| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: GVU Trojaner Problem, kommenicht mal in den abgesicherten ModusWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
09.07.2013, 16:52
| #16 |
| /// the machine /// TB-Ausbilder    |  GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Lass OTLPE laufen aus meinem ersten Post.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
09.07.2013, 19:22
| #17 |
 | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Hallo Schrauber.
__________________Endlich mal ein Teilerfolg. Hier ist das LogFile:OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/9/2013 11:10:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 90.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931.51 Gb Total Space | 778.31 Gb Free Space | 83.55% Space Free | Partition Type: NTFS
Drive I: | 31.23 Gb Total Space | 31.23 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (AvidSDMService)
SRV - [2013/06/12 12:46:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/13 18:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/01 10:29:30 | 000,296,448 | ---- | M] () [Auto] -- C:\Programme\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013/04/17 22:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/12 08:30:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/03 11:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/26 09:30:18 | 000,687,104 | ---- | M] () [Auto] -- C:\Programme\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/11 09:32:38 | 000,081,920 | ---- | M] (Avid Technology, Inc..) [Auto] -- C:\Programme\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/01/22 09:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- C:\Programme\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008/05/21 17:39:54 | 001,536,000 | ---- | M] () [Auto] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2008/04/13 22:22:12 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/03/28 20:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/20 21:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 04:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/07 22:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/07 22:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/07 22:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/07 22:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/07 22:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 02:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/06/03 04:45:50 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/05/14 02:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/25 09:41:43 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011/02/24 12:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/01/22 09:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 09:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 09:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 09:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/07/15 02:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 02:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/03/08 15:24:58 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MAudioProducer.sys -- (MAUSBPRODUCER)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 06:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/30 15:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/21 16:42:46 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2008/05/21 15:38:34 | 000,056,832 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/12/21 01:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 01:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/12/08 17:50:34 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [1998/02/19 16:54:58 | 000,088,064 | ---- | M] (///FAST Software Security) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HARDLOCK.SYS -- (Hardlock)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={965F1157-B26B-11E2-8A99-00E04D6394ED}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = eBay - eine der größten deutschen Shopping-Websites
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 04 DD 2B C6 EE CB 01 [binary data]
IE - HKU\Er_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Er_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Programme\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\extension@FastFreeConverter.com: C:\Programme\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com [2013/05/10 12:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2011/04/16 13:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Extensions
[2013/06/14 04:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Firefox\Profiles\vw2vcs2y.default\extensions
[2013/06/14 04:39:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Firefox\Profiles\vw2vcs2y.default\extensions\firefox@ghostery.com
[2011/02/01 06:51:22 | 000,002,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Mozilla\Firefox\Profiles\vw2vcs2y.default\searchplugins\search.xml
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com
[2013/06/12 14:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/06/12 14:12:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/12 14:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com\content
[2013/06/12 14:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com\defaults
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VW2VCS2Y.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2013/05/10 12:57:23 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\PROGRAMME\FAST FREE CONVERTER\FASTFREECONVERTER\EXTENSION@FASTFREECONVERTER.COM
[2011/03/27 14:35:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/03/30 06:39:40 | 000,431,610 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 Ó¢»Ê¹ú¼ÊÓéÀÖ³Ç-www.0scan.com-³¯Ñô¶«Ìú¿ó²úÆ·ÏúÊÛÓÐÏÞ¹«Ë¾
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (PinPhotoZoom) - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PinPhotoZoom\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Programme\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Er_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [EaseUs Watch] C:\Programme\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Everything] C:\Programme\Everything\Everything.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [ROC_JAN2013_TB] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Er_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Er_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301249309686 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301253624310 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Er_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/24 16:43:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell\AutoRun\command - "" = D:\READ32\AcroRd32.exe Menue.pdf
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (/sync /restart) - File not found
O34 - HKLM BootExecute: (/sync /restart) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/09 11:55:56 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/17 06:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013/06/14 04:50:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\File Shredder
[2013/06/13 06:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\Eraser 6
[2013/06/13 06:28:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2013/06/13 05:59:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2013/06/13 05:59:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2013/06/13 05:59:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2013/06/13 05:59:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2013/06/13 05:59:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2013/06/13 05:59:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2013/06/13 05:59:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2013/06/13 05:59:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2013/06/13 05:59:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2013/06/13 05:59:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2013/06/13 05:59:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2013/06/13 05:59:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2013/06/13 04:52:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2013/06/12 14:11:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2013/07/09 15:46:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/09 14:00:34 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater Ui.job
[2013/07/09 14:00:28 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/07/09 14:00:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater.job
[2013/07/09 13:58:32 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/09 13:58:17 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/09 13:57:18 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/08 12:11:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/07 09:50:33 | 000,163,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,035 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/06/14 04:50:29 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Desktop\File Shredder.lnk
[2013/06/14 04:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\File Shredder
[2013/06/13 06:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2013/06/13 05:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/13 04:52:23 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk
[2013/06/13 04:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2013/06/12 16:38:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/12 12:46:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 12:46:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
========== Files Created - No Company Name ==========
[2013/07/08 12:11:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/07/07 09:50:33 | 000,163,062 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,035 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,027 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
[2013/06/14 04:50:29 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Desktop\File Shredder.lnk
[2013/05/01 15:06:36 | 000,649,920 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/03/08 19:56:06 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2013/03/08 19:51:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2013/03/08 19:51:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2013/01/06 09:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/01/06 09:27:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2013/01/06 09:27:43 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013/01/06 09:27:43 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/12/13 18:29:14 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2012/12/10 12:10:35 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/04 17:29:46 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2012/12/04 17:29:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012/12/04 17:29:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2012/12/03 08:09:53 | 108,765,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\.09-06-28_20-16.00.avi
[2012/11/29 10:56:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/11/27 08:08:14 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 10:00:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/01 13:16:43 | 000,001,606 | ---- | C] () -- C:\WINDOWS\System32\font.ini
[2011/07/28 15:37:36 | 000,000,032 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011/07/25 09:42:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2011/07/25 09:41:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/04/17 09:00:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/17 08:41:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2011/04/17 08:41:42 | 000,006,855 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2011/04/17 08:41:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2011/04/17 08:34:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/16 13:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/05 17:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/31 07:10:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/03/31 04:43:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/03/30 06:34:27 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2011/03/28 11:39:41 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2011/03/28 11:39:37 | 001,536,000 | ---- | C] () -- C:\WINDOWS\System32\AvidStartup.exe
[2011/03/28 11:34:02 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2011/03/28 11:34:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/28 11:25:15 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll
[2011/03/28 11:25:15 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2011/03/28 11:13:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/03/28 11:13:05 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/03/28 11:13:05 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/03/28 11:13:05 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/03/28 11:13:05 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/03/28 10:19:48 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/28 07:10:13 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/28 07:10:10 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/28 07:10:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/24 16:44:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 16:41:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/24 16:31:31 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/24 16:30:17 | 000,176,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 05:58:18 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/08 05:58:18 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/07/08 05:58:18 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 05:58:18 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/08 05:58:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/08 05:58:18 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/07/08 05:58:18 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/07/08 03:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/05/20 13:35:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2003/05/20 13:15:38 | 000,059,824 | ---- | C] () -- C:\WINDOWS\unwise.exe
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,518,976 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 08:00:00 | 000,474,352 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,101,832 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 08:00:00 | 000,076,776 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/05/11 14:41:02 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
========== LOP Check ==========
[2012/10/06 07:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\AVG2013
[2011/03/30 06:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Avid
[1999/05/11 14:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Canneverbe Limited
[1999/05/13 10:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Canon
[2011/05/11 08:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\CD-LabelPrint
[2012/12/13 22:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Digidesign
[2001/12/03 17:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\DVDVideoSoft
[2012/12/13 19:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Leadertech
[2001/12/03 17:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\OCS
[2001/12/03 17:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Opera
[2012/12/13 19:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PACE Anti-Piracy
[2013/05/01 10:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PinPhotoZoom
[2013/03/08 20:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Steinberg
[2013/05/01 10:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\SwvUpdater
[2012/11/29 10:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\TeamViewer
[2012/10/06 07:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\TuneUp Software
[2011/03/30 07:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Windows Search
[2012/11/27 06:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\TuneUp Software
[2011/07/14 09:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2012/10/06 07:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013
[1999/05/11 14:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011/05/10 12:07:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/05/10 12:48:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2011/12/12 09:11:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2011/05/10 12:48:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2011/05/10 12:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup
[1999/05/11 17:13:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2011/05/10 12:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2011/07/28 15:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CDRWIN 9
[2011/07/14 06:44:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2013/03/08 19:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2011/03/27 16:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2011/03/27 16:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2013/07/09 13:20:03 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012/12/13 19:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy
[2013/05/06 06:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
[2011/03/28 11:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Shared Avid Projects
[2013/03/08 19:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2013/07/09 14:00:28 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\AmiUpdXp.job
[2013/05/01 14:59:29 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Freemium1ClickMaint.job
[2013/07/09 13:58:17 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
[2013/07/09 14:00:34 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Software Updater Ui.job
[2013/07/09 14:00:26 | 000,000,588 | ---- | M] () -- C:\WINDOWS\Tasks\Software Updater.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F74775D0D27F5603
@Alternate Data Stream - 1304 bytes -> C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\hJtAnl1TXkiS:NTkuyQDSeZtc84yd1Upi
@Alternate Data Stream - 1258 bytes -> C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\lpFNwcleN:YpHBh5PueN4ObzkR
@Alternate Data Stream - 1250 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:wlHfPV5JAOBGtgo7pM4LipR0h2
@Alternate Data Stream - 1145 bytes -> C:\Programme\Outlook Express:Nutxl4I4e6oxUmd0CaRXtRkZF
@Alternate Data Stream - 1123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:ABeQyBTC9sGL86NqrKugw
@Alternate Data Stream - 1112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:fVPPyFNkgHQ1seUPLaaiG3kK5kJr
@Alternate Data Stream - 1092 bytes -> C:\Programme\Outlook Express:JV2QD6i2fl7smlQ50d3JKm9qy
@Alternate Data Stream - 1084 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:gLXU4ropegVcYCFF93nd3c
@Alternate Data Stream - 1067 bytes -> C:\Dokumente und Einstellungen\Er\Cookies:Mk3yw2F5o4AAwigb9985V8wl
< End of report >
|
|
09.07.2013, 19:51
| #18 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten ModusFixen mit OTL
Code:
ATTFilter :OTL
O4 - HKLM..\Run: [Everything] C:\Programme\Everything\Everything.exe ()
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKU\UpdatusUser_ON_C..\Run: [ROC_JAN2013_TB] File not found
O20 - HKU\Er_ON_C Winlogon: Shell - (cmd.exe) - C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
[2013/07/07 09:50:33 | 000,163,062 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,035 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\2433f433
[2013/07/07 09:50:33 | 000,163,027 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433
:Commands
[emptytemp]
__________________ |
|
09.07.2013, 21:32
| #19 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus OTLPE kann man nicht mehr aufmachen. Für einen Bruchteil der Sekunde blitzt ein Fenster auf und verschwindet. Sonst passiert nichts. Die Everything.exe habe ich selber installiert vor langer Zeit. Ist ein Suchprogramm für alle Dateien und Ordner auf der Festplatte. |
|
10.07.2013, 08:52
| #20 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Die anderen Einträge sind die relevanten. Du bootest also in Reatogo und nur OTL öffnet nicht?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2013, 09:12
| #21 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Hallo. Genau so ist es. Ich werde es heute Nachmittag weiter probieren, habe gerade sehr viel zu tun, komme zu gar nichts. Gebe dann Bescheid. |
|
10.07.2013, 09:15
| #22 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Ok. zur not die Scheibe neu brennen.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2013, 13:27
| #23 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Everything deleted successfully. C:\Programme\Everything\Everything.exe moved successfully. Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\KernelFaultCheck deleted successfully. Registry value HKEY_USERS\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Run\\ROC_JAN2013_TB deleted successfully. Registry value HKEY_USERS\Er_ON_C\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\Shell:cmd.exe deleted successfully. C:\WINDOWS\system32\cmd.exe moved successfully. C:\Dokumente und Einstellungen\Er\Anwendungsdaten\2433f433 moved successfully. C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\2433f433 moved successfully. C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\2433f433 moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Administrator ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Er ->Temp folder emptied: 618920684 bytes ->Temporary Internet Files folder emptied: 131886013 bytes ->Java cache emptied: 94196 bytes ->FireFox cache emptied: 44830827 bytes ->Flash cache emptied: 1418 bytes User: LocalService ->Temp folder emptied: 66016 bytes ->Temporary Internet Files folder emptied: 1194014 bytes User: NetworkService ->Temp folder emptied: 1105878 bytes ->Temporary Internet Files folder emptied: 49554 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1138908 bytes %systemroot%\System32 .tmp files removed: 2951 bytes %systemroot%\System32\dllcache .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 392714126 bytes Total Files Cleaned = 1,137.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 07102013_181855 |
|
10.07.2013, 13:48
| #24 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Kannst neu und normal booten?
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2013, 14:04
| #25 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Leider startet er ins schwarze. Er zeigt noch, dass Windows gestartet wird, dann kommt schwarzer Bildschirm und so bleibt es auch. :-( |
|
10.07.2013, 14:23
| #26 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Frisches OTLPE Scanlog bitte.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2013, 15:03
| #27 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus OTL Logfile: Code:
ATTFilter OTL logfile created on: 7/10/2013 8:58:24 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free
Paging file location(s): C:\pagefile.sys 0 0 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Programme
Drive C: | 931.51 Gb Total Space | 779.42 Gb Free Space | 83.67% Space Free | Partition Type: NTFS
Drive I: | 31.23 Gb Total Space | 31.23 Gb Free Space | 99.99% Space Free | Partition Type: FAT32
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001
========== Win32 Services (SafeList) ==========
SRV - File not found [Auto] -- -- (AvidSDMService)
SRV - [2013/06/12 12:46:30 | 000,256,904 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/06/03 10:21:54 | 000,162,408 | R--- | M] (Skype Technologies) [Auto] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2013/05/13 18:54:12 | 004,937,264 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent)
SRV - [2013/05/01 10:29:30 | 000,296,448 | ---- | M] () [Auto] -- C:\Programme\SoftwareUpdater\SystemStore.exe -- (SystemStoreService)
SRV - [2013/04/17 22:34:38 | 000,283,136 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Programme\AVG\AVG2013\avgwdsvc.exe -- (avgwd)
SRV - [2013/02/12 08:30:45 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/01/27 06:11:46 | 000,020,456 | ---- | M] (Microsoft Corporation) [Auto] -- C:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2012/12/03 11:40:50 | 001,259,880 | ---- | M] (NVIDIA Corporation) [Auto] -- C:\Programme\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService)
SRV - [2012/11/26 09:30:18 | 000,687,104 | ---- | M] () [Auto] -- C:\Programme\Fast Free Converter\FastFreeConverterUpdt.exe -- (FastFreeConverterUpdt)
SRV - [2011/11/10 09:17:31 | 000,167,264 | ---- | M] () [On_Demand] -- C:\Programme\AVG\AVG10\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2011/08/11 09:32:38 | 000,081,920 | ---- | M] (Avid Technology, Inc..) [Auto] -- C:\Programme\Digidesign\Drivers\MMERefresh.exe -- (DigiRefresh)
SRV - [2011/01/22 09:58:30 | 000,055,688 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Auto] -- C:\Programme\EASEUS\Todo Backup 2.0\bin\Agent.exe -- (EASEUS Agent)
SRV - [2008/05/21 17:39:54 | 001,536,000 | ---- | M] () [Auto] -- C:\WINDOWS\system32\AvidStartup.exe -- (AvidStartup)
SRV - [2008/04/13 22:22:12 | 000,036,864 | ---- | M] (Microsoft Corporation) [Auto] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2005/11/13 20:06:04 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand] -- C:\Programme\Gemeinsame Dateien\InstallShield\Driver\1150\Intel 32\IDriverT.exe -- (IDriverT)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2013/07/10 13:00:22 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft\Microsoft Antimalware\Definition Updates\{51B0666C-20C3-45DD-BDAD-1342118CFBAF}\MpKslfcfc3e5b.sys -- (MpKslfcfc3e5b)
DRV - [2013/03/28 20:53:48 | 000,208,184 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsdriverx.sys -- (AVGIDSDriver)
DRV - [2013/03/20 21:08:24 | 000,182,072 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2013/03/01 04:32:20 | 000,022,328 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgidsshimx.sys -- (AVGIDSShim)
DRV - [2013/02/07 22:37:58 | 000,096,568 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2013/02/07 22:37:56 | 000,245,048 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avglogx.sys -- (Avglogx)
DRV - [2013/02/07 22:37:52 | 000,060,216 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\avgidshx.sys -- (AVGIDSHX)
DRV - [2013/02/07 22:37:44 | 000,170,808 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2013/02/07 22:37:40 | 000,039,224 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot] -- C:\WINDOWS\system32\drivers\avgrkx86.sys -- (Avgrkx86)
DRV - [2012/07/04 02:54:32 | 007,874,560 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2012/06/03 04:45:50 | 000,005,504 | ---- | M] () [File_System | Auto] -- C:\WINDOWS\System32\drivers\StarOpen.sys -- (StarOpen)
DRV - [2012/05/14 02:12:12 | 000,103,040 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AtihdXP3.sys -- (AtiHDAudioService)
DRV - [2011/07/25 09:41:43 | 000,306,816 | ---- | M] (AfaTech ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AF15BDA.sys -- (AF15BDA)
DRV - [2011/02/24 12:21:10 | 006,340,200 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2011/01/22 09:58:22 | 000,020,744 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\eufs.sys -- (EUFS)
DRV - [2011/01/22 09:58:20 | 000,014,216 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | System] -- C:\WINDOWS\system32\drivers\eudskacs.sys -- (EUDSKACS)
DRV - [2011/01/22 09:58:18 | 000,030,472 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\eubakup.sys -- (EUBAKUP)
DRV - [2011/01/22 09:58:16 | 000,187,400 | ---- | M] (CHENGDU YIWO Tech Development Co., Ltd) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EuDisk.sys -- (EuDisk)
DRV - [2010/07/15 02:44:20 | 000,013,192 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\epmntdrv.sys -- (epmntdrv)
DRV - [2010/07/15 02:44:20 | 000,008,456 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\EuGdiDrv.sys -- (EuGdiDrv)
DRV - [2010/03/08 15:24:58 | 000,158,344 | ---- | M] (Avid Technology, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MAudioProducer.sys -- (MAUSBPRODUCER)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/12/23 06:32:26 | 000,086,016 | ---- | M] (PACE Anti-Piracy, Inc.) [Kernel | Boot] -- C:\WINDOWS\System32\drivers\TPkd.sys -- (TPkd)
DRV - [2009/11/18 01:17:00 | 001,395,800 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Monfilt.sys -- (Monfilt)
DRV - [2009/11/18 01:16:00 | 001,691,480 | ---- | M] (Creative) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (Ambfilt)
DRV - [2008/10/30 15:14:20 | 000,117,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/05/21 16:42:46 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System] -- C:\WINDOWS\System32\drivers\aspi32.sys -- (Aspi32)
DRV - [2008/05/21 15:38:34 | 000,056,832 | ---- | M] () [Kernel | System] -- C:\WINDOWS\system32\drivers\AvidXPSerial.sys -- (Serial)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2008/04/13 14:46:22 | 000,015,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\MPE.sys -- (MPE)
DRV - [2006/12/21 01:30:02 | 000,090,688 | ---- | M] (SafeNet, Inc.) [Kernel | Auto] -- C:\WINDOWS\System32\Drivers\SENTINEL.SYS -- (Sentinel)
DRV - [2006/12/21 01:30:02 | 000,033,504 | ---- | M] (SafeNet, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\SNTNLUSB.SYS -- (SNTNLUSB)
DRV - [2006/12/08 17:50:34 | 000,011,776 | ---- | M] (Digidesign, A Division of Avid Technology, Inc.) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\diginet.sys -- (DigiNet)
DRV - [2005/02/23 08:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [1998/02/19 16:54:58 | 000,088,064 | ---- | M] (///FAST Software Security) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\HARDLOCK.SYS -- (Hardlock)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://start.sweetpacks.com/?src=10&st=12&crg=3.5000006.10042&barid={965F1157-B26B-11E2-8A99-00E04D6394ED}
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = eBay - eine der größten deutschen Shopping-Websites
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Aktuelle Nachrichten, Outlook.com Email und Skype Login.
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\Er_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 52 04 DD 2B C6 EE CB 01 [binary data]
IE - HKU\Er_ON_C\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - Reg Error: Key error. File not found
IE - HKU\Er_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\LocalService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\NetworkService_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\UpdatusUser_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "Bing"
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "hxxp://www.ebay.de/"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {1E73965B-8B48-48be-9C8D-68B920ABC1C4}:10.0.0.1410
FF - prefs.js..extensions.enabledItems: {82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}:5.6.0.8153
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA}:6.0.26
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA}:6.0.29
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_7_700_224.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Programme\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Programme\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Programme\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Programme\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{C4CFC0DE-134F-4466-B2A2-FF7C59A8BFAD}: C:\Programme\Updater By SweetPacks\Firefox
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\extension@FastFreeConverter.com: C:\Programme\Fast Free Converter\FastFreeConverter\extension@FastFreeConverter.com [2013/05/10 12:57:23 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Components: C:\Programme\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 21.0\extensions\\Plugins: C:\Programme\Mozilla Firefox\plugins
[2011/04/16 13:14:49 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Extensions
[2013/06/14 04:39:43 | 000,000,000 | ---D | M] (No name found) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Firefox\Profiles\vw2vcs2y.default\extensions
[2013/06/14 04:39:43 | 000,000,000 | ---D | M] (Ghostery) -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\mozilla\Firefox\Profiles\vw2vcs2y.default\extensions\firefox@ghostery.com
[2011/02/01 06:51:22 | 000,002,376 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Mozilla\Firefox\Profiles\vw2vcs2y.default\searchplugins\search.xml
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (Skype extension) -- C:\Programme\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2013/06/12 14:11:40 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com
[2013/06/12 14:12:55 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\browser\extensions
[2013/06/12 14:12:55 | 000,000,000 | ---D | M] (Default) -- C:\Programme\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2013/06/12 14:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com\content
[2013/06/12 14:11:39 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions\extension@FastFreeConverter.com\defaults
File not found (No name found) --
() (No name found) -- C:\DOKUMENTE UND EINSTELLUNGEN\ER\ANWENDUNGSDATEN\MOZILLA\FIREFOX\PROFILES\VW2VCS2Y.DEFAULT\EXTENSIONS\{D49175B3-3FD8-43B8-B28E-DA5D47F3C398}.XPI
[2013/05/10 12:57:23 | 000,000,000 | ---D | M] (Fast Free Converter) -- C:\PROGRAMME\FAST FREE CONVERTER\FASTFREECONVERTER\EXTENSION@FASTFREECONVERTER.COM
[2011/03/27 14:35:26 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAMME\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/03/30 06:39:40 | 000,431,610 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 Ó¢»Ê¹ú¼ÊÓéÀÖ³Ç-www.0scan.com-³¯Ñô¶«Ìú¿ó²úÆ·ÏúÊÛÓÐÏÞ¹«Ë¾
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 ²©²Êͨ,²©²ÊÍø,½ð±¦²©188,²©²ÊͨÆÀ¼¶,°Ù¼ÒÀÖ,°ÂÃî°Ù¼ÒÀÖ
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 14855 more lines...
O2 - BHO: (Adobe PDF Reader) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Gemeinsame Dateien\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - Reg Error: Value error. File not found
O2 - BHO: (PinPhotoZoom) - {4a0c8953-9d4e-4790-b732-2b9fc9ebce05} - C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PinPhotoZoom\AutocompletePro.dll (SimplyGen)
O2 - BHO: (Fast Free Converter 3.0) - {A071936A-AB6B-4978-9342-E47C06FCDEC1} - C:\Programme\Fast Free Converter\FastFreeConverter\FastFreeConverter.dll (Fast Free Converter)
O2 - BHO: (AcroIEToolbarHelper Class) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O3 - HKLM\..\Toolbar: (no name) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - No CLSID value found.
O3 - HKU\Er_ON_C\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll ()
O4 - HKLM..\Run: [Adobe ARM] C:\Programme\Gemeinsame Dateien\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_UI] C:\Programme\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Programme\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Programme\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.)
O4 - HKLM..\Run: [DigidesignMMERefresh] C:\Programme\Digidesign\Drivers\MMERefresh.exe (Avid Technology, Inc..)
O4 - HKLM..\Run: [EaseUs Watch] C:\Programme\EASEUS\Todo Backup 2.0\bin\EuWatch.exe (CHENGDU YIWO Tech Development Co., Ltd)
O4 - HKLM..\Run: [Everything] File not found
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\WINDOWS\system32\M-AudioTaskBarIcon.exe (Avid Technology, Inc.)
O4 - HKLM..\Run: [MSC] C:\Programme\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [StartCCC] C:\Programme\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.)
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] C:\Programme\Gemeinsame Dateien\Microsoft Shared\DW\DWTRIG20.EXE (Microsoft Corporation)
O4 - HKU\UpdatusUser_ON_C..\Run: [ROC_JAN2013_TB] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Er_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Er_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\UpdatusUser_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase6886.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1301249309686 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1301253624310 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} hxxp://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Value error. File not found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Gemeinsame Dateien\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Gemeinsame Dateien\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKU\Er_ON_C Winlogon: Shell - (cmd.exe) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 (Die derzeitige Homepage) - About:Home
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Programme\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2011/03/24 16:43:10 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b69c7074-b7e2-11e0-bb6f-806d6172696f}\Shell\AutoRun\command - "" = D:\READ32\AcroRd32.exe Menue.pdf
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (/sync /restart) - File not found
O34 - HKLM BootExecute: (/sync /restart) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2013\avgrsx.exe /sync /restart) - C:\Programme\AVG\AVG2013\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
========== Files/Folders - Created Within 30 Days ==========
[2013/07/10 18:18:56 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/07/09 11:55:56 | 000,000,000 | ---D | C] -- C:\Kaspersky Rescue Disk 10.0
[2013/06/17 06:15:24 | 000,000,000 | ---D | C] -- C:\Programme\Gemeinsame Dateien\Skype
[2013/06/14 04:50:28 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\File Shredder
[2013/06/13 06:51:20 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\Eraser 6
[2013/06/13 06:28:08 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2013/06/13 05:59:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdjpn.dll
[2013/06/13 05:59:33 | 000,008,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdjpn.dll
[2013/06/13 05:59:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbdkor.dll
[2013/06/13 05:59:33 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdkor.dll
[2013/06/13 05:59:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101c.dll
[2013/06/13 05:59:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101c.dll
[2013/06/13 05:59:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd103.dll
[2013/06/13 05:59:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd103.dll
[2013/06/13 05:59:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd101b.dll
[2013/06/13 05:59:32 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101b.dll
[2013/06/13 05:59:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\kbd106.dll
[2013/06/13 05:59:25 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd106.dll
[2013/06/13 04:52:23 | 000,000,000 | ---D | C] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2013/06/12 14:11:36 | 000,000,000 | ---D | C] -- C:\Programme\Mozilla Firefox
========== Files - Modified Within 30 Days ==========
[2013/07/10 13:46:15 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/07/10 13:00:50 | 000,000,430 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater Ui.job
[2013/07/10 13:00:40 | 000,000,588 | ---- | M] () -- C:\WINDOWS\tasks\Software Updater.job
[2013/07/10 13:00:30 | 000,000,392 | ---- | M] () -- C:\WINDOWS\tasks\AmiUpdXp.job
[2013/07/10 12:58:27 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/07/10 12:57:57 | 000,000,334 | ---- | M] () -- C:\WINDOWS\tasks\ROC_JAN2013_TB_rmv.job
[2013/07/10 12:56:57 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/07/08 12:11:29 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/14 04:50:29 | 000,000,740 | ---- | M] () -- C:\Dokumente und Einstellungen\Er\Desktop\File Shredder.lnk
[2013/06/14 04:50:29 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\File Shredder
[2013/06/13 06:28:09 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\TeamViewer 7
[2013/06/13 05:03:57 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/06/13 04:52:23 | 000,000,707 | ---- | M] () -- C:\Dokumente und Einstellungen\All Users\Desktop\AVG 2013.lnk
[2013/06/13 04:52:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Startmenü\Programme\AVG
[2013/06/12 16:38:24 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/06/12 12:46:29 | 000,692,104 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/06/12 12:46:28 | 000,071,048 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
========== Files Created - No Company Name ==========
[2013/07/08 12:11:29 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2013/06/14 04:50:29 | 000,000,740 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Desktop\File Shredder.lnk
[2013/05/01 15:06:36 | 000,649,920 | ---- | C] () -- C:\Dokumente und Einstellungen\LocalService\Lokale Einstellungen\Anwendungsdaten\FontCache3.0.0.0.dat
[2013/03/08 19:56:06 | 000,002,892 | ---- | C] () -- C:\WINDOWS\System32\audcon.sys
[2013/03/08 19:51:22 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe.cfg
[2013/03/08 19:51:14 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\SYNSOPOS.exe
[2013/01/06 09:29:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2013/01/06 09:27:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2013/01/06 09:27:43 | 000,618,823 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2013/01/06 09:27:43 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2012/12/13 18:29:14 | 000,217,088 | ---- | C] () -- C:\WINDOWS\System32\qtmlClient.dll
[2012/12/10 12:10:35 | 002,816,504 | ---- | C] () -- C:\WINDOWS\System32\nvdata.data
[2012/12/04 17:29:46 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\ntrights.exe
[2012/12/04 17:29:46 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2012/12/04 17:29:45 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\drivers\AvidXPSerial.sys
[2012/12/03 08:09:53 | 108,765,184 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\.09-06-28_20-16.00.avi
[2012/11/29 10:56:00 | 000,000,011 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2012/11/27 08:08:14 | 000,010,752 | ---- | C] () -- C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/02/17 10:00:04 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2011/08/01 13:16:43 | 000,001,606 | ---- | C] () -- C:\WINDOWS\System32\font.ini
[2011/07/28 15:37:36 | 000,000,032 | -HS- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\.zreglib
[2011/07/25 09:42:23 | 000,000,126 | ---- | C] () -- C:\WINDOWS\System32\AF15IRTBL.bin
[2011/07/25 09:41:58 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2011/04/17 09:00:47 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/04/17 08:41:42 | 000,149,504 | ---- | C] () -- C:\WINDOWS\Unwise32.exe
[2011/04/17 08:41:42 | 000,006,855 | ---- | C] () -- C:\WINDOWS\Unwise32.ini
[2011/04/17 08:41:28 | 000,000,221 | ---- | C] () -- C:\WINDOWS\KTEL.INI
[2011/04/17 08:34:02 | 000,000,400 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/04/16 13:14:38 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/04/05 17:09:48 | 000,059,904 | ---- | C] () -- C:\WINDOWS\System32\OVDecode.dll
[2011/03/31 07:10:43 | 000,003,776 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2011/03/31 04:43:45 | 000,000,032 | ---- | C] () -- C:\WINDOWS\System32\EUOD.DAT
[2011/03/30 06:34:27 | 000,001,755 | ---- | C] () -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\QTSBandwidthCache
[2011/03/28 11:39:41 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\PtSSE2.dll
[2011/03/28 11:39:37 | 001,536,000 | ---- | C] () -- C:\WINDOWS\System32\AvidStartup.exe
[2011/03/28 11:34:02 | 001,900,132 | ---- | C] () -- C:\WINDOWS\System32\ExpansionHD_Firmware.bin
[2011/03/28 11:34:02 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\DigiPlatformSupport.dll
[2011/03/28 11:25:15 | 001,728,606 | ---- | C] () -- C:\WINDOWS\System32\libmmdd.dll
[2011/03/28 11:25:15 | 001,658,973 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll
[2011/03/28 11:13:06 | 000,014,848 | ---- | C] () -- C:\WINDOWS\System32\EuEpmGdi.dll
[2011/03/28 11:13:05 | 002,336,384 | ---- | C] () -- C:\WINDOWS\System32\BootMan.exe
[2011/03/28 11:13:05 | 000,086,408 | ---- | C] () -- C:\WINDOWS\System32\setupempdrv03.exe
[2011/03/28 11:13:05 | 000,013,192 | ---- | C] () -- C:\WINDOWS\System32\epmntdrv.sys
[2011/03/28 11:13:05 | 000,008,456 | ---- | C] () -- C:\WINDOWS\System32\EuGdiDrv.sys
[2011/03/28 10:19:48 | 000,000,127 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/03/28 07:10:13 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2011/03/28 07:10:10 | 001,072,544 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2011/03/28 07:10:10 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2011/03/24 16:44:20 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2011/03/24 16:41:11 | 000,021,740 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/24 16:31:31 | 000,004,335 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/24 16:30:17 | 000,176,264 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/08 05:58:18 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/07/08 05:58:18 | 001,657,376 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2009/07/08 05:58:18 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/07/08 05:58:18 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/07/08 05:58:18 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/08 05:58:18 | 000,449,056 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2009/07/08 05:58:18 | 000,436,768 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2009/07/08 03:07:00 | 001,580,550 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2008/05/26 16:23:36 | 000,016,834 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2008/05/26 16:23:34 | 000,024,188 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2008/05/26 16:23:32 | 000,016,568 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2008/05/26 15:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 15:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2004/08/02 08:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/05/20 13:35:04 | 000,016,384 | ---- | C] () -- C:\WINDOWS\System32\FileOps.exe
[2003/05/20 13:15:38 | 000,059,824 | ---- | C] () -- C:\WINDOWS\unwise.exe
[2001/08/18 08:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/18 08:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/18 08:00:00 | 000,518,976 | ---- | C] () -- C:\WINDOWS\System32\perfh007.dat
[2001/08/18 08:00:00 | 000,474,352 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/18 08:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/18 08:00:00 | 000,269,480 | ---- | C] () -- C:\WINDOWS\System32\perfi007.dat
[2001/08/18 08:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/18 08:00:00 | 000,101,832 | ---- | C] () -- C:\WINDOWS\System32\perfc007.dat
[2001/08/18 08:00:00 | 000,076,776 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/18 08:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/18 08:00:00 | 000,034,478 | ---- | C] () -- C:\WINDOWS\System32\perfd007.dat
[2001/08/18 08:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/18 08:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/18 08:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2001/08/18 08:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1999/05/11 14:41:02 | 000,005,504 | ---- | C] () -- C:\WINDOWS\System32\drivers\StarOpen.sys
========== LOP Check ==========
[2012/10/06 07:14:51 | 000,000,000 | ---D | M] -- C:\WINDOWS\system32\config\systemprofile\Anwendungsdaten\AVG2013
[2012/10/06 07:16:41 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\AVG2013
[2011/03/30 06:40:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Avid
[1999/05/11 14:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Canneverbe Limited
[1999/05/13 10:24:23 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Canon
[2011/05/11 08:31:19 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\CD-LabelPrint
[2012/12/13 22:00:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Digidesign
[2001/12/03 17:47:53 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\DVDVideoSoft
[2012/12/13 19:33:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Leadertech
[2001/12/03 17:42:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\OCS
[2001/12/03 17:42:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Opera
[2012/12/13 19:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PACE Anti-Piracy
[2013/05/01 10:30:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\PinPhotoZoom
[2013/03/08 20:05:33 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Steinberg
[2013/05/01 10:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\SwvUpdater
[2012/11/29 10:22:26 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\TeamViewer
[2012/10/06 07:14:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\TuneUp Software
[2011/03/30 07:16:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\Er\Anwendungsdaten\Windows Search
[2012/11/27 06:48:24 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\UpdatusUser\Anwendungsdaten\TuneUp Software
[2011/07/14 09:23:50 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG Security Toolbar
[2012/10/06 07:15:05 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\AVG2013
[1999/05/11 14:41:18 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Canneverbe Limited
[2011/05/10 12:07:42 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonBJ
[2011/05/10 12:48:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonEPP
[2011/12/12 09:11:05 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEGV
[2011/05/10 12:48:45 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJEPPEX2
[2011/05/10 12:43:42 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJMSetup
[1999/05/11 17:13:39 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJScan
[2011/05/10 12:17:55 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CanonIJWSpt
[2011/07/28 15:26:37 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\CDRWIN 9
[2011/07/14 06:44:15 | 000,000,000 | -H-D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Common Files
[2013/03/08 19:53:54 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\eLicenser
[2011/03/27 16:36:28 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\explauncher
[2011/03/27 16:36:27 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\launcher
[2013/07/10 13:02:35 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\MFAData
[2012/12/13 19:32:16 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\PACE Anti-Piracy
[2013/05/06 06:11:04 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Package Cache
[2011/03/28 11:20:36 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Shared Avid Projects
[2013/03/08 19:56:06 | 000,000,000 | ---D | M] -- C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Syncrosoft
[2013/07/10 13:00:30 | 000,000,392 | ---- | M] () -- C:\WINDOWS\Tasks\AmiUpdXp.job
[2013/05/01 14:59:29 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Freemium1ClickMaint.job
[2013/07/10 12:57:57 | 000,000,334 | ---- | M] () -- C:\WINDOWS\Tasks\ROC_JAN2013_TB_rmv.job
[2013/07/10 13:00:50 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\Software Updater Ui.job
[2013/07/10 13:00:40 | 000,000,588 | ---- | M] () -- C:\WINDOWS\Tasks\Software Updater.job
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 24 bytes -> C:\WINDOWS:F74775D0D27F5603
@Alternate Data Stream - 1304 bytes -> C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\hJtAnl1TXkiS:NTkuyQDSeZtc84yd1Upi
@Alternate Data Stream - 1258 bytes -> C:\Dokumente und Einstellungen\Er\Lokale Einstellungen\Anwendungsdaten\lpFNwcleN:YpHBh5PueN4ObzkR
@Alternate Data Stream - 1250 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:wlHfPV5JAOBGtgo7pM4LipR0h2
@Alternate Data Stream - 1145 bytes -> C:\Programme\Outlook Express:Nutxl4I4e6oxUmd0CaRXtRkZF
@Alternate Data Stream - 1123 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:ABeQyBTC9sGL86NqrKugw
@Alternate Data Stream - 1112 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:fVPPyFNkgHQ1seUPLaaiG3kK5kJr
@Alternate Data Stream - 1092 bytes -> C:\Programme\Outlook Express:JV2QD6i2fl7smlQ50d3JKm9qy
@Alternate Data Stream - 1084 bytes -> C:\Dokumente und Einstellungen\All Users\Anwendungsdaten\Microsoft:gLXU4ropegVcYCFF93nd3c
@Alternate Data Stream - 1067 bytes -> C:\Dokumente und Einstellungen\Er\Cookies:Mk3yw2F5o4AAwigb9985V8wl
< End of report >
|
|
10.07.2013, 20:21
| #28 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus OTL zeigt nix. Erstellen einer UBCD4Win-CD und Scan mit FRST (Windows XP) Die folgenden Schritte sind sehr komplex, daher druckst du dir die Anleitung besser aus. Außerdem brauchst du:
A) Lade dir bitte die Ultimate Boot CD für Windows
E) Lade Farbar's Recovery Scan Tool auf den sauberen Rechner und speichere es auf den USB-Stick. F) Schließe den USB-Stick an den infizierten Rechner an, lege die UBCD4Win-CD ein und starte ihn.
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
10.07.2013, 22:16
| #29 |
| | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Danke. Kleine Zwischenfrage. Meine WinXP CD hat nur SP1. Muss es meine CD sein, die ich da aufgespielt habe , oder kann ich eine x-beliebige verwenden (habe einen Freund, der hat eine mit XP2. Die Lizenzen haben wir natürlich alle beide. Eine mit SP1-SP3 habe ich leider auf die Schnelle nicht aufgetrieben. Ich habe die SPs nach der Installation des System von Microsoft runtergeladen. Oder kommt es nicht darauf an, ob auf meiner CD SP1, SP2 oder SP3 drauf ist? |
|
11.07.2013, 07:50
| #30 |
| /// the machine /// TB-Ausbilder | GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus Im Prinzip ist das schnuppe, aber nimm die mit Sp2 
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
| Themen zu GVU Trojaner Problem, kommenicht mal in den abgesicherten Modus |
| abgesicherten, ahnung, anderen, avira, biete, bildschirm, computer, erschienen, forum, gesucht, guten, gvu-virus, kaspersky, logfiles, modus, neustart, nichts, problem, start, starte, startet, trojaner, trojaner problem, versucht, windows, windows xp |
Textbox. 
Linear-Darstellung
