Update Application
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AVMFBox" = AVM FRITZ!Box Dokumentation
"AVMFBoxPrinter" = AVM FRITZ!Box Druckeranschluss
"Canon MX340 series Benutzerregistrierung" = Canon MX340 series Benutzerregistrierung
"Canon_IJ_Network_Scan_UTILITY" = Canon IJ Network Scan Utility
"Canon_IJ_Network_UTILITY" = Canon IJ Network Tool
"CanonMyPrinter" = Canon Utilities My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"COPARTS Online" = COPARTS Online
"EasyCapture4.0" = EasyCapture
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"InstallWIX_{45E557D6-2271-4F13-8101-C620B4285AB0}" = Kaspersky Security Suite CBE 12
"IrfanView" = IrfanView (remove only)
"Mozilla Firefox 13.0 (x86 de)" = Mozilla Firefox 13.0 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"MP Navigator EX 3.1" = Canon MP Navigator EX 3.1
"Nokia Suite" = Nokia Suite
"Picasa 3" = Picasa 3
"Speed Dial Utility" = Canon Kurzwahlprogramm
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 29.04.2013 13:13:42 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 29.04.2013 13:13:45 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:45 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:45 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 29.04.2013 13:13:50 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:50 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:50 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1024
Description = 
 
Error - 29.04.2013 13:13:55 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:55 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 11606
Description = 
 
Error - 29.04.2013 13:13:55 | Computer Name = Papa-PC | Source = MsiInstaller | ID = 1024
Description = 
 
[ System Events ]
Error - 29.04.2013 13:13:29 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Security Update for Microsoft Office 2010 (KB2589320)
 64-Bit Edition
 
Error - 29.04.2013 13:13:34 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Office 2010 (KB2553181) 
64-Bit-Edition
 
Error - 29.04.2013 13:13:38 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visio Viewer 
2010 (KB2597981) 64-Bit-Edition
 
Error - 29.04.2013 13:13:43 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft OneNote 2010 (KB2553290)
 64-Bit-Edition
 
Error - 29.04.2013 13:13:46 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Office-Dateiüberprüfung 2010, 64-Bit-Edition
 (KB2553065)
 
Error - 29.04.2013 13:13:50 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft Outlook Social Connector
 2010 (KB2553406) 64-Bit-Edition
 
Error - 29.04.2013 13:13:55 | Computer Name = Papa-PC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
 Fehler 0x80070643 fehlgeschlagen: Update für Microsoft OneNote 2010 (KB2589345)
 64-Bit-Edition
 
Error - 30.04.2013 00:04:06 | Computer Name = Papa-PC | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?29.?04.?2013 um 19:13:41 unerwartet heruntergefahren.
 
Error - 30.04.2013 04:01:41 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst SysMain erreicht.
 
Error - 30.04.2013 09:41:28 | Computer Name = Papa-PC | Source = Service Control Manager | ID = 7011
Description = Das Zeitlimit (30000 ms) wurde beim Warten auf eine Transaktionsrückmeldung
 von Dienst ShellHWDetection erreicht.
 
 
< End of report >
         
Der Rechner läuft soweit gut, nur das Anti-Viren-Programm Kaspersky Security Suite CBE 12 meldet eine Bedrohung. Was muss ich denn jetzt noch tun?

Alt 30.04.2013, 16:32   #8
M-K-D-B
/// TB-Ausbilder
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Zitat:
Zitat von Discreated Beitrag anzeigen
nur das Anti-Viren-Programm Kaspersky Security Suite CBE 12 meldet eine Bedrohung. Was muss ich denn jetzt noch tun?
Verrätst du mir auch, wo (in welcher Datei) Kaspersky welche Bedrohung findet?
Ich kann leider nicht hellsehen...
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Alt 03.05.2013, 15:46   #9
M-K-D-B
/// TB-Ausbilder
 
GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Standard

GVU-Trojaner , Win7 , abgesicherte Modus geht nicht



Fehlende Rückmeldung
Dieses Thema wurde aus den Abos gelöscht. Somit bekomme ich keine Benachrichtigung über neue Antworten.
PM an mich falls Du denoch weiter machen willst.

Hinweis: Das Verschwinden der Symptome bedeutet nicht, dass Dein Rechner schon sauber ist.

Jeder andere bitte hier klicken und einen eigenen Thread erstellen!
__________________
Grüße aus Bayern
M-K-D-B

______________________________________

Das Trojaner-Board unterstützen

Antwort

Themen zu GVU-Trojaner , Win7 , abgesicherte Modus geht nicht
abgesicherte, befallen, bingbar, brauche, dringend, geholfen, geht nicht, gvu-trojaner, hoffe, intranet, laptop, modus, oldtimer, otlpe, scan, scanne, scannen, schnell, win, win7



Ähnliche Themen: GVU-Trojaner , Win7 , abgesicherte Modus geht nicht


  1. BKA Trojaner eingefangen und der abgesicherte Modus start nicht mehr!
    Plagegeister aller Art und deren Bekämpfung - 25.05.2014 (14)
  2. GVU-Trojaner abgesicherter Modus in Win 7 geht nicht
    Plagegeister aller Art und deren Bekämpfung - 01.05.2014 (13)
  3. GVU Trojaner Win7 64 bit abgesicherter Modus geht nicht, Kaspersky WindowsUnlocker klapppt auch nicht
    Plagegeister aller Art und deren Bekämpfung - 17.11.2013 (13)
  4. GVU-Virus und der abgesicherte Modus oder Rescue-Disk funktionieren nicht
    Log-Analyse und Auswertung - 21.08.2013 (17)
  5. Auch hier: GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 26.07.2013 (12)
  6. GVU Trojaner - Abgesicherte Modus blockiert - Windows 7
    Plagegeister aller Art und deren Bekämpfung - 22.07.2013 (12)
  7. Win7 GVU Trojaner / abges. Modus geht nicht / frst64 scan liegt vor
    Log-Analyse und Auswertung - 21.07.2013 (9)
  8. GVU-Trojaner Win7 32Bit (Abgesicherter Modus geht nicht)
    Plagegeister aller Art und deren Bekämpfung - 17.06.2013 (49)
  9. GVU Trojaner abgesicherter Modus geht nicht
    Log-Analyse und Auswertung - 30.05.2013 (5)
  10. GVU Trojaner Win7 abgesichertes Modus geht nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 23.04.2013 (17)
  11. GVU Trojaner - F8 abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 10.03.2013 (4)
  12. 2x | SOS gvu trojaner hat zugeschlagen, abgesicherte modus geht auch nicht. Wie werde ich den virus los?
    Mülltonne - 02.02.2013 (14)
  13. GVU Trojaner blockiert Win7 Laptop - abgesicherter Modus geht nicht
    Plagegeister aller Art und deren Bekämpfung - 30.01.2013 (15)
  14. Win 7 Antivirus 2012 geht nichtmal im abgesicherte Modus
    Log-Analyse und Auswertung - 24.01.2012 (39)
  15. Gema virus! Abgesicherte modus und OTL geht nicht
    Plagegeister aller Art und deren Bekämpfung - 03.01.2012 (1)
  16. Win7 herunterfahren Button reagiert nicht, strg+alt+entf geht nicht mehr & cmd.exe geht nicht auf
    Plagegeister aller Art und deren Bekämpfung - 15.12.2011 (25)
  17. XP bootet nur im abgesicherte modus
    Alles rund um Windows - 02.07.2005 (3)

Zum Thema GVU-Trojaner , Win7 , abgesicherte Modus geht nicht - Hallo, ich brauche dringend hilfe da mein Laptop vom GVU-Trojaner befallen ist. Ich habe schon OTLPE by OldTimer Scannen lassen. ich hoffe mir kann schnell geholfen werden denn diesen Laptop - GVU-Trojaner , Win7 , abgesicherte Modus geht nicht...
Archiv
Du betrachtest: GVU-Trojaner , Win7 , abgesicherte Modus geht nicht auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.